[Task] #18, limit request size for security reasons

Type-Style · Feb 7, 2024 · ab25a75 · ab25a75
1 parent 5ddf951
commit ab25a75
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 6 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -41,7 +41,8 @@
     "express-validator": "^7.0.1",
     "helmet": "^7.1.0",
     "hpp": "^0.2.3",
-    "module-alias": "^2.2.3"
+    "module-alias": "^2.2.3",
+    "raw-body": "^2.5.2"
   },
   "_moduleAliases": {
     "@src": "dist"

diff --git a/src/app.ts b/src/app.ts
@@ -3,6 +3,7 @@ import { config } from 'dotenv';
 import express from 'express';
 import helmet from 'helmet';
 import hpp from 'hpp';
+import getRawBody from 'raw-body';
 import cache from './cache';
 import * as error from "./error";
 import writeRouter from '@src/controller/write';
@@ -27,6 +28,20 @@ app.use(
 app.use(hpp());
 app.use(cache);
 
+app.use(function (req, res, next) {
+  if (!['POST', 'PUT', 'DELETE'].includes(req.method)) {
+    return next()
+  }
+  getRawBody(req, {
+    length: req.headers['content-length'],
+    limit: '1mb',
+    encoding: true
+  }, function (err) {
+    if (err) { return next(err) }
+    next()
+  })
+})
+
 // routes
 app.get('/', (req, res) => {
   res.send('Hello World, via TypeScript and Node.js!');  
@@ -40,7 +55,7 @@ app.use('/read', readRouter);
 app.use('/', express.static(path.join(__dirname, 'httpdocs'), {
   extensions: ['html', 'txt', "pdf"],
   index: "start.html", 
-}))
+}));
 
 // error handling
 app.use(error.notFound);