| 330 | } |
| 331 | |
| 332 | static inline |
| 333 | bool EnsureValidBody( |
| 334 | boost::beast::flat_buffer& buf, |
| 335 | HttpApiRequest& request, |
| 336 | HttpApiResponse& response, |
| 337 | bool& shuttingDown, |
| 338 | boost::asio::yield_context& yc |
| 339 | ) |
| 340 | { |
| 341 | namespace http = boost::beast::http; |
| 342 | |
| 343 | { |
| 344 | size_t maxSize = 1024 * 1024; |
| 345 | Array::Ptr permissions = request.User()->GetPermissions(); |
| 346 | |
| 347 | if (permissions) { |
| 348 | ObjectLock olock(permissions); |
| 349 | |
| 350 | for (const Value& permissionInfo : permissions) { |
| 351 | String permission; |
| 352 | |
| 353 | if (permissionInfo.IsObjectType<Dictionary>()) { |
| 354 | permission = static_cast<Dictionary::Ptr>(permissionInfo)->Get("permission"); |
| 355 | } else { |
| 356 | permission = permissionInfo; |
| 357 | } |
| 358 | |
| 359 | static std::vector<std::pair<String, size_t>> specialContentLengthLimits { |
| 360 | { "config/modify", 512 * 1024 * 1024 } |
| 361 | }; |
| 362 | |
| 363 | for (const auto& limitInfo : specialContentLengthLimits) { |
| 364 | if (limitInfo.second <= maxSize) { |
| 365 | continue; |
| 366 | } |
| 367 | |
| 368 | if (Utility::Match(permission, limitInfo.first)) { |
| 369 | maxSize = limitInfo.second; |
| 370 | } |
| 371 | } |
| 372 | } |
| 373 | } |
| 374 | |
| 375 | request.Parser().body_limit(maxSize); |
| 376 | } |
| 377 | |
| 378 | if (shuttingDown) |
| 379 | return false; |
| 380 | |
| 381 | boost::system::error_code ec; |
| 382 | |
| 383 | request.ParseBody(buf, yc[ec]); |
| 384 | |
| 385 | if (ec) { |
| 386 | if (ec == boost::asio::error::operation_aborted) |
| 387 | return false; |
| 388 | |
| 389 | /** |
no test coverage detected