gatel-core 0.1.2

A high-performance, KDL-configured reverse proxy and web server
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

use std::io::Cursor;

use async_compression::tokio::bufread::{BrotliDecoder, DeflateDecoder, GzipDecoder, ZstdDecoder};
use http::header::{CONTENT_ENCODING, CONTENT_LENGTH};
use salvo::http::ReqBody;
use salvo::{Depot, FlowCtrl, Request, Response, async_trait};
use tokio::io::AsyncReadExt;
use tracing::debug;

/// Request body decompression middleware.
///
/// Inspects the `Content-Encoding` request header and decompresses the body
/// before forwarding to the next handler. Supports gzip, brotli, zstd, and
/// deflate. After decompression, the `Content-Encoding` header is removed and
/// `Content-Length` is updated.
pub struct DecompressHoop {
    /// Maximum decompressed body size to prevent decompression bombs.
    max_size: usize,
}

impl DecompressHoop {
    /// Create a new decompression middleware.
    ///
    /// `max_size` limits the decompressed output to prevent zip bombs.
    /// Default: 64 MiB.
    pub fn new(max_size: Option<usize>) -> Self {
        Self {
            max_size: max_size.unwrap_or(64 * 1024 * 1024),
        }
    }
}

#[async_trait]
impl salvo::Handler for DecompressHoop {
    async fn handle(
        &self,
        req: &mut Request,
        depot: &mut Depot,
        res: &mut Response,
        ctrl: &mut FlowCtrl,
    ) {
        let encoding = req
            .headers()
            .get(CONTENT_ENCODING)
            .and_then(|v| v.to_str().ok())
            .map(|s| s.to_ascii_lowercase());

        let encoding = match encoding {
            Some(e) if e == "gzip" || e == "br" || e == "zstd" || e == "deflate" => e,
            _ => {
                // No compression or unsupported — pass through.
                ctrl.call_next(req, depot, res).await;
                return;
            }
        };

        // Read the compressed body.
        let compressed = match req.payload().await {
            Ok(bytes) => bytes.to_vec(),
            Err(_) => {
                ctrl.call_next(req, depot, res).await;
                return;
            }
        };

        if compressed.is_empty() {
            ctrl.call_next(req, depot, res).await;
            return;
        }

        // Decompress.
        let decompressed = match decompress_bytes(&compressed, &encoding, self.max_size).await {
            Ok(d) => d,
            Err(e) => {
                debug!(error = %e, encoding = encoding.as_str(), "request decompression failed");
                res.status_code(http::StatusCode::BAD_REQUEST);
                res.body("decompression failed");
                ctrl.skip_rest();
                return;
            }
        };

        debug!(
            encoding = encoding.as_str(),
            compressed = compressed.len(),
            decompressed = decompressed.len(),
            "decompressed request body"
        );

        // Replace the body with the decompressed content.
        req.headers_mut().remove(CONTENT_ENCODING);
        req.headers_mut()
            .insert(CONTENT_LENGTH, decompressed.len().into());
        *req.body_mut() = ReqBody::Once(decompressed.into());

        ctrl.call_next(req, depot, res).await;
    }
}

async fn decompress_bytes(data: &[u8], encoding: &str, max_size: usize) -> Result<Vec<u8>, String> {
    let cursor = Cursor::new(data);
    let reader = tokio::io::BufReader::new(cursor);
    let mut output = Vec::new();

    match encoding {
        "gzip" => {
            let mut decoder = GzipDecoder::new(reader);
            read_limited(&mut decoder, &mut output, max_size).await?;
        }
        "br" => {
            let mut decoder = BrotliDecoder::new(reader);
            read_limited(&mut decoder, &mut output, max_size).await?;
        }
        "zstd" => {
            let mut decoder = ZstdDecoder::new(reader);
            read_limited(&mut decoder, &mut output, max_size).await?;
        }
        "deflate" => {
            let mut decoder = DeflateDecoder::new(reader);
            read_limited(&mut decoder, &mut output, max_size).await?;
        }
        _ => return Err(format!("unsupported encoding: {encoding}")),
    }

    Ok(output)
}

async fn read_limited<R: tokio::io::AsyncRead + Unpin>(
    reader: &mut R,
    output: &mut Vec<u8>,
    max_size: usize,
) -> Result<(), String> {
    let mut buf = [0u8; 8192];
    loop {
        let n = reader
            .read(&mut buf)
            .await
            .map_err(|e| format!("decompression error: {e}"))?;
        if n == 0 {
            break;
        }
        if output.len() + n > max_size {
            return Err(format!(
                "decompressed body exceeds limit ({max_size} bytes)"
            ));
        }
        output.extend_from_slice(&buf[..n]);
    }
    Ok(())
}