rune_axum_size/

layer.rs

use http::{
    header::CONTENT_LENGTH,
    Request, Response, StatusCode,
};
use std::future::Future;
use std::pin::Pin;
use std::task::{Context, Poll};
use tower::{Layer, Service};

/// Configuration for the request body size limit middleware.
///
/// Build with [`BodyLimit::new()`] and chain methods to set the byte limit or
/// error status code, then pass to [`BodyLimitLayer::new()`].
///
/// # Examples
///
/// ```rust
/// use http::StatusCode;
/// use rune_axum_size::BodyLimit;
///
/// let config = BodyLimit::new()
///     .limit(10 * 1024 * 1024) // 10 MiB
///     .status(StatusCode::PAYLOAD_TOO_LARGE);
/// ```
#[derive(Clone, Debug)]
pub struct BodyLimit {
    limit_bytes: u64,
    status: StatusCode,
}

impl Default for BodyLimit {
    fn default() -> Self {
        Self {
            limit_bytes: 1_048_576,
            status: StatusCode::PAYLOAD_TOO_LARGE,
        }
    }
}

impl BodyLimit {
    /// Creates a `BodyLimit` with defaults: 1 MiB limit, `413 Payload Too Large`.
    pub fn new() -> Self {
        Self::default()
    }

    /// Sets the maximum allowed body size in bytes.
    ///
    /// Defaults to 1 MiB (1,048,576 bytes).
    pub fn limit(mut self, bytes: u64) -> Self {
        self.limit_bytes = bytes;
        self
    }

    /// Sets the HTTP status code returned when the limit is exceeded.
    ///
    /// Defaults to `413 Payload Too Large`.
    pub fn status(mut self, status: StatusCode) -> Self {
        self.status = status;
        self
    }

    fn exceeds_limit<B>(&self, req: &Request<B>) -> bool {
        req.headers()
            .get(CONTENT_LENGTH)
            .and_then(|v| v.to_str().ok())
            .and_then(|s| s.parse::<u64>().ok())
            .is_some_and(|len| len > self.limit_bytes)
    }
}

/// Tower [`Layer`] that rejects requests whose `Content-Length` exceeds the configured limit.
///
/// Apply with Axum's `.layer()` call. Use [`BodyLimitLayer::default()`] for a 1 MiB limit
/// with a `413` response, or [`BodyLimitLayer::new()`] to supply a custom [`BodyLimit`].
///
/// > [!NOTE]
/// > Only the `Content-Length` header is inspected. Requests that omit this header
/// > pass through regardless of their actual body size.
///
/// # Examples
///
/// ```rust,no_run
/// use axum::{routing::post, Router};
/// use rune_axum_size::BodyLimitLayer;
///
/// let app: Router = Router::new()
///     .route("/upload", post(|| async { "ok" }))
///     .layer(BodyLimitLayer::default());
/// ```
#[derive(Clone, Debug, Default)]
pub struct BodyLimitLayer {
    config: BodyLimit,
}

impl BodyLimitLayer {
    /// Creates a `BodyLimitLayer` from a custom [`BodyLimit`] configuration.
    pub fn new(config: BodyLimit) -> Self {
        Self { config }
    }
}

impl<S> Layer<S> for BodyLimitLayer {
    type Service = BodyLimitService<S>;

    fn layer(&self, inner: S) -> Self::Service {
        BodyLimitService {
            inner,
            config: self.config.clone(),
        }
    }
}

/// Tower [`Service`] produced by [`BodyLimitLayer`].
#[derive(Clone, Debug)]
pub struct BodyLimitService<S> {
    inner: S,
    config: BodyLimit,
}

impl<S, ReqBody, ResBody> Service<Request<ReqBody>> for BodyLimitService<S>
where
    S: Service<Request<ReqBody>, Response = Response<ResBody>>,
    S::Future: Send + 'static,
    S::Error: Send + 'static,
    ResBody: Default + Send + 'static,
{
    type Response = Response<ResBody>;
    type Error = S::Error;
    type Future = Pin<Box<dyn Future<Output = Result<Self::Response, Self::Error>> + Send>>;

    fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
        self.inner.poll_ready(cx)
    }

    fn call(&mut self, req: Request<ReqBody>) -> Self::Future {
        if self.config.exceeds_limit(&req) {
            let status = self.config.status;
            return Box::pin(async move {
                Ok(Response::builder()
                    .status(status)
                    .body(ResBody::default())
                    .expect("error response is valid"))
            });
        }
        Box::pin(self.inner.call(req))
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use axum::{body::Body, routing::post, Router};
    use http::StatusCode;
    use tower::ServiceExt;

    fn build_app(config: BodyLimit) -> Router {
        Router::new()
            .route("/upload", post(|| async { "ok" }))
            .layer(BodyLimitLayer::new(config))
    }

    async fn send(app: Router, req: http::Request<Body>) -> http::Response<Body> {
        app.oneshot(req).await.unwrap()
    }

    fn post_with_length(content_length: u64) -> http::Request<Body> {
        http::Request::builder()
            .method("POST")
            .uri("/upload")
            .header(CONTENT_LENGTH, content_length)
            .body(Body::empty())
            .unwrap()
    }

    fn post_without_length() -> http::Request<Body> {
        http::Request::builder()
            .method("POST")
            .uri("/upload")
            .body(Body::empty())
            .unwrap()
    }

    #[tokio::test]
    async fn rejects_when_content_length_exceeds_limit() {
        let response = send(
            build_app(BodyLimit::new().limit(1024)),
            post_with_length(2048),
        )
        .await;
        assert_eq!(response.status(), StatusCode::PAYLOAD_TOO_LARGE);
    }

    #[tokio::test]
    async fn passes_when_content_length_within_limit() {
        let response = send(
            build_app(BodyLimit::new().limit(1024)),
            post_with_length(512),
        )
        .await;
        assert_eq!(response.status(), StatusCode::OK);
    }

    #[tokio::test]
    async fn passes_at_exact_limit() {
        let response = send(
            build_app(BodyLimit::new().limit(1024)),
            post_with_length(1024),
        )
        .await;
        assert_eq!(response.status(), StatusCode::OK);
    }

    #[tokio::test]
    async fn rejects_one_byte_over_limit() {
        let response = send(
            build_app(BodyLimit::new().limit(1024)),
            post_with_length(1025),
        )
        .await;
        assert_eq!(response.status(), StatusCode::PAYLOAD_TOO_LARGE);
    }

    #[tokio::test]
    async fn passes_when_no_content_length_header() {
        let response = send(build_app(BodyLimit::new().limit(1024)), post_without_length()).await;
        assert_eq!(response.status(), StatusCode::OK);
    }

    #[tokio::test]
    async fn custom_status_code() {
        let config = BodyLimit::new()
            .limit(512)
            .status(StatusCode::UNPROCESSABLE_ENTITY);
        let response = send(build_app(config), post_with_length(1024)).await;
        assert_eq!(response.status(), StatusCode::UNPROCESSABLE_ENTITY);
    }

    #[tokio::test]
    async fn default_layer_uses_413_and_one_mib_limit() {
        let app = Router::new()
            .route("/upload", post(|| async { "ok" }))
            .layer(BodyLimitLayer::default());

        let within = send(
            app.clone(),
            post_with_length(1_048_576),
        )
        .await;
        assert_eq!(within.status(), StatusCode::OK);

        let over = send(app, post_with_length(1_048_577)).await;
        assert_eq!(over.status(), StatusCode::PAYLOAD_TOO_LARGE);
    }

    #[tokio::test]
    async fn zero_limit_rejects_any_body() {
        let response = send(
            build_app(BodyLimit::new().limit(0)),
            post_with_length(1),
        )
        .await;
        assert_eq!(response.status(), StatusCode::PAYLOAD_TOO_LARGE);
    }
}