wai-extra-3.1.17: Provides some basic WAI handlers and middleware.
Safe HaskellSafe-Inferred
LanguageHaskell2010

Network.Wai.Middleware.RequestSizeLimit

Description

The functions in this module allow you to limit the total size of incoming request bodies.

Limiting incoming request body size helps protect your server against denial-of-service (DOS) attacks, in which an attacker sends huge bodies to your server.

Synopsis

Middleware

requestSizeLimitMiddleware :: RequestSizeLimitSettings -> Middleware Source #

Middleware to limit request bodies to a certain size.

This uses requestSizeCheck under the hood; see that function for details.

Since: 3.1.1

Constructing RequestSizeLimitSettings

defaultRequestSizeLimitSettings :: RequestSizeLimitSettings Source #

Create a RequestSizeLimitSettings with these settings:

  • 2MB size limit for all requests
  • When the limit is exceeded, return a plain text response describing the error, with a 413 status code.

Since: 3.1.1

RequestSizeLimitSettings and accessors

data RequestSizeLimitSettings Source #

Settings to configure requestSizeLimitMiddleware.

This type (but not the constructor, or record fields) is exported from Network.Wai.Middleware.RequestSizeLimit. Since the constructor isn't exported, create a default value with defaultRequestSizeLimitSettings first, then set the values using setMaxLengthForRequest and setOnLengthExceeded (See the examples below).

If you need to access the constructor directly, it's exported from Network.Wai.Middleware.RequestSizeLimit.Internal.

Examples

Expand
Conditionally setting the limit based on the request
{-# LANGUAGE OverloadedStrings #-}
import Network.Wai
import Network.Wai.Middleware.RequestSizeLimit

let megabyte = 1024 * 1024
let sizeForReq req = if pathInfo req == ["upload", "image"] then pure $ Just $ megabyte * 20 else pure $ Just $ megabyte * 2
let finalSettings = setMaxLengthForRequest sizeForReq defaultRequestSizeLimitSettings
JSON response
{-# LANGUAGE OverloadedStrings #-}
import Network.Wai
import Network.Wai.Middleware.RequestSizeLimit
import Network.HTTP.Types.Status (requestEntityTooLarge413)
import Data.Aeson
import Data.Text (Text)

let jsonResponse = \_maxLen _app _req sendResponse -> sendResponse $ responseLBS requestEntityTooLarge413 [("Content-Type", "application/json")] (encode $ object ["error" .= ("request size too large" :: Text)])
let finalSettings = setOnLengthExceeded jsonResponse defaultRequestSizeLimitSettings

Since: 3.1.1

setMaxLengthForRequest :: (Request -> IO (Maybe Word64)) -> RequestSizeLimitSettings -> RequestSizeLimitSettings Source #

Function to determine the maximum request size in bytes for the request. Return Nothing for no limit.

Since: 3.1.1

setOnLengthExceeded :: (Word64 -> Middleware) -> RequestSizeLimitSettings -> RequestSizeLimitSettings Source #

Callback function when maximum length is exceeded. The Word64 argument is the limit computed by setMaxLengthForRequest.

Since: 3.1.1