1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
use hyper::{body::HttpBody, header, http::request::Parts, Body, Response, StatusCode};
use miniz_oxide::inflate::TINFLStatus;
const MAX_ALLOWED_RESPONSE_SIZE: u64 = 1024 * 1024; // 1MB
#[derive(Debug, thiserror::Error)]
pub enum ParseBodyError {
#[error(transparent)]
Body(#[from] hyper::Error),
#[error(transparent)]
Json(#[from] serde_json::Error),
#[error("deflate decompression error")]
Deflate,
#[error("body is suspiciously big")]
SuspiciousBody,
#[error("decompression is suspiciously big")]
SuspiciousCompression,
}
/// Parse json body, perform security check and decompression
pub async fn parse_body<J: serde::de::DeserializeOwned>(
parts: &Parts,
body: Body,
) -> Result<J, ParseBodyError> {
// Check announced body size
if body.size_hint().upper().unwrap_or(u64::MAX) > MAX_ALLOWED_RESPONSE_SIZE {
return Err(ParseBodyError::SuspiciousBody);
}
// Read body
let bytes = hyper::body::to_bytes(body).await?;
// Decompress if necessary
if parts
.headers
.get(header::CONTENT_ENCODING)
.map(|it| it == "deflate")
.unwrap_or(false)
{
let decompressed = miniz_oxide::inflate::decompress_to_vec_zlib_with_limit(
&bytes,
MAX_ALLOWED_RESPONSE_SIZE as usize,
)
.map_err(|s| match s {
TINFLStatus::HasMoreOutput => ParseBodyError::SuspiciousCompression,
_ => ParseBodyError::Deflate,
})?;
// Parse json
Ok(serde_json::from_slice(&decompressed)?)
} else {
// Parse json
Ok(serde_json::from_slice(&bytes)?)
}
}
#[derive(Debug, thiserror::Error)]
pub enum EncodeBodyError {
#[error(transparent)]
Json(#[from] serde_json::Error),
}
pub async fn encode_body<J: serde::Serialize>(
parts: &Parts,
status: StatusCode,
json: &J,
) -> Result<Response<Body>, EncodeBodyError> {
let json = serde_json::to_vec(json)?;
if parts
.headers
.get(header::ACCEPT_ENCODING)
.and_then(|it| it.to_str().ok())
.map(|str| str.contains("deflate"))
.unwrap_or(false)
{
let compressed = miniz_oxide::deflate::compress_to_vec_zlib(&json, 6);
Ok(Response::builder()
.status(status)
.header(header::CONTENT_TYPE, "application/json")
.header(header::CONTENT_ENCODING, "deflate")
.body(Body::from(compressed))
.unwrap())
} else {
Ok(Response::builder()
.status(status)
.header(header::CONTENT_TYPE, "application/json")
.body(Body::from(json))
.unwrap())
}
}
|