Skip to content

Commit 3281650

Browse files
michel-latermanmichel-laterman
committed
PoC: Use jsontext package to stream components from checkin requests
1 parent 4490fee commit 3281650

8 files changed

Lines changed: 578 additions & 9 deletions

File tree

NOTICE-fips.txt

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1563,6 +1563,43 @@ IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
15631563
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
15641564

15651565

1566+
--------------------------------------------------------------------------------
1567+
Dependency : github.com/go-json-experiment/json
1568+
Version: v0.0.0-20260520185125-572e7c383686
1569+
Licence type (autodetected): BSD-3-Clause
1570+
--------------------------------------------------------------------------------
1571+
1572+
Contents of probable licence file $GOMODCACHE/github.com/go-json-experiment/json@v0.0.0-20260520185125-572e7c383686/LICENSE:
1573+
1574+
Copyright (c) 2020 The Go Authors. All rights reserved.
1575+
1576+
Redistribution and use in source and binary forms, with or without
1577+
modification, are permitted provided that the following conditions are
1578+
met:
1579+
1580+
* Redistributions of source code must retain the above copyright
1581+
notice, this list of conditions and the following disclaimer.
1582+
* Redistributions in binary form must reproduce the above
1583+
copyright notice, this list of conditions and the following disclaimer
1584+
in the documentation and/or other materials provided with the
1585+
distribution.
1586+
* Neither the name of Google Inc. nor the names of its
1587+
contributors may be used to endorse or promote products derived from
1588+
this software without specific prior written permission.
1589+
1590+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1591+
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
1592+
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
1593+
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
1594+
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1595+
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
1596+
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
1597+
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
1598+
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1599+
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
1600+
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1601+
1602+
15661603
--------------------------------------------------------------------------------
15671604
Dependency : github.com/gofrs/uuid/v5
15681605
Version: v5.4.0

NOTICE.txt

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1563,6 +1563,43 @@ IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
15631563
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
15641564

15651565

1566+
--------------------------------------------------------------------------------
1567+
Dependency : github.com/go-json-experiment/json
1568+
Version: v0.0.0-20260520185125-572e7c383686
1569+
Licence type (autodetected): BSD-3-Clause
1570+
--------------------------------------------------------------------------------
1571+
1572+
Contents of probable licence file $GOMODCACHE/github.com/go-json-experiment/json@v0.0.0-20260520185125-572e7c383686/LICENSE:
1573+
1574+
Copyright (c) 2020 The Go Authors. All rights reserved.
1575+
1576+
Redistribution and use in source and binary forms, with or without
1577+
modification, are permitted provided that the following conditions are
1578+
met:
1579+
1580+
* Redistributions of source code must retain the above copyright
1581+
notice, this list of conditions and the following disclaimer.
1582+
* Redistributions in binary form must reproduce the above
1583+
copyright notice, this list of conditions and the following disclaimer
1584+
in the documentation and/or other materials provided with the
1585+
distribution.
1586+
* Neither the name of Google Inc. nor the names of its
1587+
contributors may be used to endorse or promote products derived from
1588+
this software without specific prior written permission.
1589+
1590+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1591+
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
1592+
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
1593+
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
1594+
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1595+
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
1596+
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
1597+
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
1598+
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1599+
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
1600+
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1601+
1602+
15661603
--------------------------------------------------------------------------------
15671604
Dependency : github.com/gofrs/uuid/v5
15681605
Version: v5.4.0

go.mod

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ require (
1414
github.com/elastic/go-ucfg v0.9.1
1515
github.com/fxamacker/cbor/v2 v2.9.2
1616
github.com/go-chi/chi/v5 v5.2.5
17+
github.com/go-json-experiment/json v0.0.0-20260520185125-572e7c383686
1718
github.com/gofrs/uuid/v5 v5.4.0
1819
github.com/google/go-cmp v0.7.0
1920
github.com/hashicorp/go-cleanhttp v0.5.2

go.sum

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,8 @@ github.com/fxamacker/cbor/v2 v2.9.2 h1:X4Ksno9+x3cz0TZv69ec1hxP/+tymuR8PXQJyDwfh
6161
github.com/fxamacker/cbor/v2 v2.9.2/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
6262
github.com/go-chi/chi/v5 v5.2.5 h1:Eg4myHZBjyvJmAFjFvWgrqDTXFyOzjj7YIm3L3mu6Ug=
6363
github.com/go-chi/chi/v5 v5.2.5/go.mod h1:X7Gx4mteadT3eDOMTsXzmI4/rwUpOwBHLpAfupzFJP0=
64+
github.com/go-json-experiment/json v0.0.0-20260520185125-572e7c383686 h1:NZBJxCpbHS1gzS6xAmyxbJznosZIIPk9IB42v62UvKA=
65+
github.com/go-json-experiment/json v0.0.0-20260520185125-572e7c383686/go.mod h1:tphK2c80bpPhMOI4v6bIc2xWywPfbqi1Z06+RcrMkDg=
6466
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
6567
github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
6668
github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=

internal/pkg/api/handleCheckin.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -181,12 +181,12 @@ func (ct *CheckinT) validateRequest(zlog zerolog.Logger, w http.ResponseWriter,
181181
span, ctx := apm.StartSpan(r.Context(), "validateRequest", "validate")
182182
defer span.End()
183183

184-
body := r.Body
185-
// Limit the size of the body to prevent malicious agent from exhausting RAM in server
186-
if ct.cfg.Limits.CheckinLimit.MaxBody > 0 {
187-
body = http.MaxBytesReader(w, body, ct.cfg.Limits.CheckinLimit.MaxBody)
184+
// Checkin requests that have unknown size or that are too large will use the streaming validation approach
185+
if r.ContentLength == -1 || r.ContentLength > ct.cfg.Limits.CheckinLimit.MaxBody {
186+
return ct.validateRequestStream(zlog, w, r, start, agent)
188187
}
189-
readCounter := datacounter.NewReaderCounter(body)
188+
189+
readCounter := datacounter.NewReaderCounter(r.Body)
190190

191191
// Decompress the body when the client signals Content-Encoding: gzip.
192192
var bodyReader io.Reader = readCounter

0 commit comments

Comments
 (0)