added 20kb limit for put bucket policy

Issue : CLDSRV-700

Author: SylvainSenechal

config.json

@@ -142,5 +142,9 @@
     },
     "kmip": {
         "providerName": "thales"
+    },
+    "apisLengthLimits": {
+        "multiObjectDelete": 2097152,
+        "bucketPutPolicy": 20480
     }
 }

constants.js

@@ -96,11 +96,14 @@ const constants = {
     oneMegaBytes: 1024 * 1024,
     halfMegaBytes: 512 * 1024,
 
-    // Some apis may need a custom body length limit :
-    apisLengthLimits: {
+    // Some apis may need a custom body length limit
+    defaultApisLengthLimits: {
         // Multi Objects Delete request can be large : up to 1000 keys of 1024 bytes is
         // already 1mb, with the other fields it could reach 2mb
         'multiObjectDelete': 2 * 1024 * 1024,
+        // AWS sets the maximum size for bucket policies to 20 KB
+        // https://docs.aws.amazon.com/AmazonS3/latest/userguide/add-bucket-policy.html
+        'bucketPutPolicy': 20 * 1024,
     },
 
     // hex digest of sha256 hash of empty string:
@@ -266,5 +269,4 @@ const constants = {
     onlyOwnerAllowed: ['bucketDeletePolicy', 'bucketGetPolicy', 'bucketPutPolicy'],
 };
 
-
 module.exports = constants;

lib/Config.js

@@ -1698,6 +1698,23 @@ class Config extends EventEmitter {
         }
 
         this.supportedLifecycleRules = parseSupportedLifecycleRules(config.supportedLifecycleRules);
+
+        this.apisLengthLimits = { ...constants.defaultApisLengthLimits };
+        // If a value is provided in the config, it overwrites the default constant
+        if (config.apisLengthLimits) {
+            assert(typeof config.apisLengthLimits === 'object' &&
+                config.apisLengthLimits !== null &&
+                !Array.isArray(config.apisLengthLimits),
+                'bad config: apisLengthLimits must be an object');
+
+            for (const [apiKey, limit] of Object.entries(config.apisLengthLimits)) {
+                assert(Number.isInteger(limit) && limit > 0,
+                    `bad config: apisLengthLimits for "${apiKey}" must be a positive integer`);
+                // Overwrite the default limit with the configured one.
+                this.apisLengthLimits[apiKey] = limit;
+            }
+        }
+
         return config;
     }
 

lib/api/api.js

@@ -75,6 +75,7 @@ const { tagConditionKeyAuth } = require('./apiUtils/authorization/tagConditionKe
 const { isRequesterASessionUser } = require('./apiUtils/authorization/permissionChecks');
 const checkHttpHeadersSize = require('./apiUtils/object/checkHttpHeadersSize');
 const constants = require('../../constants');
+const { config } = require('../Config.js');
 
 const monitoringMap = policies.actionMaps.actionMonitoringMapS3;
 
@@ -223,7 +224,7 @@ const api = {
 
                 const defaultMaxPostLength = request.method === 'POST' ?
                       constants.oneMegaBytes : constants.halfMegaBytes;
-                const MAX_POST_LENGTH = constants.apisLengthLimits[apiMethod] || defaultMaxPostLength;
+                const MAX_POST_LENGTH = config.apisLengthLimits[apiMethod] || defaultMaxPostLength;
                 const post = [];
                 let postLength = 0;
                 request.on('data', chunk => {