Don't crash ingesting >1M bytes payloads (#4872)

* Don't crash ingesting >1M bytes payloads * Format
2024-12-22 17:11:36 +03:00 · 2024-12-03 12:50:47 +01:00 · 2024-12-03 12:50:47 +01:00 · a47a9adfbc
commit a47a9adfbc
parent 133423f7e6
2 changed files with 31 additions and 4 deletions
--- a/lib/plausible/ingestion/request.ex
+++ b/lib/plausible/ingestion/request.ex
@ -112,10 +112,12 @@ defmodule Plausible.Ingestion.Request do
  defp parse_body(conn) do
    case conn.body_params do
      %Plug.Conn.Unfetched{} ->
-        {:ok, body, _conn} = Plug.Conn.read_body(conn)
-
-        case Jason.decode(body) do
-          {:ok, params} when is_map(params) -> {:ok, params}
+        with max_length <- conn.assigns[:read_body_limit] || 1_000_000,
+             {:ok, body, _conn} <-
+               Plug.Conn.read_body(conn, length: max_length, read_length: max_length),
+             {:ok, params} when is_map(params) <- Jason.decode(body) do
+          {:ok, params}
+        else
          _ -> {:error, :invalid_json}
        end

--- a/test/plausible/ingestion/request_test.exs
+++ b/test/plausible/ingestion/request_test.exs
@ -429,6 +429,31 @@ defmodule Plausible.Ingestion.RequestTest do
    assert changeset.errors[:request]
  end

+  test "long body length" do
+    payload = """
+    {
+      "name": "pageview", 
+      "domain": "dummy.site",
+      "url": "#{:binary.copy("a", 1_000)}"
+    }
+    """
+
+    within_read_limit =
+      :post
+      |> build_conn("/api/events", payload)
+      |> Request.build()
+
+    assert {:ok, _} = within_read_limit
+
+    exceeding_read_limit =
+      :post
+      |> build_conn("/api/events", payload)
+      |> Plug.Conn.assign(:read_body_limit, 800)
+      |> Request.build()
+
+    assert {:error, _} = exceeding_read_limit
+  end
+
  @tag :ee_only
  test "encodable" do
    params = %{