NOJIRA fix body consumption in http4s #160
Conversation
* request body is now consumed in one go and stored in memory * prevent occurrences of BodyAlreadyConsumedError
fserra-mdsol
force-pushed
the
NOJIRA-fix_body_consumption_in_http4s
branch
from
e8c2b22 to
bf42749
Compare
|
|
||
| authenticator.authenticate(req)(requestValidationTimeout).map(res => (res, authCtx)) | ||
| fk(for { | ||
| strictBody <- request.toStrict(none) |
There was a problem hiding this comment.
Actually, toStrict enforces a request size limit doesn't it? Could pass that in as an option (potentially with a default to keep it backwards compatible?)
There was a problem hiding this comment.
Nope, it doesn't enforce any limit - it would be recommended to enforce one, because toStrict only consumes the whole EntityBody and replaces any multipart header with a content-length (as a testament to its function), but there is no fixed size limit. In practice, this means that your application might blow up if the request is too large to be held in memory while it gets deserialised. I decided to not put any 'feature flag' on this, because I gauged that for our use cases there is no such risk - but if you know that it's not the case otherwise, I can add it.
As reported on this http4s issue, in some conditions, if the request's EntityBody is consumed more than once by the caller, a
BodyAlreadyConsumedErroris raised. In our MAuthMiddleware, this can happen when performing the mAuth authentication on large or slow requests, whereby the request's Stream might be chunked, requiring multiple consumptions and causing intermittent failures.This PR aims at solving this bug