server: Allow to configure max_form_parameters across servers

- fix  #3783

Author: jknack

jooby/src/main/java/io/jooby/Route.java

@@ -20,11 +20,7 @@
 import edu.umd.cs.findbugs.annotations.NonNull;
 import edu.umd.cs.findbugs.annotations.Nullable;
 import io.jooby.annotation.Transactional;
-import io.jooby.exception.MethodNotAllowedException;
-import io.jooby.exception.NotAcceptableException;
-import io.jooby.exception.NotFoundException;
-import io.jooby.exception.StatusCodeException;
-import io.jooby.exception.UnsupportedMediaType;
+import io.jooby.exception.*;
 import io.jooby.internal.RouterImpl;
 
 /**
@@ -358,6 +354,19 @@ public record Location(String filename, int line) {}
         }
       };
 
+  /** Handler for body error decoder responses. */
+  public static final Handler FORM_DECODER_HANDLER =
+      ctx -> {
+        var tooManyFields = (Throwable) ctx.getAttributes().remove("__too_many_fields");
+        BadRequestException cause;
+        if (tooManyFields != null) {
+          cause = new BadRequestException("Too many form fields", tooManyFields);
+        } else {
+          cause = new BadRequestException("Failed to decode HTTP body");
+        }
+        return ctx.sendError(cause);
+      };
+
   /** Handler for {@link StatusCode#REQUEST_ENTITY_TOO_LARGE} responses. */
   public static final Handler REQUEST_ENTITY_TOO_LARGE =
       ctx ->

jooby/src/main/java/io/jooby/ServerOptions.java

@@ -118,6 +118,9 @@ public class ServerOptions {
    */
   private int maxRequestSize = _10MB;
 
+  /** Max number of form fields. Default: <code>1000</code>. */
+  private int maxFormFields = 1000;
+
   /** The maximum size in bytes of a http request header. Default is <code>8kb</code> */
   private int maxHeaderSize = _8KB;
 
@@ -177,6 +180,9 @@ public static Optional<ServerOptions> from(@NonNull Config conf) {
       if (conf.hasPath("server.maxRequestSize")) {
         options.setMaxRequestSize((int) conf.getMemorySize("server.maxRequestSize").toBytes());
       }
+      if (conf.hasPath("server.maxFormFields")) {
+        options.setMaxFormFields(conf.getInt("server.maxFormFields"));
+      }
       if (conf.hasPath("server.workerThreads")) {
         options.setWorkerThreads(conf.getInt("server.workerThreads"));
       }
@@ -423,11 +429,31 @@ public int getMaxRequestSize() {
    * @param maxRequestSize Max request size in bytes.
    * @return This options.
    */
-  public @NonNull ServerOptions setMaxRequestSize(int maxRequestSize) {
+  public ServerOptions setMaxRequestSize(int maxRequestSize) {
     this.maxRequestSize = maxRequestSize;
     return this;
   }
 
+  /**
+   * Max number of form fields. Default: <code>1000</code>.
+   *
+   * @return Max number of form fields. Default: <code>1000</code>.
+   */
+  public int getMaxFormFields() {
+    return maxFormFields;
+  }
+
+  /**
+   * Set max number of form fields. Default: <code>1000</code>.
+   *
+   * @param maxFormFields Max number of form fields.
+   * @return Max number of form fields. Default: <code>1000</code>.
+   */
+  public ServerOptions setMaxFormFields(int maxFormFields) {
+    this.maxFormFields = maxFormFields;
+    return this;
+  }
+
   /**
    * The maximum size in bytes of an http request header. Exceeding the size generates a different
    * response across server implementations.

jooby/src/main/java/io/jooby/internal/RouterMatch.java

@@ -109,7 +109,6 @@ public RouterMatch missing(String method, String path, MessageEncoder encoder) {
     }
     this.route = new Route(method, path, h);
     this.route.setEncoder(encoder);
-    //    this.route.setReturnType(Context.class);
     return this;
   }
 }

modules/jooby-jetty/src/main/java/io/jooby/internal/jetty/JettyContext.java

@@ -729,7 +729,7 @@ private void register(DeleteFileTask deleteFileTask) {
     files.add(deleteFileTask);
   }
 
-  private static void formParam(Request request, Formdata form) {
+  private void formParam(Request request, Formdata form) {
     try {
       var params = Request.getParameters(request);
       for (Fields.Field param : params) {
@@ -742,7 +742,19 @@ private static void formParam(Request request, Formdata form) {
         }
       }
     } catch (Exception ex) {
-      throw SneakyThrows.propagate(ex);
+      if (ex instanceof IllegalStateException
+          && ex.getMessage() != null
+          && ex.getMessage().startsWith("form with too many")) {
+        this.setAttribute("__too_many_fields", ex);
+        try {
+          Route.FORM_DECODER_HANDLER.apply(this);
+        } catch (Exception cause) {
+          throw SneakyThrows.propagate(cause);
+        }
+        throw new JettyStopPipeline();
+      } else {
+        throw SneakyThrows.propagate(ex);
+      }
     }
   }
 }

modules/jooby-jetty/src/main/java/io/jooby/internal/jetty/JettyHandler.java

@@ -39,10 +39,14 @@ public boolean handle(Request request, Response response, Callback callback) {
     if (defaultHeaders) {
       responseHeaders.put(JettyHeaders.SERVER);
     }
-    var context =
-        new JettyContext(
-            getInvocationType(), request, response, callback, router, bufferSize, maxRequestSize);
-    router.match(context).execute(context);
+    try {
+      var context =
+          new JettyContext(
+              getInvocationType(), request, response, callback, router, bufferSize, maxRequestSize);
+      router.match(context).execute(context);
+    } catch (JettyStopPipeline ignored) {
+      // handled already,
+    }
     return true;
   }
 }

modules/jooby-jetty/src/main/java/io/jooby/internal/jetty/JettyStopPipeline.java

@@ -0,0 +1,8 @@
+/*
+ * Jooby https://jooby.io
+ * Apache License Version 2.0 https://jooby.io/LICENSE.txt
+ * Copyright 2014 Edgar Espina
+ */
+package io.jooby.internal.jetty;
+
+public class JettyStopPipeline extends RuntimeException {}

modules/jooby-jetty/src/main/java/io/jooby/jetty/JettyServer.java

@@ -110,10 +110,6 @@ public io.jooby.Server start(@NonNull Jooby... application) {
     var portInUse = options.getPort();
     try {
       this.applications = List.of(application);
-      /* Set max request size attribute: */
-      System.setProperty(
-          "org.eclipse.jetty.server.Request.maxFormContentSize",
-          Long.toString(options.getMaxRequestSize()));
 
       addShutdownHook();
 
@@ -126,7 +122,7 @@ public io.jooby.Server start(@NonNull Jooby... application) {
 
       var acceptors = 1;
       var selectors = options.getIoThreads();
-      this.server = new Server(threadPool);
+      server = new Server(threadPool);
       server.setStopAtShutdown(false);
 
       JettyHttp2Configurer http2 =
@@ -212,7 +208,8 @@ public io.jooby.Server start(@NonNull Jooby... application) {
       }
 
       var context = new ContextHandler();
-
+      context.setAttribute(FormFields.MAX_FIELDS_ATTRIBUTE, options.getMaxFormFields());
+      context.setAttribute(FormFields.MAX_LENGTH_ATTRIBUTE, options.getMaxRequestSize());
       boolean webSockets =
           application[0].getRoutes().stream().anyMatch(it -> it.getMethod().equals(Router.WS));
 

modules/jooby-netty/src/main/java/io/jooby/internal/netty/NettyHandler.java

@@ -30,6 +30,7 @@ public class NettyHandler extends ChannelInboundHandlerAdapter {
   private final int bufferSize;
   private final boolean defaultHeaders;
   private final long maxRequestSize;
+  private final int maxFormFields;
   private long contentLength;
   private long chunkSize;
   private final boolean http2;
@@ -42,12 +43,14 @@ public NettyHandler(
       NettyDateService serverDate,
       Context.Selector contextSelector,
       long maxRequestSize,
+      int maxFormFields,
       int bufferSize,
       boolean defaultHeaders,
       boolean http2) {
     this.serverDate = serverDate;
     this.contextSelector = contextSelector;
     this.maxRequestSize = maxRequestSize;
+    this.maxFormFields = maxFormFields;
     this.bufferSize = bufferSize;
     this.defaultHeaders = defaultHeaders;
     this.http2 = http2;
@@ -84,7 +87,7 @@ public void channelRead(ChannelHandlerContext ctx, Object msg) {
         if (contentLength > 0 || isTransferEncodingChunked(req)) {
           context.httpDataFactory = new DefaultHttpDataFactory(bufferSize);
           context.httpDataFactory.setBaseDir(app.getTmpdir().toString());
-          context.setDecoder(newDecoder(req, context.httpDataFactory));
+          context.setDecoder(newDecoder(req, context.httpDataFactory, maxFormFields));
         } else {
           // no body, move on
           router.match(context).execute(context);
@@ -95,10 +98,11 @@ public void channelRead(ChannelHandlerContext ctx, Object msg) {
       try {
         // when decoder == null, chunk is always a LastHttpContent.EMPTY, ignore it
         if (context.decoder != null) {
-          offer(context, chunk);
-          Router.Match route = router.match(context);
-          resetDecoderState(context, !route.matches());
-          route.execute(context);
+          if (offer(context, chunk)) {
+            Router.Match route = router.match(context);
+            resetDecoderState(context, !route.matches());
+            route.execute(context);
+          }
         }
       } finally {
         release(chunk);
@@ -232,14 +236,16 @@ public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
     }
   }
 
-  private void offer(NettyContext context, HttpContent chunk) {
+  private boolean offer(NettyContext context, HttpContent chunk) {
     try {
       context.decoder.offer(chunk);
-    } catch (HttpPostRequestDecoder.ErrorDataDecoderException
-        | HttpPostRequestDecoder.TooLongFormFieldException
-        | HttpPostRequestDecoder.TooManyFormFieldsException x) {
-      resetDecoderState(context, true);
-      context.sendError(x, StatusCode.BAD_REQUEST);
+      return true;
+    } catch (Exception x) {
+      if (x instanceof HttpPostRequestDecoder.TooManyFormFieldsException) {
+        context.setAttribute("__too_many_fields", x);
+      }
+      router.match(context).execute(context, Route.FORM_DECODER_HANDLER);
+      return false;
     }
   }
 
@@ -257,14 +263,16 @@ private void resetDecoderState(NettyContext context, boolean destroy) {
   }
 
   private static InterfaceHttpPostRequestDecoder newDecoder(
-      HttpRequest request, HttpDataFactory factory) {
+      HttpRequest request, HttpDataFactory factory, int maxFormFields) {
     String contentType = request.headers().get(HttpHeaderNames.CONTENT_TYPE);
     if (contentType != null) {
       String lowerContentType = contentType.toLowerCase();
       if (lowerContentType.startsWith(MediaType.MULTIPART_FORMDATA)) {
-        return new HttpPostMultipartRequestDecoder(factory, request, StandardCharsets.UTF_8);
+        return new HttpPostMultipartRequestDecoder(
+            factory, request, StandardCharsets.UTF_8, maxFormFields, -1);
       } else if (lowerContentType.startsWith(MediaType.FORM_URLENCODED)) {
-        return new HttpPostStandardRequestDecoder(factory, request, StandardCharsets.UTF_8);
+        return new HttpPostStandardRequestDecoder(
+            factory, request, StandardCharsets.UTF_8, maxFormFields, -1);
       }
     }
     return new HttpRawPostRequestDecoder(factory, request);

modules/jooby-netty/src/main/java/io/jooby/internal/netty/NettyPipeline.java

@@ -23,6 +23,7 @@ public class NettyPipeline extends ChannelInitializer<SocketChannel> {
   private final HttpDecoderConfig decoderConfig;
   private final Context.Selector contextSelector;
   private final long maxRequestSize;
+  private final int maxFormFields;
   private final int bufferSize;
   private final boolean defaultHeaders;
   private final boolean http2;
@@ -34,6 +35,7 @@ public NettyPipeline(
       HttpDecoderConfig decoderConfig,
       Context.Selector contextSelector,
       long maxRequestSize,
+      int maxFormFields,
       int bufferSize,
       boolean defaultHeaders,
       boolean http2,
@@ -43,6 +45,7 @@ public NettyPipeline(
     this.decoderConfig = decoderConfig;
     this.contextSelector = contextSelector;
     this.maxRequestSize = maxRequestSize;
+    this.maxFormFields = maxFormFields;
     this.bufferSize = bufferSize;
     this.defaultHeaders = defaultHeaders;
     this.http2 = http2;
@@ -55,6 +58,7 @@ private NettyHandler createHandler(ScheduledExecutorService executor) {
         new NettyDateService(executor),
         contextSelector,
         maxRequestSize,
+        maxFormFields,
         bufferSize,
         defaultHeaders,
         http2);

modules/jooby-netty/src/main/java/io/jooby/netty/NettyServer.java

@@ -223,6 +223,7 @@ private NettyPipeline newPipeline(ServerOptions options, SslContext sslContext,
         decoderConfig,
         Context.Selector.create(applications),
         options.getMaxRequestSize(),
+        options.getMaxFormFields(),
         options.getOutput().getSize(),
         options.getDefaultHeaders(),
         http2,