Documentation
¶
Overview ¶
Package bodylimit provides request body size limiting middleware for celeris.
New returns a celeris.HandlerFunc that enforces a maximum request body size using a two-phase check: Content-Length header (fast path) then actual body bytes (catches lying or absent Content-Length). Requests exceeding the limit are rejected with 413 Request Entity Too Large.
Configure via Config: set Config.Limit to a human-readable size string (e.g. "10MB", "1.5GiB"; SI and IEC units accepted; takes precedence over Config.MaxBytes), or set Config.MaxBytes directly (default 4 MiB). Enable Config.ContentLengthRequired to reject requests that omit Content-Length with 411 Length Required. Bodyless methods (GET, HEAD, DELETE, OPTIONS, TRACE, CONNECT) are auto-skipped; use Config.Skip or Config.SkipPaths for additional exclusions. Customize error responses with Config.ErrorHandler. Sentinel errors ErrBodyTooLarge and ErrLengthRequired are usable with errors.Is.
Note: this middleware runs after the engine has buffered the body. It adds an application-level per-route cap below the server-wide engine limit (celeris.Config.MaxRequestBodySize, default 100 MiB); it is not a substitute for setting that limit.
Documentation ¶
Full guides and examples: https://goceleris.dev/docs/middleware-traffic
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ErrBodyTooLarge = celeris.NewHTTPError(413, "Request Entity Too Large")
ErrBodyTooLarge is returned when the request body exceeds the configured limit.
var ErrLengthRequired = celeris.NewHTTPError(411, "Length Required")
ErrLengthRequired is returned when ContentLengthRequired is enabled and the request omits a Content-Length header.
Functions ¶
func New ¶
func New(config ...Config) celeris.HandlerFunc
New creates a body limit middleware with the given config.
Architectural note: celeris buffers the full request body before middleware executes, so this middleware cannot prevent oversized payloads from entering memory when Content-Length is absent or dishonest. The framework's own maxRequestBodySize (100 MB) provides the hard ceiling. This middleware adds an application-level limit that rejects already-buffered bodies that exceed the configured threshold.
For strict enforcement against clients that omit Content-Length, enable Config.ContentLengthRequired to reject such requests with 411 Length Required before the body check runs.
Example ¶
package main
import (
"github.com/goceleris/celeris/middleware/bodylimit"
)
func main() {
// Zero-config: 4 MB limit.
_ = bodylimit.New()
}
Output:
Example (HumanReadable) ¶
package main
import (
"github.com/goceleris/celeris/middleware/bodylimit"
)
func main() {
// Human-readable size limit.
_ = bodylimit.New(bodylimit.Config{
Limit: "10MB",
})
}
Output:
Types ¶
type Config ¶
type Config struct {
// Skip defines a function to skip this middleware for certain requests.
Skip func(c *celeris.Context) bool
// Limit is a human-readable size string (e.g., "10MB", "1.5GB").
// Takes precedence over MaxBytes when set.
Limit string
// MaxBytes is the maximum allowed request body size in bytes.
// Default: 4 MB (4 * 1024 * 1024).
MaxBytes int64
// SkipPaths lists paths to skip (exact match).
SkipPaths []string
// ErrorHandler handles body-too-large errors. When non-nil, it is
// called instead of returning ErrBodyTooLarge directly.
ErrorHandler func(c *celeris.Context, err error) error
// ContentLengthRequired rejects requests that lack a Content-Length
// header with 411 Length Required. Enable this to force clients to
// declare body size up front, preventing memory exhaustion from
// unbounded streaming when the framework buffers the full body
// before middleware runs.
ContentLengthRequired bool
}
Config defines the body limit middleware configuration.