bodylimit

package

v0.30.0 Latest Latest Go to latest Published: Jun 16, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/stacklok/toolhive

Links

Documentation ¶

Overview ¶

Package bodylimit provides HTTP middleware that caps the size of request bodies, rejecting oversized requests with 413 Request Entity Too Large.

It is used both directly as a net/http middleware (the management API and the vMCP server) and via the runner middleware registry (the MCP proxies), so every inbound listener can bound the memory a single request may consume before it is buffered by handlers that call io.ReadAll.

Index ¶

Constants
func CreateMiddleware(config *types.MiddlewareConfig, runner types.MiddlewareRunner) error
func IsRequestTooLarge(err error) bool
func Middleware(maxBytes int64) func(http.Handler) http.Handler
type MiddlewareParams

Constants ¶

View Source

const (
	// MiddlewareType is the type constant for the body limit middleware in the
	// runner middleware registry.
	MiddlewareType = "bodylimit"

	// DefaultMaxRequestBodySize is the fail-safe cap applied to inbound request
	// bodies when no limit is configured. It is sized to accommodate legitimate
	// MCP tools/call payloads with large inline content (e.g. base64 images or
	// documents) while still bounding per-request memory; operators can override
	// it. Note this caps requests only — server-produced response content is not
	// limited. Zero must never mean "unlimited" (see go-style rules), so callers
	// passing a non-positive limit fall back to this value.
	DefaultMaxRequestBodySize int64 = 8 << 20 // 8 MB
)

Variables ¶

This section is empty.

Functions ¶

func CreateMiddleware ¶

func CreateMiddleware(config *types.MiddlewareConfig, runner types.MiddlewareRunner) error

CreateMiddleware is the types.MiddlewareFactory registered in the runner's GetSupportedMiddlewareFactories. It unmarshals MiddlewareParams, builds the handler via Middleware, and registers it with the runner.

func IsRequestTooLarge ¶

func IsRequestTooLarge(err error) bool

IsRequestTooLarge reports whether err is the *http.MaxBytesError that http.MaxBytesReader returns when a request body exceeds the configured limit. Handlers that read the body directly use this to translate the read error into a 413 instead of a generic 500.

func Middleware ¶

func Middleware(maxBytes int64) func(http.Handler) http.Handler

Middleware returns a net/http middleware that rejects requests whose body exceeds maxBytes with 413 Request Entity Too Large. It rejects early based on the Content-Length header, and wraps the body in http.MaxBytesReader as a safety net for requests that omit (or understate) Content-Length. A non-positive maxBytes falls back to DefaultMaxRequestBodySize.

Types ¶

type MiddlewareParams ¶

type MiddlewareParams struct {
	// MaxBytes is the maximum request body size in bytes. Values <= 0 are
	// treated as DefaultMaxRequestBodySize (zero never means "unlimited").
	MaxBytes int64 `json:"max_bytes"`
}

MiddlewareParams holds the parameters for the body limit middleware factory.

Source Files ¶

View all Source files

middleware.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL