Merge branch 'CATLFISH-98'

2 files changed, 12 insertions, 2 deletions

diff --git a/NEWS.md b/NEWS.md
index 52d2017..a330628 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -7,7 +7,10 @@
   order for signing nodes to generate an SCT for it. This prevents a
   rouge frontend node from sending out an SCT for an entry that will
   never be merged. An effect of this is that the SCT cache is now
-  mandatory and can not be disabled.
+  mandatory and can not be disabled (closes CATLFISH-28).
+
+- Allow HTTP POST body sizes up to 10MB, when sent in chunks up to 1MB
+  in size (closes CATLFISH-98).
 
 ## Bug fixes
 
diff --git a/src/catlfish_web.erl b/src/catlfish_web.erl
index 2ddd7ed..8cf3092 100644
--- a/src/catlfish_web.erl
+++ b/src/catlfish_web.erl
@@ -4,6 +4,9 @@
 -module(catlfish_web).
 -export([start/3, loop/2]).
 
+%% Max size of POST body, in octets.
+-define(MAX_RECV_BODY, 10*1024*1024).           % 10MB.
+
 start(Options, Module, Name) ->
     lager:debug("Starting catlfish web server: ~p", [Module]),
     Loop = fun (Req) ->
@@ -62,7 +65,7 @@ loop(Req, Module) ->
                         Req:respond(Result)
                 end;
             'POST' ->
-                Body = Req:recv_body(),
+                Body = Req:recv_body(?MAX_RECV_BODY),
                 Result = case http_auth:verify_auth(AuthHeader, "POST",
                                                     Path, Body) of
                              failure ->
@@ -91,6 +94,10 @@ loop(Req, Module) ->
                 Req:respond({501, [], []})
         end
     catch
+        exit:{body_too_large, What} ->
+            lager:info("HTTP POST body too large: ~p", [What]),
+            Req:respond({413, [{"Content-Type", "text/plain"}],
+                         "Request Entity Too Large\n"});
         Type:What ->
             [CrashFunction | Stack] = erlang:get_stacktrace(),
             lager:error("Crash in ~p for path ~p: ~p ~p~n~p~n~p~n",