/// <summary>
/// Limits the length of the query string.
/// </summary>
/// <param name="builder">The OWIN builder instance.</param>
/// <param name="options">The max querystring length options.</param>
/// <returns>The OWIN builder instance.</returns>
/// <exception cref="System.ArgumentNullException">builder</exception>
/// <exception cref="System.ArgumentNullException">options</exception>
public static BuildFunc MaxQueryStringLength(this BuildFunc builder, MaxQueryStringLengthOptions options)
{
builder.MustNotNull("builder");
options.MustNotNull("options");
builder(_ => MaxQueryStringLength(options));
return builder;
}
/// <summary>
/// Limits the length of the query string.
/// </summary>
/// <param name="builder">The IAppBuilder instance.</param>
/// <param name="options">The max querystring length options.</param>
/// <returns>The IAppBuilder instance.</returns>
/// <exception cref="System.ArgumentNullException">builder</exception>
public static IAppBuilder MaxQueryStringLength(this IAppBuilder builder, MaxQueryStringLengthOptions options)
{
builder.MustNotNull("builder");
options.MustNotNull("options");
builder
.UseOwin()
.MaxQueryStringLength(options);
return builder;
}
/// <summary>
/// Limits the number of concurrent requests that can be handled used by the subsequent stages in the owin pipeline.
/// </summary>
/// <param name="options">The max concurrent request options.</param>
/// <returns>An OWIN middleware delegate.</returns>
/// <exception cref="System.ArgumentNullException">options</exception>
public static MidFunc MaxQueryStringLength(MaxQueryStringLengthOptions options)
{
options.MustNotNull("options");
return
next =>
async env =>
{
var context = new OwinContext(env);
QueryString queryString = context.Request.QueryString;
if (queryString.HasValue)
{
int maxQueryStringLength = options.MaxQueryStringLength;
string unescapedQueryString = Uri.UnescapeDataString(queryString.Value);
options.Tracer.AsVerbose("Querystring of request with an unescaped length of {0}", unescapedQueryString.Length);
if (unescapedQueryString.Length > maxQueryStringLength)
{
options.Tracer.AsInfo("Querystring (Length {0}) too long (allowed {1}). Request rejected.",
unescapedQueryString.Length,
maxQueryStringLength);
context.Response.StatusCode = 414;
context.Response.ReasonPhrase = options.LimitReachedReasonPhrase(context.Response.StatusCode);
return;
}
options.Tracer.AsVerbose("Querystring length check passed.");
}
else
{
options.Tracer.AsVerbose("No querystring.");
}
await next(env);
};
}
