From e499651c39a1b472f12fb7cad5aa599a4c15ac5a Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <sneak@acidhou.se>
Date: Wed, 13 Nov 2019 18:47:48 -0800
Subject: [PATCH] added consts for shifts and limited req header size

---
 server.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/server.go b/server.go
index 3ab35b4..630fd63 100644
--- a/server.go
+++ b/server.go
@@ -23,6 +23,13 @@ var thingRegex = regexp.MustCompile(`^[a-zA-Z0-9\_\-]+$`)
 
 type MerpTopic string
 
+const (
+	// Shifts
+	KiB = 10
+	MiB = 20
+	GiB = 30
+)
+
 // Server is the central structure of the HTTP API server.
 type Server struct {
 	db        orm.Ormer
@@ -76,7 +83,7 @@ func (ms *Server) init() {
 		Handler:        ms.gin,
 		ReadTimeout:    10 * time.Second,
 		WriteTimeout:   60 * time.Second,
-		MaxHeaderBytes: 1 << 16, // 64kB
+		MaxHeaderBytes: 5 << KiB,
 	}
 }
 
@@ -142,6 +149,8 @@ func (ms *Server) setupRoutes() {
 		ms.stats.End(beginning, stats.WithRecorder(recorder))
 	})
 
+	//FIXME(sneak) use a http.MaxBytesReader middleware to limit request size
+
 	r.GET("/.well-known/healthcheck.json", gin.WrapF(ms.healthCheckHandler()))
 	r.GET("/admin/healthcheck.json", gin.WrapF(ms.healthCheckHandler()))
 	r.GET("/admin/stats.json", gin.WrapF(ms.statsHandler()))