open-telemetry · Yiling-J · Jan 13, 2025 · Jan 13, 2025 · Jan 13, 2025 · Jan 13, 2025
@@ -16,6 +16,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 - Fix error logged by Jaeger remote sampler on empty or unset `OTEL_TRACES_SAMPLER_ARG` environment variable (#6511)
 - Relax minimum Go version to 1.22.0 in various modules. (#6595)
+- Fix issue in `otelgin` middleware where temporary files for multipart/form-data were not being removed. (#6609)
 
 <!-- Released section -->
 <!-- Don't change this section unless doing release -->

@@ -85,6 +85,20 @@
 
 		// pass the span through the request context
 		c.Request = c.Request.WithContext(ctx)
-		c.Request = c.Request.WithContext(ctx)
+		c.Request = c.Request.Clone(ctx)
-		c.Request = c.Request.WithContext(ctx)
+		c.Request = c.Request.Clone(ctx)
+		defer func() {
+			// as we have created new http.Request object we need to make sure that temporary files created to hold MultipartForm
+			// files are cleaned up. This is done by http.Server at the end of request lifecycle but Server does not
+			// have reference to our new Request instance therefore it is our responsibility to fix the mess we caused.
+			//
+			// This means that when we are on returning path from handler middlewares up in chain from this middleware
+			// can not access these temporary files anymore because we deleted them here.
+			if c.Request.MultipartForm != nil {
+				err := c.Request.MultipartForm.RemoveAll()
+				if err != nil {
+					otel.Handle(err)
+				}
+			}
+		}()
 
 		// serve the request to the next middleware
 		c.Next()

@@ -6,10 +6,14 @@
 package test
 
 import (
+	"bytes"
 	"errors"
 	"html/template"
+	"io/fs"
+	"mime/multipart"
 	"net/http"
 	"net/http/httptest"
+	"runtime"
 	"strconv"
 	"testing"
 
@@ -430,3 +434,45 @@ func TestWithGinFilter(t *testing.T) {
 		assert.Len(t, sr.Ended(), 1)
 	})
 }
+
+func TestTemporaryFormFileRemove(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		// Windows sometimes refuses to remove a file that was just closed.
+		t.Skip("https://go.dev/issue/25965")
+	}
+	sr := tracetest.NewSpanRecorder()
+	provider := sdktrace.NewTracerProvider(sdktrace.WithSpanProcessor(sr))
+
+	router := gin.New()
+	router.MaxMultipartMemory = 1
+	router.Use(otelgin.Middleware("foobar", otelgin.WithTracerProvider(provider)))
+	var fileHeader *multipart.FileHeader
+	router.POST("/upload", func(c *gin.Context) {
+		_, err := c.FormFile("file")
+		require.NoError(t, err)
+		fileHeader = c.Request.MultipartForm.File["file"][0]
+		_, err = fileHeader.Open()
+		require.NoError(t, err)
+		c.JSON(http.StatusOK, nil)
+	})
+
+	var body bytes.Buffer
+
+	mw := multipart.NewWriter(&body)
+	fw, err := mw.CreateFormFile("file", "file")
+	require.NoError(t, err)
+
+	_, err = fw.Write([]byte("hello world"))
+	require.NoError(t, err)
+	err = mw.Close()
+	require.NoError(t, err)
+	r := httptest.NewRequest("POST", "/upload", &body)
+	r.Header.Add("Content-Type", mw.FormDataContentType())
+	w := httptest.NewRecorder()
+
+	router.ServeHTTP(w, r)
+	assert.Len(t, sr.Ended(), 1)
+	require.Equal(t, http.StatusOK, w.Code)
+	_, err = fileHeader.Open()
+	require.ErrorIs(t, err, fs.ErrNotExist)
+}