Support buffering requests with unknown length (Transfer-Encoding: chunked) in RequestBodyBufferMiddleware

[andig]

Implement chunked response handling, following discussion in #232

[andig]

@WyriHaximus I need your help with rebasing this for reactphp/promise-stream#3. In the tests there's currently this for the RequestBodyBufferMiddlewareTest:

public function testExcessiveSizeReturnsError413()
{
    $stream = new BufferStream(2);
    $stream->write('aa');

    $serverRequest = new ServerRequest(
        'GET',
        'https://example.com/',
        array(),
        $stream
    );

    $buffer = new RequestBodyBufferMiddleware(1);
    $response = $buffer(
        $serverRequest,
        function () {}
    );

    $this->assertSame(413, $response->getStatusCode());
}

Now what goes in is NOT a ReadableStreamInterface and therefore returned early before any buffering in RequestBodyBufferMiddleware.php.

Is that really desired, i.e. should it be possible to construct ServerRequest with a body that doesn't implement Psr7 semantics + ReadableStreamInterface (and therefore actually is a HttpBodyStream? Hidden bug or feature that I fail to grasp?

[clue]

@andig Have you seen the documentation for the RequestBodyBufferMiddleware? I think that this middleware should support all valid requests. In a normal stack this will be the incoming streaming request, but another prior middleware handler may also expose a buffered request to this middleware handler.

The following (completely contrived) example should allow request up to 8 MiB:

$middleware = new MiddlewareRunner([
    new RequestBodyBufferMiddleware(16 * 1024 * 1024), // 16 MiB
    new RequestBodyBufferMiddleware(8 * 1024 * 1024), // 8 MiB
});

[clue]

We should probably keep this check: it makes sense to fail early in case the client is trying to upload a gigabyte file over a slow uplink :-)

[andig]

Fixed. Please forgive me for force-pushing. I didn't realize you were already reviewing.

[clue]

No worries, happy to see you're faster with coding than I am with reviewing

[andig]

Small side note: I've also changed mentions of g7 and Psr7Implemention to Psr7 for sake of coding consistency.

[andig]

@clue

Have you seen the documentation for the RequestBodyBufferMiddleware? I think that this middleware should support all valid requests.

Reading this:

This can be useful if full PSR-7 compatibility is needed for the request handler and the default streaming request body handling is not needed.

I understand the behaviour. It's still totally confusing though that- if you use the RequestBodyBufferMiddleware and send in a react stream- it can be of any size (as long as it doesn't tell you which size) and will not be buffered or rejected simply because the RequestBodyBufferMiddleware will not do its job in this case.

Shouldn't at least the RequestBodyBufferMiddleware reject non-Psr7 bodies as they are used in the tests? Along the lines of "you want buffered request bodies, so you should send in valid Psr requests"?

The following (completely contrived) example should allow request up to 8 MiB ... In a normal stack this will be the incoming streaming request, but another prior middleware handler may also expose a buffered request to this middleware handler.

The buffer outputs BufferStream which is of StreamInterface and can be fed to the next buffer. Imho you should not have a middleware in between that returns ReadableStreamInterfaces or similar simply because after the buffer you should be able to expect 100% compilant Psr7 request bodies?

Update maybe my explanation is too complicated. The Server wraps every kind of body inside a HttpBodyStream which implements StreamInterface. No middleware on the stack should remove or accept other interfaces than StreamInterface - or we should have a big disclaimer in the docs that functionality may depend on type of input stream?

[clue]

I'm not sure I follow tbh. Our middleware implementation works around the concept of PSR-7 requests coming in and PSR-7 responses coming out (plus wrapped in promises). This means that there's no such thing as a "non-Psr7 body".

What's special about this implementation is that bodies can be in a streaming state when a ReadableStreamInterface is attached. This allows us to transport bodies of arbitrary sizes without having to store huge bodies in memory.

Does this help?

[andig]

I'm not sure I follow tbh.

Never mind. I've just noticed that I had to rewrite https://github.com/reactphp/http/pull/235/files#diff-5ff94d7c5e50a34ed39b11c33717c0b9R68 to use a different stream type. I'm probably making this too complicated ;)

[WyriHaximus]

Could you revert all changes in this file?

[andig]

Will open separate PR for Psr7 but imho at least this change https://github.com/reactphp/http/pull/235/files#diff-c611f5024b5b13f69f779505d1c6735eR170 makes sense.

Do you mind the reordering of the use clauses by library?

[WyriHaximus]

Could you revert all changes in this file?

[andig]

Artifact removed.

[WyriHaximus]

Any reason why you changed this? Or is this left over from earlier changes in this PR?

[andig]

I wanted to have Psr7 consistently named in the codebase (not Psr7, g7, and PsrImplementation). Could move to separate PR?

[WyriHaximus]

Could you revert all changes in this file?

[andig]

Imho this change makes sense. It's aligned with the comment now, the constructor handles null and it prevents explicitly passing null for bodies of unknown length?

[clue]

I feel that this adds noise and adds no value and as part of this PR, maybe suggest this in a separate PR? 👍

Despite this, I don't see what value this would provide, as this is an internal class only and this change basically means you're allowed th instantiate the class without considering what its "size" would be. If you feel this is relevant, I encourage you to file a PR so we can discuss this further 👍

[WyriHaximus]

@andig Seems you're getting there, keep up the good work 👍

[WyriHaximus]

@andig 🎉 https://github.com/reactphp/promise-stream/releases/tag/v0.1.2 🎉

[WyriHaximus]

@andig updated this PR's title to something that reflects what the current code is doing

[andig]

I've added one more commit to test for 413 in case on known but excessive content length. Still need to have another look at the README.

[WyriHaximus]

LGTM 🎉

[WyriHaximus]

@andig could you update to ^1.0 || ^0.1.2 since 1.0 has been release earlier today? 🎉

[clue]

Thank you for keeping this updated! I feel this could use another higher level test to ensure consistent behavior (functional test?) and a README update, otherwise LGTM 👍

[clue]

README updates are much appreciated 👍 However, I feel this is a bit misleading here, as this makes it sounds like this is what this middleware handler does, whereas this is actually handled by the Server itself. Also, the word "middlewares" doesn't exist (think "softwares"), I usually use "middleware handlers" instead :-) Can you rephrase this? 👍

[andig]

I think it has actually become a duplicate since the response section already describes the behaviour. Removed.

[clue]

This sentence made much more sense for the old behavior where these requests were rejected. Does it make sense to you to remove this sentence?

[andig]

Yep, removed.

[clue]

It looks like this error handles the same condition as above while it actually does not. I suppose this could use some comments and and explicit test. Also, it looks like this should also close the incoming request to stop wasting incoming bandwidth if the limit is exceeded. Can you also add a test for this?

[andig]

this could use some comments and and explicit test

I'll add two comments:

        // request body of known size exceeding limit
        // request body of unknown size exceeding limit during buffering

It is imho also tested: https://github.com/reactphp/http/pull/235/files/635a9659159e195c8dc3614439858a7535ade0c5#diff-5ff94d7c5e50a34ed39b11c33717c0b9R68 and https://github.com/reactphp/http/pull/235/files/635a9659159e195c8dc3614439858a7535ade0c5#diff-5ff94d7c5e50a34ed39b11c33717c0b9R68. Or I'm misunderstanding you.

Also, it looks like this should also close the incoming request to stop wasting incoming bandwidth if the limit is exceeded

This is as per original code which didn't close the body either. Is this responsibility of the middleware or the server? I.e. who should close the body if open after the middleware stack has finished or a middleware doesn't consume the body?

[clue]

I think this is a relevant point, let's postpone this discussion for now and address this in a follow-up ticket 👍

See for example https://stackoverflow.com/questions/14250991/is-it-acceptable-for-a-server-to-send-a-http-response-before-the-entire-request

[andig]

Understood. Looking forward to your insights once this is in.

[andig]

Shouldn't this check be moved up as this type of stream won't be buffered anyway? Why complain about size in this case (shouldn't happen when using the server at all, might as well just throw)?

[clue]

IMO it makes sense to keep this like this in (the rare) case this middleware is used behind another buffering middleware handler, see also #235 (comment) 👍

[andig]

@clue What I mean is that- if not a ReadableStreamInterface, which means we won't buffer it, we're still returning 413 although the middleware is not responsible for handling this request as it is right now.

My suggestion would be to move the ReadableStreamInterface to the Beginning of the method?

[andig]

ping @clue could you check my question above?
What's missing to make make progress with this PR (and 0.8 in general)?

[clue]

Well, technically buffering and limiting sizes are in fact independent responsibilities. For practical reasons however, I think that it makes sense to bring them close together because buffering without applying a limit is actually harmful (potential for trivial DOS otherwise). If we accept the fact that checking size limits here, then I think it makes sense to also support buffered requests here. This means that I think it makes sense to also reject buffered requests that exceed the given size limits.

Accordingly, I think this code LGTM 👍 What do you think about this?

[andig]

What do you think about this?

@clue scratch head. I'm not getting my point across. We're only buffering and limiting PSR streams. We are however still limiting react-only streams.

This is imho wrong- as the buffering middleware is not responsible for these requests. I'm proposing- to be explicit- to change order of things like this:

public function __invoke(ServerRequestInterface $request, $stack)
{
    $body = $request->getBody();

    if (!$body instanceof ReadableStreamInterface) {
        return $stack($request);
    }

    // request body of known size exceeding limit
    if ($body->getSize() > $this->sizeLimit) {
        return new Response(413, array('Content-Type' => 'text/plain'), 'Request body exceeds allowed limit');
    }

[clue]

Yes, it looks like we're talking past one another 🤷‍♂️ :-)

The getBody() method is guaranteed to always return an instance of Psr\Message\StreamInterface. This very instance may also implement the React\Stream\ReadableStreamInterface ("streaming state"), but this is not guaranteed (already in "buffered state").

When this middleware handler is used as documented, then the body is always in a "streaming state". If one were to use this middleware handler twice in the same stack (conceived example), then the first will see a body in "streaming state" while the second will see it in "buffered state".

If this conceived(!) second middleware handler uses a smaller size limit (which I would expect to be more of a programming error than intentional), then IMO the second middleware handler should still reject the message in my opinion.

If I understand your above suggestion correctly, then it looks like this would actually allow the body to pass through without applying the second limit at all.

I think it makes sense to add a test for this behavior to ensure that this is properly covered. Can you add a test for this or would you rather want me to add this to this PR? 👍

[clue]

This probably shouldn't return an Exception here :-) Can you fix this and add a test?

[andig]

@clue good catch! Undecided what to return though- right now it's an HTTP 400 with the Exception message as text. Do you have a better suggestion?

[clue]

"it depends" is probably the best answer here, so I think that this would be best addressed in a separate PR 👍 As such, I would suggest restoring the original behavior of simply returning a rejected promise (throwing an exception).

[andig]

Done. Do you think we need to guard for error actually being an exception and not something else?

[WyriHaximus]

What is the status here @clue and @andig?

[andig]

Needs review of the last 2 commits

[clue]

@andig Thank you so much for your patience and for keeping up with, the changes LGTM! 👍 Now let's get this in, cheers! 🍻 🎉

I've rebased your changes due to merge conflicts with master and squashed this down to 2 commits.

[WyriHaximus]

👍 🎉