Working

Author: robotdan

src/main/java/io/fusionauth/http/server/internal/HTTPWorker.java

@@ -311,20 +311,9 @@ private void closeSocketOnError(HTTPResponse response, int status) {
         response.setHeader(Headers.Connection, Connections.Close);
         response.setStatus(status);
         response.setContentLength(0L);
-//        System.out.println("return ["  + status + "]");
-
-        // Here
-        // Close this sucker out!
-//        socket.setSoLinger(true, 0);
-
-//        socket.shutdownInput();
-//        socket.getInputStream().close();
         response.close();
       }
     } catch (IOException e) {
-      System.out.println("\n\n\nHere!");
-      System.out.println(e.getClass().getSimpleName());
-      System.out.println(e.getMessage());
       logger.debug(String.format("[%s] Could not close the HTTP response.", Thread.currentThread().threadId()), e);
     } finally {
       // It is plausible that calling response.close() could throw an exception. We must ensure we close the socket.

src/main/java/io/fusionauth/http/server/io/HTTPInputStream.java

@@ -165,15 +165,10 @@ public int read(byte[] b, int off, int len) throws IOException {
 
     if (read > 0) {
       if (fixedLength) {
-        bytesRemaining -= read;
+        bytesRemaining -= reportBytesRead;
       }
     }
 
-    // TODO : Daniel : Review : If we push back n bytes, don't we need to return read - n? This was previously read which ignored bytes pushed back.
-    // TODO : Daniel : Write a test to prove this, send a content-length of 100, buffer size 80 (as an example), ensure this returns 80, and then
-    //                 the next call returns 20?
-
-
     bytesRead += reportBytesRead;
 
     // This won't cause us to fail as fast as we could, but it keeps the code a bit simpler.

src/main/java/module-info.java

@@ -4,5 +4,6 @@
   exports io.fusionauth.http.log;
   exports io.fusionauth.http.security;
   exports io.fusionauth.http.server;
+  exports io.fusionauth.http.server.io;
   exports io.fusionauth.http.util;
 }

src/test/java/io/fusionauth/http/FormDataTest.java

@@ -49,7 +49,7 @@ public class FormDataTest extends BaseTest {
       .replaceAll("\\s", "");
 
   @Test(dataProvider = "schemes")
-  public void post_server_configuration_form_data_tooBig(String scheme) throws Exception {
+  public void post_server_configuration_max_form_data(String scheme) throws Exception {
     // Fixed length. n, n is < max length, Ok.
     // Fixed length. n, n > too big
     // Not tested yet: Chunked, too big.
@@ -86,13 +86,25 @@ public void post_server_configuration_form_data_tooBig(String scheme) throws Exc
             \r
             """)
         .expectExceptionOnWrite(SocketException.class);
+
+    // Large, but max size has been disabled
+    withScheme(scheme)
+        .withBodyParameterCount(42 * 1024)  // 131,072, 131,072
+        .withBodyParameterSize(128)
+        // Disable the limit
+        .withConfiguration(config -> config.withMaxFormDataSize(-1))
+        .expectResponse("""
+            HTTP/1.1 200 \r
+            connection: keep-alive\r
+            content-type: application/json\r
+            content-length: 16\r
+            \r
+            {"version":"42"}""")
+        .expectNoExceptionOnWrite();
   }
 
   @Test(dataProvider = "schemes")
-  public void post_server_configuration_header_tooBig(String scheme) throws Exception {
-    // http, base header will be 263
-    // https, base header will be 167
-
+  public void post_server_configuration_max_request_header_size(String scheme) throws Exception {
     // Header size ok.
     withScheme(scheme)
         // Try and get as close as we can to the maximum. Default is 128k, which is 131,072 bytes.
@@ -104,7 +116,6 @@ public void post_server_configuration_header_tooBig(String scheme) throws Except
         // https: (1655 * (11 + 2 + 64 + 2)) + 175 = 130,920
         .withHeaderCount(1655)
         .withHeaderSize(64)
-        // TODO : Daniel : Send a small body
         // Default is 128k, this should fit.
         // - The header size includes the request line, and the request headers.
         .expectResponse("""
@@ -122,7 +133,6 @@ public void post_server_configuration_header_tooBig(String scheme) throws Except
         //   2048 * 64 == 131,072 + request line will exceed 128k
         .withHeaderCount(1024 * 1024)
         .withHeaderSize(128)
-        // TODO : Daniel : Send a small body
         .expectResponse("""
             HTTP/1.1 431 \r
             connection: close\r
@@ -131,6 +141,21 @@ public void post_server_configuration_header_tooBig(String scheme) throws Except
             """)
         .expectExceptionOnWrite(SocketException.class);
 
+    // Same big size, but disable header size limit.
+    withScheme(scheme)
+        .withHeaderCount(1024 * 1024)
+        .withHeaderSize(128)
+        // Disable the limit
+        .withConfiguration(config -> config.withMaxRequestHeaderSize(-1))
+        .expectResponse("""
+            HTTP/1.1 200 \r
+            connection: keep-alive\r
+            content-type: application/json\r
+            content-length: 16\r
+            \r
+            {"version":"42"}""")
+        .expectNoExceptionOnWrite();
+
   }
 
   private Builder withScheme(String scheme) {

src/test/java/io/fusionauth/http/io/HTTPInputStreamTest.java

@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2025, FusionAuth, All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+package io.fusionauth.http.io;
+
+import java.io.ByteArrayInputStream;
+import java.nio.charset.StandardCharsets;
+
+import io.fusionauth.http.server.HTTPRequest;
+import io.fusionauth.http.server.HTTPServerConfiguration;
+import io.fusionauth.http.server.io.HTTPInputStream;
+import org.testng.annotations.Test;
+import static org.testng.Assert.assertEquals;
+
+/**
+ * @author Daniel DeGroff
+ */
+public class HTTPInputStreamTest {
+  @Test
+  public void read_chunked_withPushback() throws Exception {
+    // Ensure that when we read a chunked encoded body that the InputStream returns the correct number of bytes read even when
+    // we read past the end of the current request and use the PushbackInputStream.
+
+    int contentLength = 113;
+    String content = "These pretzels are making me thirsty. These pretzels are making me thirsty. These pretzels are making me thirsty.";
+
+    // Chunk the content
+    byte[] bytes = """
+        26\r
+        These pretzels are making me thirsty. \r
+        26\r
+        These pretzels are making me thirsty. \r
+        25\r
+        These pretzels are making me thirsty.\r
+        0\r
+        \r
+        GET / HTTP/1.1\r
+        """.getBytes();
+
+    HTTPRequest request = new HTTPRequest();
+    request.setHeader("Transfer-Encoding", "chunked");
+
+    assertReadWithPushback(bytes, content, contentLength, request);
+  }
+
+  @Test
+  public void read_fixedLength_withPushback() throws Exception {
+    // Ensure that when we read a fixed length body that the InputStream returns the correct number of bytes read even when
+    // we read past the end of the current request and use the PushbackInputStream.
+
+    int contentLength = 113;
+    String content = "These pretzels are making me thirsty. These pretzels are making me thirsty. These pretzels are making me thirsty.";
+
+    // Fixed length body with the start of the next request in the buffer
+    byte[] bytes = (content + "GET / HTTP/1.1\r\n").getBytes(StandardCharsets.UTF_8);
+
+    HTTPRequest request = new HTTPRequest();
+    request.setHeader("Content-Length", contentLength + "");
+
+    assertReadWithPushback(bytes, content, contentLength, request);
+  }
+
+  private void assertReadWithPushback(byte[] bytes, String content, int contentLength, HTTPRequest request) throws Exception {
+    int bytesAvailable = bytes.length;
+    System.out.println("available bytes [" + bytesAvailable + "]");
+    System.out.println("buffer size [" + (bytesAvailable + 100) + "]");
+    HTTPServerConfiguration configuration = new HTTPServerConfiguration().withRequestBufferSize(bytesAvailable + 100);
+
+    ByteArrayInputStream is = new ByteArrayInputStream(bytes);
+    PushbackInputStream pushbackInputStream = new PushbackInputStream(is, null);
+
+    HTTPInputStream httpInputStream = new HTTPInputStream(configuration, request, pushbackInputStream, -1);
+    byte[] buffer = new byte[configuration.getRequestBufferSize()];
+    int read = httpInputStream.read(buffer);
+
+    assertEquals(read, contentLength);
+    assertEquals(new String(buffer, 0, read), content);
+
+    // We should be at the end of the request, so expect -1 even though we have extra bytes in the PushbackInputStream
+    int secondRead = httpInputStream.read(buffer);
+    assertEquals(secondRead, -1);
+
+    // We have 16 bytes left over
+    assertEquals(pushbackInputStream.getAvailableBufferedBytesRemaining(), 16);
+
+    // Next read should start at the next request
+    byte[] leftOverBuffer = new byte[100];
+    int leftOverRead = pushbackInputStream.read(leftOverBuffer);
+    assertEquals(leftOverRead, 16);
+    assertEquals(new String(leftOverBuffer, 0, leftOverRead), "GET / HTTP/1.1\r\n");
+  }
+}