Add option for max parts

Author: devinivy

lib/index.js

@@ -49,7 +49,8 @@ internals.state = {
 
 
 internals.defaults = {
-    maxBytes: Infinity
+    maxBytes: Infinity,
+    maxParts: Infinity
 };
 
 
@@ -71,8 +72,10 @@ exports.Dispenser = class extends Stream.Writable {
         this._name = '';
         this._pendingHeader = '';
         this._error = null;
-        this._bytes = 0;
+        this._bytesCount = 0;
+        this._partsCount = 0;
         this._maxBytes = settings.maxBytes;
+        this._maxParts = settings.maxParts;
 
         this._parts = new Nigel.Stream(Buffer.from('--' + settings.boundary));
         this._lines = new Nigel.Stream(Buffer.from('\r\n'));
@@ -132,9 +135,9 @@ exports.Dispenser = class extends Stream.Writable {
 
         const onReqData = (data) => {
 
-            this._bytes += Buffer.byteLength(data);
+            this._bytesCount += Buffer.byteLength(data);
 
-            if (this._bytes > this._maxBytes) {
+            if (this._bytesCount > this._maxBytes) {
                 finish(Boom.entityTooLarge('Maximum size exceeded'));
             }
         };
@@ -193,6 +196,12 @@ exports.Dispenser = class extends Stream.Writable {
 
             this._parts.needle(Buffer.from('\r\n--' + this._boundary));                      // CRLF no longer optional
         }
+        else {
+            this._partsCount++;
+            if (this._partsCount > this._maxParts) {
+                return this.#abort(Boom.badRequest('Maximum parts exceeded'));
+            }
+        }
 
         this._state = internals.state.boundary;
 

test/index.js

@@ -543,6 +543,52 @@ describe('Dispenser', () => {
         await team.work;
     });
 
+    it('errors if the payload size exceeds the part limit', async () => {
+
+        const createParts = (n) => {
+
+            return [
+                '--AaB03x\r\n',
+                `content-disposition: form-data; name="field${n}"\r\n`,
+                '\r\n',
+                'one\r\ntwo\r\n',
+                '--AaB03x\r\n',
+                `content-disposition: form-data; name="file${n}"; filename="file${n}.txt"\r\n`,
+                'Content-Type: text/plain\r\n',
+                '\r\n',
+                'hello world\r\n'
+            ].join('');
+        };
+
+        const endParts = () => '--AaB03x--\r\n';
+
+        const payload = [
+            createParts(2),
+            createParts(4),
+            createParts(6),
+            createParts(8),
+            createParts(10),
+            endParts()
+        ].join('');
+
+        const req = new internals.Payload(payload, true);
+        req.headers = { 'content-type': 'multipart/form-data; boundary="AaB03x"' };
+
+        const dispenser = new Pez.Dispenser({ boundary: 'AaB03x', maxParts: 9 });
+
+        const team = new Teamwork.Team();
+        dispenser.once('error', (err) => {
+
+            expect(err).to.exist();
+            expect(err.message).to.equal('Maximum parts exceeded');
+            expect(err.output.statusCode).to.equal(400);
+            team.attend();
+        });
+
+        req.pipe(dispenser);
+        await team.work;
+    });
+
     it('parses a request with "=" in the boundary', async () => {
 
         const payload =