[play-server] handle playBodyParsers parsing errors

server/play-server/src/main/scala/sttp/tapir/server/play/PlayRequestBody.scala

@@ -1,9 +1,9 @@
 package sttp.tapir.server.play
 
 import akka.stream.Materializer
-import akka.stream.scaladsl.{FileIO, Sink, Source}
+import akka.stream.scaladsl.{FileIO, Source}
 import akka.util.ByteString
-import play.api.mvc.Request
+import play.api.mvc.{Request, Result}
 import play.core.parsers.Multipart
 import sttp.capabilities.akka.AkkaStreams
 import sttp.model.{Header, MediaType, Part}
@@ -40,10 +40,16 @@ private[play] class PlayRequestBody(serverOptions: PlayServerOptions)(implicit
   )(implicit
       mat: Materializer
   ): Future[RawValue[R]] = {
-    def bodyAsByteString() = body().runWith(Sink.fold(ByteString.newBuilder)(_ append _)).map(_.result())
+    // playBodyParsers is used, so that the maxLength limits from Play configuration are applied
+    def bodyAsByteString(): Future[ByteString] = {
+      serverOptions.playBodyParsers.byteString.apply(request).run(body()).flatMap {
+        case Left(result) => Future.failed(new PlayBodyParserException(result))
+        case Right(value) => Future.successful(value)
+      }
+    }
     bodyType match {
       case RawBodyType.StringBody(defaultCharset) =>
-        bodyAsByteString().map(b => RawValue(new String(b.toArray, charset.getOrElse(defaultCharset))))
+        bodyAsByteString().map(b => RawValue(b.decodeString(charset.getOrElse(defaultCharset))))
       case RawBodyType.ByteArrayBody   => bodyAsByteString().map(b => RawValue(b.toArray))
       case RawBodyType.ByteBufferBody  => bodyAsByteString().map(b => RawValue(b.toByteBuffer))
       case RawBodyType.InputStreamBody => bodyAsByteString().map(b => RawValue(new ByteArrayInputStream(b.toArray)))
@@ -54,7 +60,10 @@ private[play] class PlayRequestBody(serverOptions: PlayServerOptions)(implicit
             Future.successful(RawValue(tapirFile, Seq(tapirFile)))
           case None =>
             val file = FileRange(serverOptions.temporaryFileCreator.create().toFile)
-            body().runWith(FileIO.toPath(file.file.toPath)).map(_ => RawValue(file, Seq(file)))
+            serverOptions.playBodyParsers.file(file.file).apply(request).run(body()).flatMap {
+              case Left(result) => Future.failed(new PlayBodyParserException(result))
+              case Right(_)     => Future.successful(RawValue(file, Seq(file)))
+            }
         }
       case m: RawBodyType.MultipartBody => multiPartRequestToRawBody(request, m, body)
     }
@@ -71,16 +80,16 @@ private[play] class PlayRequestBody(serverOptions: PlayServerOptions)(implicit
       Multipart.handleFilePartAsTemporaryFile(serverOptions.temporaryFileCreator)
     )
     bodyParser.apply(request).run(body()).flatMap {
-      case Left(_) =>
-        Future.failed(new IllegalArgumentException("Unable to parse multipart form data.")) // TODO
+      case Left(r) =>
+        Future.failed(new PlayBodyParserException(r))
       case Right(value) =>
         val dataParts: Seq[Future[Option[Part[Any]]]] = value.dataParts.flatMap { case (key, value) =>
           m.partType(key).map { partType =>
             toRaw(
               request,
               partType,
               charset(partType),
-              () => Source.single(ByteString(value.flatMap(_.getBytes).toArray)),
+              () => Source(value.map(ByteString.apply)),
               None
             ).map(body => Some(Part(key, body.value)))
           }
@@ -117,3 +126,5 @@ private[play] class PlayRequestBody(serverOptions: PlayServerOptions)(implicit
 
   private def playRequest(serverRequest: ServerRequest) = serverRequest.underlying.asInstanceOf[Request[Source[ByteString, Any]]]
 }
+
+class PlayBodyParserException(val result: Result) extends Exception

server/play-server/src/main/scala/sttp/tapir/server/play/PlayServerInterpreter.scala

@@ -86,33 +86,40 @@ trait PlayServerInterpreter {
           playServerOptions.deleteFile
         )
 
-        interpreter(serverRequest).map {
-          case RequestResult.Failure(_) =>
-            Left(Result(header = ResponseHeader(StatusCode.NotFound.code), body = HttpEntity.NoEntity))
-          case RequestResult.Response(response: ServerResponse[PlayResponseBody]) =>
-            val headers: Map[String, String] = response.headers
-              .foldLeft(Map.empty[String, List[String]]) { (a, b) =>
-                if (a.contains(b.name)) a + (b.name -> (a(b.name) :+ b.value)) else a + (b.name -> List(b.value))
+        interpreter(serverRequest)
+          .map {
+            case RequestResult.Failure(_) =>
+              Left(Result(header = ResponseHeader(StatusCode.NotFound.code), body = HttpEntity.NoEntity))
+            case RequestResult.Response(response: ServerResponse[PlayResponseBody]) =>
+              val headers: Map[String, String] = response.headers
+                .foldLeft(Map.empty[String, List[String]]) { (a, b) =>
+                  if (a.contains(b.name)) a + (b.name -> (a(b.name) :+ b.value)) else a + (b.name -> List(b.value))
+                }
+                .map {
+                  // See comment in play.api.mvc.CookieHeaderEncoding
+                  case (key, value) if key == HeaderNames.SET_COOKIE => (key, value.mkString(";;"))
+                  case (key, value)                                  => (key, value.mkString(", "))
+                }
+                .filterNot(allowToSetExplicitly)
+
+              val status = response.code.code
+              response.body match {
+                case Some(Left(flow))    => Right(flow)
+                case Some(Right(entity)) => Left(Result(ResponseHeader(status, headers), entity))
+                case None =>
+                  if (serverRequest.method.is(Method.HEAD) && response.contentLength.isDefined)
+                    Left(
+                      Result(
+                        ResponseHeader(status, headers),
+                        HttpEntity.Streamed(Source.empty, response.contentLength, response.contentType)
+                      )
+                    )
+                  else Left(Result(ResponseHeader(status, headers), HttpEntity.Strict(ByteString.empty, response.contentType)))
               }
-              .map {
-                // See comment in play.api.mvc.CookieHeaderEncoding
-                case (key, value) if key == HeaderNames.SET_COOKIE => (key, value.mkString(";;"))
-                case (key, value)                                  => (key, value.mkString(", "))
-              }
-              .filterNot(allowToSetExplicitly)
-
-            val status = response.code.code
-            response.body match {
-              case Some(Left(flow))    => Right(flow)
-              case Some(Right(entity)) => Left(Result(ResponseHeader(status, headers), entity))
-              case None =>
-                if (serverRequest.method.is(Method.HEAD) && response.contentLength.isDefined)
-                  Left(
-                    Result(ResponseHeader(status, headers), HttpEntity.Streamed(Source.empty, response.contentLength, response.contentType))
-                  )
-                else Left(Result(ResponseHeader(status, headers), HttpEntity.Strict(ByteString.empty, response.contentType)))
-            }
-        }
+          }
+          .recover { case e: PlayBodyParserException =>
+            Left(e.result)
+          }
       }
     }
   }

server/play-server/src/test/scala/sttp/tapir/server/play/PlayServerWithContextTest.scala

@@ -8,6 +8,7 @@ import play.api.Mode
 import play.api.routing.Router
 import play.core.server.{DefaultAkkaHttpServerComponents, ServerConfig}
 import sttp.client3._
+import sttp.model.{Part, StatusCode}
 import sttp.tapir._
 import sttp.tapir.tests.Test
 
@@ -34,6 +35,48 @@ class PlayServerWithContextTest(backend: SttpBackend[IO, Any])(implicit _actorSy
       }
       r.onComplete(_ => s.stop())
       r
+    },
+    Test("reject big body in multipart request") {
+      import sttp.tapir.generic.auto._
+      case class A(part1: Part[String])
+      val e = endpoint.post.in("hello").in(multipartBody[A]).out(stringBody).serverLogicSuccess(_ => Future.successful("world"))
+      val components = new DefaultAkkaHttpServerComponents {
+        override lazy val serverConfig: ServerConfig = ServerConfig(port = Some(0), address = "127.0.0.1", mode = Mode.Test)
+        override lazy val actorSystem: ActorSystem = ActorSystem("tapir", defaultExecutionContext = Some(_actorSystem.dispatcher))
+        override def router: Router = Router.from(PlayServerInterpreter().toRoutes(e)).withPrefix("/test")
+      }
+      val s = components.server
+      val r = Future.successful(()).flatMap { _ =>
+        basicRequest
+          .post(uri"http://localhost:${s.mainAddress.getPort}/test/hello")
+          .body(Array.ofDim[Byte](1024 * 15000)) // 15M
+          .send(backend)
+          .map(_.code shouldBe StatusCode.PayloadTooLarge)
+          .unsafeToFuture()
+      }
+      r.onComplete(_ => s.stop())
+      r
+    },
+    Test("reject big body in normal request") {
+      import sttp.tapir.generic.auto._
+      case class A(part1: Part[String])
+      val e = endpoint.post.in("hello").in(stringBody).out(stringBody).serverLogicSuccess(_ => Future.successful("world"))
+      val components = new DefaultAkkaHttpServerComponents {
+        override lazy val serverConfig: ServerConfig = ServerConfig(port = Some(0), address = "127.0.0.1", mode = Mode.Test)
+        override lazy val actorSystem: ActorSystem = ActorSystem("tapir", defaultExecutionContext = Some(_actorSystem.dispatcher))
+        override def router: Router = Router.from(PlayServerInterpreter().toRoutes(e)).withPrefix("/test")
+      }
+      val s = components.server
+      val r = Future.successful(()).flatMap { _ =>
+        basicRequest
+          .post(uri"http://localhost:${s.mainAddress.getPort}/test/hello")
+          .body(Array.ofDim[Byte](1024 * 15000)) // 15M
+          .send(backend)
+          .map(_.code shouldBe StatusCode.PayloadTooLarge)
+          .unsafeToFuture()
+      }
+      r.onComplete(_ => s.stop())
+      r
     }
   )
 }

server/tests/src/main/scala/sttp/tapir/server/tests/ServerBasicTests.scala

@@ -496,9 +496,9 @@ class ServerBasicTests[F[_], OPTIONS, ROUTE](
     ) { (backend, baseUri) =>
       basicStringRequest
         .post(uri"$baseUri/p2")
-        .body("a" * 1000000)
+        .body("a" * 100000)
         .send(backend)
-        .map { r => r.body shouldBe "p2 1000000" }
+        .map { r => r.body shouldBe "p2 100000" }
     },
     testServer(
       "two endpoints with query defined as the first input, path segments as second input: should try the second endpoint if the path doesn't match",