Audit changes.

hub/handlers.go

@@ -268,9 +268,11 @@ func (a *App) _peerInit(peer *api.Peer, w http.ResponseWriter, r *http.Request)
 		return nil
 	}
 
+	r.Body = http.MaxBytesReader(w, r.Body, 2048)
+
 	args := m.PeerInitArgs{}
 	if err := json.NewDecoder(r.Body).Decode(&args); err != nil {
-		return err
+		return errs.BadRequest.WithMsg("Invalid request body.")
 	}
 
 	if len(args.WGPubKey) != 32 {

hub/main.go

@@ -5,6 +5,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"time"
 
 	"git.crumpington.com/lib/go/webutil"
 )
@@ -30,8 +31,12 @@ func Main() {
 	}
 
 	srv := &http.Server{
-		Addr:    conf.ListenAddr,
-		Handler: app.Handler(),
+		Addr:              conf.ListenAddr,
+		Handler:           app.Handler(),
+		ReadHeaderTimeout: 30 * time.Second,
+		ReadTimeout:       60 * time.Second,
+		WriteTimeout:      120 * time.Second,
+		IdleTimeout:       180 * time.Second,
 	}
 
 	log.Fatal(webutil.ListenAndServe(srv))