Another small but mighty release, with some bugfixes and some QoL improvements, as well as a number of new tests.
The main contribution fixes a long-standing design issue with file handling. Now files/multipart uploads are backed by resourcet temporary files and guarded by wai-extra payload size checks, which hopefully makes it harder to DoS your server 
.
Please refer to the changelog for full details. Happy hacking!
I wonder if it is possible/desirable to put the entire request handling into a ResourceT block, so temporary resources may be allocated while preparing the response, but freed after the response is served.
For example, using withTemporaryDir with Scotty.file reponse will raise file not found exception since the file name escapes the tmp bracket.
Almost (=
The bracket here is on the reading side, and in my case it was on the sending:
handler = do
inputs <- getUploaded
withTemporaryDir $ \tmp ->
dump inputs $ tmp </> "in"
process (tmp </> "in") (tmp </> "out") -- some complicated processing that may fail
Scotty.file $ tmp </> "out" -- "boom, file not found /tmp/xxxx/out"
Something can be done using builder callback, by pushing the code in there. But if something happens, then it is too late to call Scotty.raise.
Iām not sure I got the full picture. If you have a sketch solution in mind, could you please open a ticket in the scotty repo, together with a description of your scenario ? Thanks!