Here the code is reading the body of the request:

The problem of this technique is that an attacker can issue a request using an arbitrary body size (1 terabyte) and crash the server, creating a Denial-of-Service.

A possible mitigation is reading the body while using http.MaxBytesReader() function, to limit the maximum body size. Possibly, the maximum size should be configurable.

I'm not aware of any other solution (with this middleware architecture, see #2 (comment)).

Its a good idea indeed, even though I believe we could mitigate this using another middleware.

But this middleware shouldm't include some vulnerabilities.