Skip to content

feat(http): Implement HTTP request body size limit middleware#105

Merged
allisson merged 18 commits intomainfrom
body-size-limit
Mar 5, 2026
Merged

feat(http): Implement HTTP request body size limit middleware#105
allisson merged 18 commits intomainfrom
body-size-limit

Conversation

@allisson
Copy link
Owner

@allisson allisson commented Mar 5, 2026

Add a global middleware to limit the size of incoming request bodies,
improving system resilience against Denial-of-Service (DoS) attacks.

Changes:

  • Add MaxRequestBodySize configuration (default 1MB) via MAX_REQUEST_BODY_SIZE environment variable.
  • Implement MaxRequestBodySizeMiddleware in internal/http using http.MaxBytesReader.
  • Wrap request body to intercept http.MaxBytesError and return 413 Payload Too Large.
  • Integrate the middleware into the global Gin router in SetupRouter.
  • Update integration test helpers to include the new limit in test configurations.
  • Document the new security feature in conductor/tech-stack.md.

allisson added 18 commits March 5, 2026 11:18
@allisson
chore(conductor): Add new track 'Add HTTP Request Body Size Limit Mid…
4e28127 
…dleware'
@allisson
feat(config): Add MaxRequestBodySize configuration
26ce68b
@allisson
conductor(plan): Mark task 'Update Application Configuration' as comp…
c5255ae 
…lete
@allisson
conductor(checkpoint): Checkpoint end of Phase 1: Configuration Updates
0f364c8
@allisson
conductor(plan): Mark phase 'Phase 1: Configuration Updates' as complete
f407e11
@allisson
feat(http): Implement MaxRequestBodySizeMiddleware
6695e3c
@allisson
conductor(plan): Mark task 'Create Request Body Size Middleware' as c…
0cfb7e9 
…omplete
@allisson
conductor(checkpoint): Checkpoint end of Phase 2: Middleware Implemen…
21f74a7 
…tation
@allisson
conductor(plan): Mark phase 'Phase 2: Middleware Implementation' as c…
c0d97b8 
…omplete
@allisson
feat(http): Integrate MaxRequestBodySizeMiddleware into router
162ae19
@allisson
conductor(plan): Mark task 'Integrate Middleware into Router' as comp…
232414e 
…lete
@allisson
test(integration): Add MaxRequestBodySize to integration test config
94874bc
@allisson
conductor(checkpoint): Checkpoint end of Phase 3: Global Integration
7dc251a
@allisson
conductor(plan): Mark phase 'Phase 3: Global Integration' as complete
9830ea6
@allisson
chore(conductor): Mark track 'Add HTTP Request Body Size Limit Middle…
fe4249d 
…ware' as complete
@allisson
docs(conductor): Synchronize docs for track 'Add HTTP Request Body Si…
b86930e 
…ze Limit Middleware'
@allisson
chore(conductor): Archive track 'Add HTTP Request Body Size Limit Mid…
5ecf7b7 
…dleware'
@allisson
feat(http): Implement HTTP request body size limit middleware
69058ca 
Add a global middleware to limit the size of incoming request bodies,
improving system resilience against Denial-of-Service (DoS) attacks.

Changes:
- Add MaxRequestBodySize configuration (default 1MB) via MAX_REQUEST_BODY_SIZE environment variable.
- Implement MaxRequestBodySizeMiddleware in internal/http using http.MaxBytesReader.
- Wrap request body to intercept http.MaxBytesError and return 413 Payload Too Large.
- Integrate the middleware into the global Gin router in SetupRouter.
- Update integration test helpers to include the new limit in test configurations.
- Document the new security feature in conductor/tech-stack.md.
@allisson allisson merged commit ffe9896 into main Mar 5, 2026
3 checks passed
@allisson allisson deleted the body-size-limit branch March 5, 2026 15:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@allisson