Configurable upload size limit#104
Merged
Merged
Conversation
Uploads were enforced only client-side; the engine accepted any size. Add `max_upload_mb` to the hosting config (default 100; -1 = unlimited, 0 = disables uploads) and enforce it in the database and method upload handlers through a shared `checkUploadSize` helper and a `withUploadBytes` decode/guard front-door. Expose the value in /api/v1/hosting so clients can adapt their UI. With no hosting config (local/CLI) uploads stay unlimited.
checkUploadSize runs only after Servant has buffered and parsed the whole request body, so it enforces policy but gives no protection against memory exhaustion. Add a WAI request-size middleware as the outer backstop. uploadBodyCeiling derives a per-request byte ceiling from the hosting config and bounds only the db/upload and method-collections/upload routes, and only for a positive limit. Unlimited (-1), disabled (0) and local/CLI (no config) stay unbounded, so the unlimited tier is never capped and other endpoints are untouched. The ceiling is 2x the policy limit so a file just over the limit still reaches the handler and gets the precise checkUploadSize error; only grossly oversized bodies are rejected with a 413 before buffering.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Makes the upload size limit configurable per hosting instance instead of being a client-only cap.
max_upload_mbfield in the hosting config:100— default when omitted-1— unlimited0— uploads disabledcheckUploadSizehelper, behind awithUploadBytesfront-door that also DRYs the base64 decode.GET /api/v1/hostingso clients can adapt (cap files, or hide the upload UI when disabled).Why
Previously the engine accepted uploads of any size; the only limit lived in the web client. Operators of managed instances need a real, enforceable per-instance limit (and a way to turn uploads off).
Tests
New
UploadSizeSpeccovers unlimited / disabled / within-limit / over-limit / no-config. Full suite: 1135 examples, 0 failures.