Skip to content

Configurable upload size limit#104

Merged
ccomb merged 2 commits into
mainfrom
upload_size_limit
May 29, 2026
Merged

Configurable upload size limit#104
ccomb merged 2 commits into
mainfrom
upload_size_limit

Conversation

@ccomb

@ccomb ccomb commented May 29, 2026

Copy link
Copy Markdown
Owner

What

Makes the upload size limit configurable per hosting instance instead of being a client-only cap.

  • New max_upload_mb field in the hosting config:
    • 100 — default when omitted
    • -1 — unlimited
    • 0 — uploads disabled
  • Enforced server-side in the database and method upload handlers via a shared pure checkUploadSize helper, behind a withUploadBytes front-door that also DRYs the base64 decode.
  • Surfaced in GET /api/v1/hosting so clients can adapt (cap files, or hide the upload UI when disabled).
  • With no hosting config (local / CLI), uploads remain unlimited.

Why

Previously the engine accepted uploads of any size; the only limit lived in the web client. Operators of managed instances need a real, enforceable per-instance limit (and a way to turn uploads off).

Tests

New UploadSizeSpec covers unlimited / disabled / within-limit / over-limit / no-config. Full suite: 1135 examples, 0 failures.

ccomb added 2 commits May 29, 2026 15:01
Uploads were enforced only client-side; the engine accepted any size.
Add `max_upload_mb` to the hosting config (default 100; -1 = unlimited,
0 = disables uploads) and enforce it in the database and method upload
handlers through a shared `checkUploadSize` helper and a `withUploadBytes`
decode/guard front-door. Expose the value in /api/v1/hosting so clients
can adapt their UI. With no hosting config (local/CLI) uploads stay
unlimited.
checkUploadSize runs only after Servant has buffered and parsed the whole
request body, so it enforces policy but gives no protection against memory
exhaustion. Add a WAI request-size middleware as the outer backstop.

uploadBodyCeiling derives a per-request byte ceiling from the hosting config
and bounds only the db/upload and method-collections/upload routes, and only
for a positive limit. Unlimited (-1), disabled (0) and local/CLI (no config)
stay unbounded, so the unlimited tier is never capped and other endpoints are
untouched. The ceiling is 2x the policy limit so a file just over the limit
still reaches the handler and gets the precise checkUploadSize error; only
grossly oversized bodies are rejected with a 413 before buffering.
@ccomb
ccomb merged commit c841bf8 into main May 29, 2026
7 checks passed
@ccomb
ccomb deleted the upload_size_limit branch May 29, 2026 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant