From aa3846877de774db580827b82b35366a17c3c946 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pascal=20B=C3=BCrkle?= <exxxodus.artz@gmail.com>
Date: Fri, 2 Feb 2024 00:09:39 +0100
Subject: [PATCH] limit size of data to 100kb

---
 src/routes/create.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/routes/create.rs b/src/routes/create.rs
index 3442e88..1e7a2fd 100644
--- a/src/routes/create.rs
+++ b/src/routes/create.rs
@@ -38,6 +38,11 @@ pub async fn create_shortcode(mut req: Request, ctx: RouteContext<()>) -> worker
 	let s = serde_json::to_vec(&body)?;
 	let data = URL_SAFE.encode(&s);
 
+	// Limit data size to 100KB.
+	if data.bytes().len() > 100_000 {
+		return create_error_json(StatusCode::PAYLOAD_TOO_LARGE, "Payload too large");
+	}
+
 	let db = create_database(&ctx.env).await?;
 
 	// Generate a unique shortcode.