From 692f8e8459adc30069620f20cbfb153f2184198f Mon Sep 17 00:00:00 2001
From: Ethen Pociask <ethen@eigenlabs.org>
Date: Thu, 9 Jan 2025 15:34:24 +0700
Subject: [PATCH] fix(sigmap-EDAP-04): Add IO parsing size constraint on
 incoming request bodies

---
 server/handlers.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/server/handlers.go b/server/handlers.go
index d1acb29..9749416 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -12,6 +12,11 @@ import (
 	"github.com/gorilla/mux"
 )
 
+const (
+	// limit requests to only 32 mib to mitigate potential DoS attacks
+	maxRequestBodySize int64 = 1048576 * 32
+)
+
 func (svr *Server) handleHealth(w http.ResponseWriter, _ *http.Request) error {
 	w.WriteHeader(http.StatusOK)
 	return nil
@@ -164,7 +169,7 @@ func (svr *Server) handlePostOPGenericCommitment(w http.ResponseWriter, r *http.
 
 func (svr *Server) handlePostShared(w http.ResponseWriter, r *http.Request, comm []byte, meta commitments.CommitmentMeta) error {
 	svr.log.Info("Processing POST request", "commitment", hex.EncodeToString(comm), "commitmentMeta", meta)
-	input, err := io.ReadAll(r.Body)
+	input, err := io.ReadAll(http.MaxBytesReader(w, r.Body, maxRequestBodySize))
 	if err != nil {
 		err = MetaError{
 			Err:  fmt.Errorf("failed to read request body: %w", err),