fix(service): return 413 when body size too large (#196)

LironEr · Feb 9, 2024 · 5e6b3c9 · 5e6b3c9
1 parent f9a3858
commit 5e6b3c9
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 1 deletion.
diff --git a/service/src/app.ts b/service/src/app.ts
@@ -12,6 +12,7 @@ import { DEFAULT_SESSION_AGE_SECONDS } from '@/consts/auth';
 import { RequestError as OctokitRequestError } from '@octokit/request-error';
 
 import type { ServerOptions } from 'https';
+import { MAX_BODY_SIZE_BYTES } from './consts/server';
 
 function init() {
   let https: ServerOptions | null = null;
@@ -25,6 +26,7 @@ function init() {
 
   const app = fastify({
     https,
+    bodyLimit: MAX_BODY_SIZE_BYTES,
     logger: {
       serializers: {
         req(req) {
@@ -85,6 +87,24 @@ function init() {
       return res.status(400).send({
         message: `GitHub error: ${error.message}`,
       });
+    } else if (error instanceof fastify.errorCodes.FST_ERR_CTP_BODY_TOO_LARGE) {
+      req.log.warn('Request body too large');
+
+      let bodySize: string | number = 'unknown';
+
+      try {
+        if (req.headers['content-length']) {
+          bodySize = parseInt(req.headers['content-length'] || '');
+        }
+      } catch (e) {
+        // Do nothing
+      }
+
+      return res.status(413).send({
+        message: 'Request body too large',
+        bodySize,
+        limitBytes: MAX_BODY_SIZE_BYTES,
+      });
     }
 
     req.log.error(error);

diff --git a/service/src/consts/server.ts b/service/src/consts/server.ts
@@ -0,0 +1 @@
+export const MAX_BODY_SIZE_BYTES = 1024 * 1024; // 1MB
diff --git a/service/src/routes/api/__tests__/commitRecordsRoutes/createCommitRecord.spec.ts b/service/src/routes/api/__tests__/commitRecordsRoutes/createCommitRecord.spec.ts
@@ -1,5 +1,5 @@
 import { ObjectId } from 'mongodb';
-import { CommitRecordPayload, Compression, CreateCommitRecordResponse } from 'bundlemon-utils';
+import { CommitRecordPayload, Compression, CreateCommitRecordResponse, FileDetails } from 'bundlemon-utils';
 import { app } from '@tests/app';
 import { createTestGithubProject, createTestProjectWithApiKey, generateProjectId } from '@tests/projectUtils';
 import { generateRandomInt, generateRandomString } from '@tests/utils';
@@ -64,6 +64,38 @@ describe('create commit record', () => {
     expect(responseJson.message).toEqual('forbidden');
   });
 
+  test('body size too large', async () => {
+    const { projectId, apiKey } = await createTestProjectWithApiKey();
+
+    // create array of 1000 files, each with ~1000 characters in the path
+    // make it a total of ~1MB
+    const files: FileDetails[] = Array.from({ length: 1000 }, () => ({
+      path: `${generateRandomString(1000)}.js`,
+      pattern: '*.js',
+      size: 100,
+      compression: Compression.None,
+    }));
+
+    const payload: CommitRecordPayload = {
+      branch: 'test',
+      commitSha: generateRandomString(8),
+      files,
+      groups: [],
+    };
+
+    const response = await app.inject({
+      method: 'POST',
+      url: `/v1/projects/${projectId}/commit-records`,
+      payload,
+      headers: {
+        'bundlemon-auth-type': 'API_KEY',
+        'x-api-key': apiKey,
+      },
+    });
+
+    expect(response.statusCode).toEqual(413);
+  });
+
   test('unknown auth type', async () => {
     const { projectId } = await createTestProjectWithApiKey();