security: add 100KB body size limit to prevent memory exhaustion #60

Merged

pook merged 2 commits from feature/body-size-limit into main 2026-04-09 06:13:32 -04:00

Conversation 1 Commits 2 Files changed 3 +89 -1

pook commented 2026-04-08 16:07:01 -04:00

Owner

Copy link

Summary

• Adds Hono bodyLimit middleware (100KB max) as the first middleware in the chain, rejecting oversized payloads with 413 before any parsing occurs
• Returns JSON error response { "error": "Payload Too Large — ..." } matching existing error format
• Includes 4 E2E tests: oversized payload rejection on generate + questionnaire endpoints, normal payload passthrough, and JSON format verification

Test plan

• Run bun test packages/api/tests/e2e/body-limit.test.ts against running API
• Confirm >100KB POST to /generate/privacy-policy returns 413
• Confirm normal-sized requests still work correctly
• Verify error response is JSON with { error: "..." } format

🤖 Generated with Claude Code

## Summary - Adds Hono `bodyLimit` middleware (100KB max) as the first middleware in the chain, rejecting oversized payloads with 413 before any parsing occurs - Returns JSON error response `{ "error": "Payload Too Large — ..." }` matching existing error format - Includes 4 E2E tests: oversized payload rejection on generate + questionnaire endpoints, normal payload passthrough, and JSON format verification ## Test plan - [ ] Run `bun test packages/api/tests/e2e/body-limit.test.ts` against running API - [ ] Confirm >100KB POST to `/generate/privacy-policy` returns 413 - [ ] Confirm normal-sized requests still work correctly - [ ] Verify error response is JSON with `{ error: "..." }` format 🤖 Generated with [Claude Code](https://claude.com/claude-code)

pook added 1 commit 2026-04-08 16:07:01 -04:00

security: add 100KB body size limit to prevent memory exhaustion ... 47a394d856

Adds Hono bodyLimit middleware as the first middleware in the chain,
rejecting payloads over 100KB with a 413 JSON error response before
any parsing occurs. Includes E2E tests confirming oversized payloads
are rejected and normal requests pass through.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

pook commented 2026-04-08 16:07:15 -04:00

Author

Owner

Copy link

⚠️ No Test Suite Detected

Commit: 0bde8afd

No test script found in package.json. Add a test script to enable automated testing.

## ⚠️ No Test Suite Detected **Commit:** `0bde8afd` No `test` script found in `package.json`. Add a test script to enable automated testing.

pook added 1 commit 2026-04-08 16:07:15 -04:00

feat: critical-security-without-a-request-body (agent task agent-ta) 0bde8afd99

pook referenced this pull request 2026-04-08 16:50:19 -04:00

Add request body size limit middleware to prevent memory exhaustion #70

pook referenced this pull request 2026-04-08 18:10:59 -04:00

Close duplicate request body size limit issues #70 and #59 #94

pook referenced this pull request 2026-04-08 20:34:38 -04:00

Close duplicate request body size limit issues — keep #70, close #59 #124

pook merged commit f15403cad2 into main 2026-04-09 06:13:32 -04:00

pook referenced this pull request from a commit 2026-04-09 06:13:34 -04:00

Merge pull request 'security: add 100KB body size limit to prevent memory exhaustion' (#60) from feature/body-size-limit into main

pook referenced this pull request 2026-04-09 06:15:40 -04:00

PR pipeline unblocked: 18 PRs merged, 48 remaining need rebase #254

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

agent-task

Task for autonomous agent execution

  

agent-task

Paperclip autonomous agent task

No labels

agent-task

agent-task

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pook/compliancebot!60

No description provided.