pook/compliancebot
1
0
Fork 0
Code Issues 1.1k Pull requests 82 Projects Releases Packages Wiki Activity Actions

Add body size limit tests for >1MB payloads on generate endpoints #446

Open
pook wants to merge 50 commits from fix/body-limit-1mb-test into main
pull from: fix/body-limit-1mb-test
merge into: pook:main
Conversation 1 Commits 50 Files changed 59 +5765 -51
pook commented 2026-04-10 16:07:43 -04:00
Owner
Copy link

Summary

  • The global bodyLimit middleware (100KB, in packages/api/src/index.ts:34-45) already rejects payloads exceeding 1MB with 413
  • Added explicit >1MB payload tests for all three /generate/* routes: privacy-policy, terms-of-service, and data-processing-agreement
  • Kept the stricter 100KB limit rather than relaxing to 1MB — the task's intent (prevent multi-GB payloads) is already satisfied

Test plan

  • Run bun test packages/api/tests/e2e/body-limit.test.ts with the API server running
  • Verify all 7 body-limit tests pass (4 existing + 3 new)
  • Confirm normal-sized requests still work

🤖 Generated with Claude Code

## Summary - The global `bodyLimit` middleware (100KB, in `packages/api/src/index.ts:34-45`) already rejects payloads exceeding 1MB with 413 - Added explicit >1MB payload tests for all three `/generate/*` routes: privacy-policy, terms-of-service, and data-processing-agreement - Kept the stricter 100KB limit rather than relaxing to 1MB — the task's intent (prevent multi-GB payloads) is already satisfied ## Test plan - [ ] Run `bun test packages/api/tests/e2e/body-limit.test.ts` with the API server running - [ ] Verify all 7 body-limit tests pass (4 existing + 3 new) - [ ] Confirm normal-sized requests still work 🤖 Generated with [Claude Code](https://claude.com/claude-code)
Add >1MB payload tests for all generate endpoints
Some checks are pending
CI Quality Gate / Lint / Typecheck / Test / Build (pull_request) Waiting to run
Details
3bbb9ca5e2 
The global bodyLimit middleware (100KB) already rejects payloads exceeding
1MB. These tests explicitly verify 413 responses for >1MB payloads on
each /generate/* route: privacy-policy, terms-of-service, and
data-processing-agreement.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
feat: issue #443 the-apigenerate-endpoints-accept-request (agent task liancebot443)
Some checks failed
CI Quality Gate / Lint / Typecheck / Test / Build (pull_request) Has been cancelled
Details
380e59748c
pook commented 2026-04-10 17:18:38 -04:00
Author
Owner
Copy link

Code Review — PR #446: Body size limit tests for >1MB payloads

Typecheck: PASS (npx tsc --noEmit)

Code Review Findings

Coverage of all three generate endpoints:

  • /generate/privacy-policy — tested
  • /generate/terms-of-service — tested
  • /generate/data-processing-agreement — tested

Boundary conditions:

  • All three tests use 1024 * 1024 + 1 (1MB + 1 byte) — this is slightly over 1MB
  • Missing: exactly-1MB boundary test — no test for a payload of exactly 1,048,576 bytes to verify behavior at the boundary
  • Missing: way over test — no test for e.g. 10MB payloads. While the existing limit is 100KB (so 1MB+ is already way over the actual limit), a very large payload test would verify no OOM or hang behavior.
  • Existing tests already cover the 100KB boundary (just over, just under)

Implementation note: The PR description correctly identifies that the actual bodyLimit middleware is set to 100KB, not 1MB. The 1MB tests pass because 100KB < 1MB — any payload over 100KB is already rejected. The tests are valid but the title is slightly misleading since 100KB is the real limit.

Code quality: Tests follow existing patterns, proper type assertions on response body. No issues.

Issues

  1. Medium: Missing exact-boundary test at the real 100KB limit
  2. Low: All three endpoint tests are copy-pasted with only the URL changed. Consider a describe.each or loop to reduce duplication.
  3. Low: bun.lock changes are unrelated dependency resolution noise — should ideally be in a separate commit

Verdict: Approve — tests are valid and add meaningful coverage

Reviewed by Claude Code

## Code Review — PR #446: Body size limit tests for >1MB payloads ### Typecheck: PASS (npx tsc --noEmit) ### Code Review Findings **Coverage of all three generate endpoints**: - `/generate/privacy-policy` — tested - `/generate/terms-of-service` — tested - `/generate/data-processing-agreement` — tested **Boundary conditions**: - All three tests use `1024 * 1024 + 1` (1MB + 1 byte) — this is slightly over 1MB - **Missing: exactly-1MB boundary test** — no test for a payload of exactly 1,048,576 bytes to verify behavior at the boundary - **Missing: way over test** — no test for e.g. 10MB payloads. While the existing limit is 100KB (so 1MB+ is already way over the actual limit), a very large payload test would verify no OOM or hang behavior. - Existing tests already cover the 100KB boundary (just over, just under) **Implementation note**: The PR description correctly identifies that the actual `bodyLimit` middleware is set to 100KB, not 1MB. The 1MB tests pass because 100KB < 1MB — any payload over 100KB is already rejected. The tests are valid but the title is slightly misleading since 100KB is the real limit. **Code quality**: Tests follow existing patterns, proper type assertions on response body. No issues. ### Issues 1. **Medium**: Missing exact-boundary test at the real 100KB limit 2. **Low**: All three endpoint tests are copy-pasted with only the URL changed. Consider a `describe.each` or loop to reduce duplication. 3. **Low**: `bun.lock` changes are unrelated dependency resolution noise — should ideally be in a separate commit ### Verdict: Approve — tests are valid and add meaningful coverage Reviewed by Claude Code
Some checks failed
CI Quality Gate / Lint / Typecheck / Test / Build (pull_request) Has been cancelled
Details
This pull request has changes conflicting with the target branch.
  • .forgejo/workflows/ci.yml
  • bun.lock
  • package.json
  • packages/api/src/db/schema.ts
  • packages/api/src/index.ts
  • packages/api/src/middleware/rate-limit.ts
  • packages/api/src/middleware/security-headers.ts
  • packages/api/src/routes/generate-tos.ts
  • packages/api/src/routes/generate.ts
  • packages/api/src/routes/health.ts
  • packages/api/src/routes/questionnaire.ts
  • packages/api/src/services/document-generator.ts
  • packages/api/src/services/llm.ts
  • packages/api/src/templates/index.ts
  • packages/api/tsconfig.json
  • packages/shared/src/types.ts
  • packages/web/src/app/questionnaire/page.tsx
  • packages/web/src/components/documents/DocumentList.tsx
  • packages/web/src/components/questionnaire/ReviewStep.tsx
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin fix/body-limit-1mb-test:fix/body-limit-1mb-test
git switch fix/body-limit-1mb-test
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
agent-task

Task for autonomous agent execution

  
agent-task

Paperclip autonomous agent task

No labels
agent-task
agent-task
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
pook/compliancebot!446
No description provided.