Skip to content

fix: enforce 100kb payload limit on express.json and handle 413s#1288

Open
SharifIbrahimDev wants to merge 1 commit into
LabsCrypt:mainfrom
SharifIbrahimDev:fix/request-size-limit
Open

fix: enforce 100kb payload limit on express.json and handle 413s#1288
SharifIbrahimDev wants to merge 1 commit into
LabsCrypt:mainfrom
SharifIbrahimDev:fix/request-size-limit

Conversation

@SharifIbrahimDev

Copy link
Copy Markdown

Closes #1184

What does this PR do?

This PR enforces an explicit 100kb payload size limit on express.json() and correctly handles resulting entity.too.large errors so they return a structured 413 response rather than defaulting to an unhandled 500 error.

Description

  • Explicit Size Limit: Added an explicit { limit: '100kb' } configuration to express.json() in app.ts. This protects the application and audit logs from unbounded payload sizes, while remaining more than generous enough to accommodate legitimate signed transaction payloads.
  • Centralized Error Handling: Updated errorHandler.ts to natively catch entity.too.large errors emitted by body-parser and translate them into standard 413 Payload Too Large responses with the VALIDATION_ERROR code.
  • Test Coverage: Added an integration test in errorHandling.test.ts to assert that a 150kb payload correctly trips the limit and returns the structured 413 error.
  • Documentation: Added inline comments describing the rationale behind the payload limit in app.ts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Backend] No explicit request body-size limit configured on express.json(); relies on undocumented 100kb default with no 413 handling test

1 participant