Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions backend/src/__tests__/errorHandling.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,25 @@ describe('Centralized Error Handling', () => {
});
});

describe('Request Payload Size Limit', () => {
it('should return 413 when payload exceeds the configured limit', async () => {
// Create a payload larger than 100kb
const largePayload = {
data: 'x'.repeat(1024 * 150), // 150kb string
};

const response = await request(app)
.post('/api/simulate')
.set('Authorization', authHeader)
.send(largePayload);

expect(response.status).toBe(413);
expect(response.body.success).toBe(false);
expect(response.body.error.code).toBe('VALIDATION_ERROR');
expect(response.body.error.message).toMatch(/payload too large/i);
});
});

/* ── Consistent JSON structure ────────────────────────────── */

describe('Response structure consistency', () => {
Expand Down
3 changes: 2 additions & 1 deletion backend/src/app.ts
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,8 @@ const corsOptions: cors.CorsOptions = {

app.use(cors(corsOptions));
app.use(compression());
app.use(express.json());
// Explicit request body size limit set to 100kb to mitigate payload-based DoS and unbounded audit log writes.
app.use(express.json({ limit: '100kb' }));
app.use(globalRateLimiter);
app.use(requestIdMiddleware);
app.use(requestLogger);
Expand Down
13 changes: 13 additions & 0 deletions backend/src/middleware/errorHandler.ts
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,19 @@ export const errorHandler = (
return;
}

// ── Payload Too Large (body-parser) ────────────────────────
if ('type' in err && (err as { type?: string }).type === 'entity.too.large') {
res.status(413).json({
success: false,
message: 'Request payload too large',
error: {
code: ErrorCode.VALIDATION_ERROR, // Or a dedicated code if defined
message: 'Request payload too large',
},
});
return;
}

// ── Unexpected / Programming Errors ──────────────────────────
logger.error('Unhandled error', {
requestId: req.requestId,
Expand Down
Loading