fix: enforce 100kb payload limit on express.json and handle 413s#1288
Conversation
|
the payload-limit code is correct: express.json({ limit: "100kb" }) in app.ts, and errorHandler returns a structured 413 on entity.too.large, placed before the generic 500 so the body-parser error reaches it. the errorHandling suite passes 15/15 including the new over-limit test, and the app never uses urlencoded parsing so there's no gap there. two things:
rebase + drop the md and this is good. if you want to keep contributing, join us on Telegram: https://t.me/+DOylgFv1jyJlNzM0 |
81ec92b to
f0bcb14
Compare
f0bcb14 to
cf94fac
Compare
ogazboiz
left a comment
There was a problem hiding this comment.
payload-limit fix is right: express.json({ limit: "100kb" }) plus the structured 413 in errorHandler placed before the generic 500, and the errorHandling test covers the over-limit case. the stray pr_body is gone and it's rebased green. merging.
if you want to keep contributing, join us on Telegram: https://t.me/+DOylgFv1jyJlNzM0
Closes #1184
What does this PR do?
This PR enforces an explicit 100kb payload size limit on
express.json()and correctly handles resultingentity.too.largeerrors so they return a structured 413 response rather than defaulting to an unhandled 500 error.Description
{ limit: '100kb' }configuration toexpress.json()inapp.ts. This protects the application and audit logs from unbounded payload sizes, while remaining more than generous enough to accommodate legitimate signed transaction payloads.errorHandler.tsto natively catchentity.too.largeerrors emitted bybody-parserand translate them into standard413 Payload Too Largeresponses with theVALIDATION_ERRORcode.errorHandling.test.tsto assert that a 150kb payload correctly trips the limit and returns the structured413error.app.ts.