Skip to content

feat(console): enforce 10mb request body limit on zen api#35237

Open
StarpTech wants to merge 2 commits into
devfrom
zen-body-limit
Open

feat(console): enforce 10mb request body limit on zen api#35237
StarpTech wants to merge 2 commits into
devfrom
zen-body-limit

Conversation

@StarpTech

Copy link
Copy Markdown
Contributor

Caps zen API request bodies at 10MB so callers cannot exhaust console resources with arbitrarily large context payloads.

Summary

  • Add readJsonBody that rejects on declared content-length before reading, then counts bytes while consuming the stream since chunked requests can omit or understate the header
  • Apply the cap in the shared zen handler, covering all /zen/v1/* and /zen/go/* routes across all billing sources
  • Return a structured, localized 413 response via a new BodyLimitError
  • Add tests for boundary sizes, chunked streams without content-length, and multi-byte characters split across chunks

@github-actions github-actions Bot added contributor needs:compliance This means the issue will auto-close after 2 hours. labels Jul 3, 2026
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

This PR doesn't fully meet our contributing guidelines and PR template.

What needs to be fixed:

  • PR description is missing required template sections. Please use the PR template.

Please edit this PR description to address the above within 2 hours, or it will be automatically closed.

If you believe this was flagged incorrectly, please let a maintainer know.

@github-actions github-actions Bot removed the needs:compliance This means the issue will auto-close after 2 hours. label Jul 3, 2026
@github-actions github-actions Bot added needs:compliance This means the issue will auto-close after 2 hours. and removed needs:compliance This means the issue will auto-close after 2 hours. labels Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant