Merged
Conversation
|
@KAMALDEEN333 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
A6dulmalik
approved these changes
Mar 26, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implemented the Request Body Size Limit Middleware for DoS Prevention
Member
Labels: middleware, security, performance, high-priority
Description:
Implement request body size limiting to prevent denial-of-service attacks through large payload submissions.
Requirements:
Set maximum request body size limits per endpoint type
Different limits for different content types:
JSON payloads: 1MB default
File uploads: 50MB for images, 100MB for documents
Text content: 100KB
Form data: 10MB
Reject requests exceeding size limits before reading full body
Return 413 Payload Too Large with clear message
Support custom size limits per route
Handle multipart form data appropriately
Prevent memory exhaustion from large payloads
Support streaming for large file uploads
Log oversized request attempts for security monitoring
Acceptance Criteria:
Requests exceeding size limits rejected early (before full read)
413 status code returned with clear size limit information
Memory usage protected from large payload attacks
Different endpoints have appropriate size limits
File uploads handle large files via streaming
Size limit headers included in error responses
No false positives for legitimate large uploads
Configuration via environment variables
Protection against zip bomb and decompression attacks
Multipart boundaries properly validated
Size Limits by Endpoint Type:
Standard API requests (JSON): 1MB
Puzzle creation (with images): 10MB
File uploads (images): 50MB
File uploads (documents): 100MB
Profile picture upload: 5MB
Bulk operations: 20MB
Webhook payloads: 5MB
Error Response:
{
statusCode: 413,
errorCode: "PAYLOAD_TOO_LARGE",
message: "Request body exceeds maximum size of 1MB",
maxSize: 1048576 (bytes),
receivedSize: 2097152 (bytes)
}
Security Considerations:
Prevent slowloris attacks (slow request body sending)
Reject malformed multipart boundaries
Validate file types match declared content-type
Prevent nested compression attacks
closes #320