will/flynn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(gateway): enforce request body size limits

Browse Source
This commit is contained in:
William Valentin
2026-02-15 21:44:36 -08:00
parent 22959ea3aa
commit d93c1c9f8d
13 changed files with 270 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/gateway/server.test.ts
+65
View File
@@ -438,3 +438,68 @@ describe('GatewayServer HTTP auth', () => {
expect(res.headers.get('content-type')).toBe('text/html');
});
});
describe('GatewayServer request body limits', () => {
const BODY_PORT = 18896;
let bodyLimitServer: GatewayServer;
const gmailHandler = {
handlePushNotification: vi.fn(async () => {}),
};
beforeAll(async () => {
if (!LISTEN_ALLOWED) {
return;
}
bodyLimitServer = new GatewayServer({
port: BODY_PORT,
sessionManager: mockSessionManager as unknown as GatewayServerConfig['sessionManager'],
modelClient: mockModelClient,
systemPrompt: 'Test prompt',
toolRegistry: mockToolRegistry as unknown as GatewayServerConfig['toolRegistry'],
toolExecutor: mockToolExecutor as unknown as GatewayServerConfig['toolExecutor'],
gmailHandler: gmailHandler as unknown as GatewayServerConfig['gmailHandler'],
maxRequestBodyBytes: 64,
uiDir: resolve(import.meta.dirname, 'ui'),
});
await bodyLimitServer.start();
});
afterAll(async () => {
if (!LISTEN_ALLOWED) {
return;
}
await bodyLimitServer.stop();
});
it('accepts gmail push body under limit', async () => {
if (!LISTEN_ALLOWED) {
return;
}
gmailHandler.handlePushNotification.mockClear();
const body = JSON.stringify({ message: { data: 'abc' } });
const res = await fetch(`http://127.0.0.1:${BODY_PORT}/gmail/push`, {
method: 'POST',
body,
headers: { 'Content-Type': 'application/json' },
});
expect(res.status).toBe(200);
expect(gmailHandler.handlePushNotification).toHaveBeenCalledWith('abc');
});
it('rejects gmail push body over limit with 413', async () => {
if (!LISTEN_ALLOWED) {
return;
}
gmailHandler.handlePushNotification.mockClear();
const body = JSON.stringify({ message: { data: 'x'.repeat(2048) } });
const res = await fetch(`http://127.0.0.1:${BODY_PORT}/gmail/push`, {
method: 'POST',
body,
headers: { 'Content-Type': 'application/json' },
});
expect(res.status).toBe(413);
expect(gmailHandler.handlePushNotification).not.toHaveBeenCalled();
});
});