From 99dc4dccac126b0ee14fae256d4ac2c21c9da4e6 Mon Sep 17 00:00:00 2001
From: root <root@DESKTOP-V9DGVF3.localdomain>
Date: Tue, 20 Jan 2026 22:14:38 +0400
Subject: [PATCH] fix: limit http response size to 10MB to prevent DoS

---
 src/server/client.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/server/client.rs b/src/server/client.rs
index 699db58..ce9faec 100644
--- a/src/server/client.rs
+++ b/src/server/client.rs
@@ -98,8 +98,8 @@ impl Client {
             }
         }
 
-        // Read body
-        reader.read_to_string(&mut response)?;
+        // Read body with 10MB limit
+        reader.take(10 * 1024 * 1024).read_to_string(&mut response)?;
 
         let search_response: SearchResponse =
             serde_json::from_str(&response).context("Failed to parse server response")?;
@@ -146,8 +146,8 @@ impl Client {
             }
         }
 
-        // Read body
-        reader.read_to_string(&mut response)?;
+        // Read body with 10MB limit
+        reader.take(10 * 1024 * 1024).read_to_string(&mut response)?;
 
         let embed_response: EmbedBatchResponse =
             serde_json::from_str(&response).context("Failed to parse server response")?;