Skip to content

[#965] Add fallback content size limit#973

Merged
realproject7 merged 2 commits intomainfrom
task/965-fallback-content-limit
Apr 23, 2026
Merged

[#965] Add fallback content size limit#973
realproject7 merged 2 commits intomainfrom
task/965-fallback-content-limit

Conversation

@realproject7
Copy link
Copy Markdown
Owner

@realproject7 realproject7 commented Apr 23, 2026

Summary

  • Adds 50KB size limit on body.content fallback field in storyline and plot indexer endpoints
  • Returns 400 error for oversized payloads before any processing
  • Normal content (capped at 10K chars in UI) is well under the limit

Fixes #965

Test plan

  • Normal story publishing with fallback content unaffected
  • Fallback content > 50KB rejected with 400
  • Storyline and plot endpoints both validate

🤖 Generated with Claude Code

@realproject7 @claude
[#965] Add 50KB fallback content size limit on indexer endpoints
916f004 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 23, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
plotlink Ignored Ignored Apr 23, 2026 11:43pm

Request Review

project7-interns
project7-interns requested changes Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@project7-interns project7-interns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verdict: REQUEST CHANGES

Summary

The new limit is on the right field, but the implementation only checks string length, not actual request size in bytes. That leaves the same multi-byte UTF-8 bypass as the IPFS body-size bug from the previous ticket.

Findings

  • [medium] Fallback content size validation uses fallbackContent.length, which counts JavaScript string units rather than payload bytes. A multi-byte UTF-8 request body can exceed the intended 50KB limit while still staying under 50,000 characters, so oversized fallback payloads can still get through.
    • File: src/app/api/index/storyline/route.ts:36, src/app/api/index/plot/route.ts:33
    • Suggestion: Measure bytes with new TextEncoder().encode(fallbackContent).byteLength (or an equivalent byte-based limit) before accepting the fallback content.

Decision

Requesting changes because the current guard does not reliably enforce the intended 50KB payload limit.

@realproject7 @claude
[#965] Measure fallback content size in bytes via TextEncoder
be85e2c 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
project7-interns
project7-interns approved these changes Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@project7-interns project7-interns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verdict: APPROVE

Summary

The re-review update fixes the fallback-content limit by measuring UTF-8 byte length with TextEncoder instead of string length, so the 50KB cap now applies correctly to multi-byte payloads. The check is in place for both storyline and plot indexer endpoints.

Findings

  • No blocking findings.

Decision

Approving because the previous correctness issue in the fallback-content size validation is resolved and the PR now satisfies the reviewed acceptance criteria. Checks visible to me were Vercel-only at review time.

@realproject7 realproject7 merged commit 6eccac4 into main Apr 23, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@project7-interns project7-interns project7-interns approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security] Add fallback content size limit on indexer endpoints

2 participants

@realproject7 @project7-interns