From 916f00482283e64ffed8c88f66be36abfa990c42 Mon Sep 17 00:00:00 2001
From: Cho Young-Hwi <cyh76507707@gmail.com>
Date: Fri, 24 Apr 2026 08:41:53 +0900
Subject: [PATCH 1/2] [#965] Add 50KB fallback content size limit on indexer
 endpoints

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 package-lock.json                    | 4 ++--
 package.json                         | 2 +-
 src/app/api/index/plot/route.ts      | 3 +++
 src/app/api/index/storyline/route.ts | 3 +++
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 59f987aa..443ba0b0 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "plotlink",
-  "version": "0.1.52",
+  "version": "0.1.53",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "plotlink",
-      "version": "0.1.52",
+      "version": "0.1.53",
       "workspaces": [
         "packages/*"
       ],
diff --git a/package.json b/package.json
index 4820407f..fb7002aa 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "plotlink",
-  "version": "0.1.52",
+  "version": "0.1.53",
   "private": true,
   "workspaces": [
     "packages/*"
diff --git a/src/app/api/index/plot/route.ts b/src/app/api/index/plot/route.ts
index 5e5415cd..c2561692 100644
--- a/src/app/api/index/plot/route.ts
+++ b/src/app/api/index/plot/route.ts
@@ -30,6 +30,9 @@ export async function POST(req: Request) {
   const body = await req.json();
   const txHash = body.txHash as Hex | undefined;
   const fallbackContent = body.content as string | undefined;
+  if (fallbackContent && fallbackContent.length > 50_000) {
+    return error("Fallback content too large", 400);
+  }
 
   if (!txHash || !/^0x[0-9a-fA-F]{64}$/.test(txHash)) {
     return error("Missing or invalid txHash");
diff --git a/src/app/api/index/storyline/route.ts b/src/app/api/index/storyline/route.ts
index bd336bf4..1c2fc30e 100644
--- a/src/app/api/index/storyline/route.ts
+++ b/src/app/api/index/storyline/route.ts
@@ -33,6 +33,9 @@ export async function POST(req: Request) {
   const body = await req.json();
   const txHash = body.txHash as Hex | undefined;
   const fallbackContent = body.content as string | undefined;
+  if (fallbackContent && fallbackContent.length > 50_000) {
+    return error("Fallback content too large", 400);
+  }
   const rawGenre = body.genre as string | undefined;
   const rawLanguage = body.language as string | undefined;
   const genre = rawGenre && (GENRES as readonly string[]).includes(rawGenre) ? rawGenre : null;

From be85e2cb2cfc931434dda2648ea1d9ee8c7d69e4 Mon Sep 17 00:00:00 2001
From: Cho Young-Hwi <cyh76507707@gmail.com>
Date: Fri, 24 Apr 2026 08:43:04 +0900
Subject: [PATCH 2/2] [#965] Measure fallback content size in bytes via
 TextEncoder

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/app/api/index/plot/route.ts      | 2 +-
 src/app/api/index/storyline/route.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/app/api/index/plot/route.ts b/src/app/api/index/plot/route.ts
index c2561692..d5ebcde1 100644
--- a/src/app/api/index/plot/route.ts
+++ b/src/app/api/index/plot/route.ts
@@ -30,7 +30,7 @@ export async function POST(req: Request) {
   const body = await req.json();
   const txHash = body.txHash as Hex | undefined;
   const fallbackContent = body.content as string | undefined;
-  if (fallbackContent && fallbackContent.length > 50_000) {
+  if (fallbackContent && new TextEncoder().encode(fallbackContent).byteLength > 50_000) {
     return error("Fallback content too large", 400);
   }
 
diff --git a/src/app/api/index/storyline/route.ts b/src/app/api/index/storyline/route.ts
index 1c2fc30e..922ae65d 100644
--- a/src/app/api/index/storyline/route.ts
+++ b/src/app/api/index/storyline/route.ts
@@ -33,7 +33,7 @@ export async function POST(req: Request) {
   const body = await req.json();
   const txHash = body.txHash as Hex | undefined;
   const fallbackContent = body.content as string | undefined;
-  if (fallbackContent && fallbackContent.length > 50_000) {
+  if (fallbackContent && new TextEncoder().encode(fallbackContent).byteLength > 50_000) {
     return error("Fallback content too large", 400);
   }
   const rawGenre = body.genre as string | undefined;