Skip to content

Request size limiter#1410

Draft
zealsham wants to merge 1 commit intopayjoin:masterfrom
zealsham:body-limit
Draft

Request size limiter#1410
zealsham wants to merge 1 commit intopayjoin:masterfrom
zealsham:body-limit

Conversation

@zealsham
Copy link
Collaborator

@zealsham zealsham commented Mar 12, 2026
edited
Loading

This pr addresses #941, it implements a body size limit layer to reject request whose size is greater than 65536 bytes.

Pull Request Checklist

Please confirm the following before requesting review:

@coveralls
Copy link
Collaborator

coveralls commented Mar 12, 2026

Pull Request Test Coverage Report for Build 23002894803

Details

  • 60 of 60 (100.0%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.2%) to 83.965%
Totals Coverage Status
Change from base Build 22970378243: 0.2%
Covered Lines: 10729
Relevant Lines: 12778
💛 - Coveralls

@zealsham zealsham marked this pull request as draft March 12, 2026 18:21
spacebear21
spacebear21 reviewed Mar 13, 2026
View reviewed changes
payjoin-mailroom/src/lib.rs Outdated
.layer(axum::middleware::from_fn_with_state(metrics.clone(), track_metrics))
.layer(axum::middleware::from_fn_with_state(metrics, track_connections)),
.layer(axum::middleware::from_fn_with_state(metrics, track_connections))
.layer(RequestBodyLimitLayer::new(65_536)),
Copy link
Collaborator

@spacebear21 spacebear21 Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This value should be in a named constant. Also, a relevant PR we may want to revisit now: #1025

@zealsham zealsham mentioned this pull request Mar 16, 2026
Closed
@zealsham
Request size limiter
d3bcd0a 
This pr addresses payjoin#941, it implements a body size limit layer to
reject request whose size is greater than 7168. This also ensures
both v1 and v2 have the same request size which makes it hard for
an attacker to tell if a request is v1/v2 baed on payload.
@zealsham zealsham marked this pull request as ready for review March 18, 2026 23:55
@zealsham zealsham marked this pull request as draft March 18, 2026 23:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spacebear21 spacebear21 spacebear21 left review comments

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@zealsham @coveralls @spacebear21