feat(01-02): add request body size limits (1MB) to webhook and tag handlers

- Add maxBodyBytes constant (1 << 20 = 1 MB) - Add errors import to production file - Apply http.MaxBytesReader + errors.As(err, *http.MaxBytesError) pattern in: WebhookHandler, TagsHandler POST, TagAssignmentHandler PUT and DELETE - Return HTTP 413 RequestEntityTooLarge when body exceeds limit - Fix oversized body test strategy: use JSON prefix so decoder reads past limit (Rule 1 deviation: all-x body fails at byte 1 before MaxBytesReader triggers)
2026-03-23 21:20:52 +01:00
parent 311e91d3ff
commit 98dfd76e15
2 changed files with 54 additions and 16 deletions
--- a/pkg/diunwebhook/diunwebhook_test.go
+++ b/pkg/diunwebhook/diunwebhook_test.go
@@ -614,11 +614,12 @@ func TestGetUpdates_IncludesTag(t *testing.T) {
 }

 func TestWebhookHandler_OversizedBody(t *testing.T) {
-	// Generate a body that exceeds 1 MB (maxBodyBytes = 1<<20 = 1,048,576 bytes)
-	oversized := make([]byte, 1<<20+1)
-	for i := range oversized {
-		oversized[i] = 'x'
-	}
+	// Generate a body that exceeds 1 MB (maxBodyBytes = 1<<20 = 1,048,576 bytes).
+	// Use a valid JSON prefix so the decoder reads past the limit before failing,
+	// ensuring MaxBytesReader triggers a 413 rather than a JSON parse 400.
+	prefix := []byte(`{"image":"`)
+	padding := bytes.Repeat([]byte("x"), 1<<20+1)
+	oversized := append(prefix, padding...)
 	req := httptest.NewRequest(http.MethodPost, "/webhook", bytes.NewReader(oversized))
 	rec := httptest.NewRecorder()
 	diun.WebhookHandler(rec, req)
@@ -628,10 +629,9 @@ func TestWebhookHandler_OversizedBody(t *testing.T) {
 }

 func TestTagsHandler_OversizedBody(t *testing.T) {
-	oversized := make([]byte, 1<<20+1)
-	for i := range oversized {
-		oversized[i] = 'x'
-	}
+	prefix := []byte(`{"name":"`)
+	padding := bytes.Repeat([]byte("x"), 1<<20+1)
+	oversized := append(prefix, padding...)
 	req := httptest.NewRequest(http.MethodPost, "/api/tags", bytes.NewReader(oversized))
 	rec := httptest.NewRecorder()
 	diun.TagsHandler(rec, req)
@@ -641,10 +641,9 @@ func TestTagsHandler_OversizedBody(t *testing.T) {
 }

 func TestTagAssignmentHandler_OversizedBody(t *testing.T) {
-	oversized := make([]byte, 1<<20+1)
-	for i := range oversized {
-		oversized[i] = 'x'
-	}
+	prefix := []byte(`{"image":"`)
+	padding := bytes.Repeat([]byte("x"), 1<<20+1)
+	oversized := append(prefix, padding...)
 	req := httptest.NewRequest(http.MethodPut, "/api/tag-assignments", bytes.NewReader(oversized))
 	rec := httptest.NewRecorder()
 	diun.TagAssignmentHandler(rec, req)