[backend] Limit node-fetch responses to a reasonable length in all places

2024-11-21 09:27:31 -07:00 · 2024-07-28 19:15:37 +02:00 · 2024-07-28 19:15:37 +02:00 · 630d6bdbe5
commit 630d6bdbe5
parent 5c659b1306
5 changed files with 11 additions and 2 deletions
--- a/packages/backend/src/misc/fetch.ts
+++ b/packages/backend/src/misc/fetch.ts
@ -88,7 +88,6 @@ export async function getResponse(args: {
 	body?: string;
 	headers: Record<string, string>;
 	timeout?: number;
-	size?: number;
 	redirect?: RequestRedirect;
 }) {
 	const timeout = args.timeout || 10 * 1000;
@ -103,7 +102,7 @@ export async function getResponse(args: {
 		headers: args.headers,
 		body: args.body,
 		timeout,
-		size: args.size || 10 * 1024 * 1024,
+		size: 10 * 1024 * 1024,
 		agent: getAgentByUrl,
 		signal: controller.signal,
 		redirect: args.redirect
--- a/packages/backend/src/remote/activitypub/models/person.ts
+++ b/packages/backend/src/remote/activitypub/models/person.ts
@ -56,6 +56,8 @@ import {
 import { RecursionLimiter } from "@/models/repositories/user-profile.js";
 import { UserConverter } from "@/server/api/mastodon/converters/user.js";

+import fetch from "node-fetch";
+
 const logger = apLogger;

 const nameLength = 128;
@ -271,6 +273,7 @@ export async function createPerson(
 		try {
 			let data = await fetch(person.followers, {
 				headers: { Accept: "application/json" },
+				size: 1024 * 1024
 			});
 			let json_data = JSON.parse(await data.text());

@ -286,6 +289,7 @@ export async function createPerson(
 		try {
 			let data = await fetch(person.following, {
 				headers: { Accept: "application/json" },
+				size: 1024 * 1024
 			});
 			let json_data = JSON.parse(await data.text());

@ -529,6 +533,7 @@ export async function updatePerson(
 		try {
 			let data = await fetch(person.followers, {
 				headers: { Accept: "application/json" },
+				size: 1024 * 1024
 			});
 			let json_data = JSON.parse(await data.text());

@ -544,6 +549,7 @@ export async function updatePerson(
 		try {
 			let data = await fetch(person.following, {
 				headers: { Accept: "application/json" },
+				size: 1024 * 1024
 			});
 			let json_data = JSON.parse(await data.text());

--- a/packages/backend/src/server/api/endpoints/notes/translate.ts
+++ b/packages/backend/src/server/api/endpoints/notes/translate.ts
@ -81,6 +81,7 @@ export default define(meta, paramDef, async (ps, user) => {
 			},
 			body: JSON.stringify(jsonBody),
 			agent: getAgentByUrl,
+			size: 10 * 1024 * 1024
 		});

 		const json = (await res.json()) as {
@ -114,6 +115,7 @@ export default define(meta, paramDef, async (ps, user) => {
 			Accept: "application/json, */*",
 		},
 		body: params,
+		size: 10 * 1024 * 1024,
 		// TODO
 		//timeout: 10000,
 		agent: getAgentByUrl,
--- a/packages/backend/src/services/fetch-instance-metadata.ts
+++ b/packages/backend/src/services/fetch-instance-metadata.ts
@ -199,6 +199,7 @@ async function fetchFaviconUrl(
 		// TODO
 		//timeout: 10000,
 		agent: getAgentByUrl,
+		size: 1024 * 1024
 	});

 	if (favicon.ok) {
--- a/packages/backend/test/utils.ts
+++ b/packages/backend/test/utils.ts
@ -85,6 +85,7 @@ export const request = async (
 		headers: {
 			"Content-Type": "application/json",
 		},
+		size: 10 * 1024 * 1024,
 		body: JSON.stringify(Object.assign(auth, params)),
 	});