fix: Ensure we drain the request data stream completely, even if we realize it is too large (serverpod#3291)

Author: nielsenko

packages/serverpod/lib/src/server/server.dart

@@ -428,16 +428,25 @@ class Server {
   }
 
   Future<String> _readBody(HttpRequest request) async {
-    var builder = BytesBuilder();
+    var builder = BytesBuilder(copy: false);
     var len = 0;
-    await for (var segment in request) {
-      len += segment.length;
-      if (len > serverpod.config.maxRequestSize) {
-        throw _RequestTooLargeException(serverpod.config.maxRequestSize);
+    var maxRequestSize = serverpod.config.maxRequestSize;
+    var tooLargeForSure = request.contentLength > maxRequestSize;
+    if (!tooLargeForSure) {
+      await for (var segment in request) {
+        if (tooLargeForSure) continue; // always drain request, if reading begun
+        len += segment.length;
+        tooLargeForSure = len > maxRequestSize;
+        builder.add(segment);
       }
-      builder.add(segment);
     }
-    return const Utf8Decoder().convert(builder.toBytes());
+    if (tooLargeForSure) {
+      // We defer raising the exception until we have drained the request stream
+      // This is a workaround for https://github.com/dart-lang/sdk/issues/60271
+      // and fixes: https://github.com/serverpod/serverpod/issues/3213 for us.
+      throw _RequestTooLargeException(maxRequestSize);
+    }
+    return const Utf8Decoder().convert(builder.takeBytes());
   }
 
   Future<Result> _handleUriCall(

tests/serverpod_test_client/lib/src/protocol/client.dart

@@ -3064,6 +3064,27 @@ class EndpointAuthenticatedTestTools extends _i1.EndpointRef {
       );
 }
 
+/// {@category Endpoint}
+class EndpointUpload extends _i1.EndpointRef {
+  EndpointUpload(_i1.EndpointCaller caller) : super(caller);
+
+  @override
+  String get name => 'upload';
+
+  _i2.Future<bool> uploadByteData(
+    String path,
+    _i4.ByteData data,
+  ) =>
+      caller.callServerEndpoint<bool>(
+        'upload',
+        'uploadByteData',
+        {
+          'path': path,
+          'data': data,
+        },
+      );
+}
+
 /// {@category Endpoint}
 class EndpointMyFeature extends _i1.EndpointRef {
   EndpointMyFeature(_i1.EndpointCaller caller) : super(caller);
@@ -3167,6 +3188,7 @@ class Client extends _i1.ServerpodClientShared {
     subDirTest = EndpointSubDirTest(this);
     testTools = EndpointTestTools(this);
     authenticatedTestTools = EndpointAuthenticatedTestTools(this);
+    upload = EndpointUpload(this);
     myFeature = EndpointMyFeature(this);
     modules = Modules(this);
   }
@@ -3260,6 +3282,8 @@ class Client extends _i1.ServerpodClientShared {
 
   late final EndpointAuthenticatedTestTools authenticatedTestTools;
 
+  late final EndpointUpload upload;
+
   late final EndpointMyFeature myFeature;
 
   late final Modules modules;
@@ -3310,6 +3334,7 @@ class Client extends _i1.ServerpodClientShared {
         'subDirTest': subDirTest,
         'testTools': testTools,
         'authenticatedTestTools': authenticatedTestTools,
+        'upload': upload,
         'myFeature': myFeature,
       };
 

tests/serverpod_test_server/lib/src/endpoints/upload_too_large.dart

@@ -0,0 +1,14 @@
+import 'dart:typed_data';
+
+import 'package:serverpod/serverpod.dart';
+
+class UploadEndpoint extends Endpoint {
+  Future<bool> uploadByteData(
+    Session session,
+    String path,
+    ByteData data,
+  ) async {
+    print('path: "$path", lengthInBytes: ${data.lengthInBytes}');
+    return true;
+  }
+}