Skip to content

feat: Add comprehensive resource protection to database schemas #134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 27, 2025
Merged

feat: Add comprehensive resource protection to database schemas #134

merged 1 commit into from
Sep 27, 2025

Conversation

@rmolinamir
Copy link
Contributor

@rmolinamir rmolinamir commented Sep 27, 2025

Overview

This PR implements comprehensive resource protection across all database schemas to prevent resource exhaustion attacks as outlined in #39.

Changes

Resource Protection Implementation

  • Database-level constraints: Added CHECK constraints for large text/JSONB fields
  • Varchar length limits: Applied appropriate length limits to all text fields
  • Constants-based approach: Replaced magic numbers with well-documented constants

Resource Limits Applied

  • Text chunks: 1MB maximum (document embeddings)
  • Block data: 10MB maximum (JSONB content)
  • JSONB metadata: 1MB maximum (task metadata, usage events)
  • Page children arrays: 10,000 blocks maximum
  • String fields: Appropriate length limits for names, emails, URLs, etc.

Files Modified

  • Created with centralized limits
  • Updated all database schemas to use constants instead of magic numbers
  • Added CHECK constraints for large content fields
  • Applied varchar length limits across all tables

Security Impact

  • Prevents users from creating extremely large journal entries
  • Prevents users from creating pages with millions of blocks
  • Prevents users from creating extremely large AI prompts
  • Protects against resource exhaustion attacks

Technical Details

  • Uses PostgreSQL CHECK constraints for reliable enforcement
  • Constants are well-documented and maintainable
  • No breaking changes to existing functionality
  • All limits are reasonable for normal usage

Closes #39

@rmolinamir
feat: add comprehensive resource protection to database schemas
619718f 
- Add resource limits constants to prevent resource exhaustion attacks
- Implement database-level CHECK constraints for large text/JSONB fields
- Add varchar length limits for all text fields across all schemas
- Replace magic numbers with well-documented constants
- Protect against large journal entries, pages, and AI prompts

Resource limits implemented:
- Text chunks: 1MB max
- Block data: 10MB max
- JSONB metadata: 1MB max
- Page children arrays: 10,000 blocks max
- Various varchar fields with appropriate length limits

Addresses: #39
@rmolinamir rmolinamir self-assigned this Sep 27, 2025
@rmolinamir
Copy link
Contributor Author

rmolinamir commented Sep 27, 2025

Ran CI locally, everything is passing.

@rmolinamir rmolinamir merged commit 0ae08be into main Sep 27, 2025
0 of 3 checks passed
@rmolinamir rmolinamir deleted the feature/resource-protection-limits branch September 27, 2025 02:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jorgebaralt jorgebaralt Awaiting requested review from jorgebaralt

Assignees

@rmolinamir rmolinamir

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[SECURITY] Add guards against resource attacks before going to prod

2 participants

@rmolinamir