Skip to content

fix: trustless gateway returned blocks can be limited #791

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Jun 2, 2025

Conversation

SgtPooki
Copy link
Member

@SgtPooki SgtPooki commented May 13, 2025

  • fix: create utility function for limiting response bytes
  • fix: trustless gateway returned blocks can be limited

Title

fix: trustless gateway returned blocks can be limited

Description

Adds a new utility function limitedResponse that ensures the response body is less than a given byte limit.

This is done by:

  1. Validating that the content-length header is less than the limit, if not, an error is thrown.
  2. Consuming the response body until the limit is reached. If the response body is greater than the limit, an error is thrown.

Fixes #790

Notes & open questions

Change checklist

  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation if necessary (this includes comments as well)
  • I have added tests that prove my fix is effective or that my feature works

@SgtPooki SgtPooki requested a review from a team as a code owner May 13, 2025 16:26
@SgtPooki SgtPooki linked an issue May 13, 2025 that may be closed by this pull request
Copy link
Member Author

@SgtPooki SgtPooki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

self review

Copy link
Member

@achingbrain achingbrain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, a few nits inline.

use lowercase for logs; sentence case for error messages
@SgtPooki
Copy link
Member Author

FYI all of the requested changes have been made. lmk if I missed something. I'll look over all the code again now

Copy link
Member Author

@SgtPooki SgtPooki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

self review

* If the response contains a content-length header greater than the limit or the actual bytes returned are greater than
* the limit, an error is thrown.
*/
export async function limitedResponse (response: Response, byteLimit: number, options?: LimitedResponseOptions): Promise<Uint8Array> {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left the property name here as byteLimit but could change to maxSize if we want.. leaving for now

@SgtPooki SgtPooki merged commit 7a52e95 into main Jun 2, 2025
18 checks passed
@SgtPooki SgtPooki deleted the 790-heliahttp-configurable-maxblocksize branch June 2, 2025 14:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

helia/http: configurable MaxBlockSize
3 participants