@smithers-orchestrator/server 0.20.0 → 0.20.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +13 -13
  2. package/src/gateway.js +17 -4
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@smithers-orchestrator/server",
3
- "version": "0.20.0",
3
+ "version": "0.20.1",
4
4
  "description": "HTTP, WebSocket, gateway, cron, webhook, and metrics servers for Smithers",
5
5
  "type": "module",
6
6
  "sideEffects": false,
@@ -26,24 +26,24 @@
26
26
  "effect": "^3.21.1",
27
27
  "hono": "^4.12.14",
28
28
  "ws": "^8.20.0",
29
- "@smithers-orchestrator/engine": "0.20.0",
30
- "@smithers-orchestrator/driver": "0.20.0",
31
- "@smithers-orchestrator/db": "0.20.0",
32
- "@smithers-orchestrator/gateway": "0.20.0",
33
- "@smithers-orchestrator/protocol": "0.20.0",
34
- "@smithers-orchestrator/observability": "0.20.0",
35
- "@smithers-orchestrator/errors": "0.20.0",
36
- "@smithers-orchestrator/scheduler": "0.20.0",
37
- "@smithers-orchestrator/components": "0.20.0",
38
- "@smithers-orchestrator/time-travel": "0.20.0",
39
- "@smithers-orchestrator/devtools": "0.20.0"
29
+ "@smithers-orchestrator/components": "0.20.1",
30
+ "@smithers-orchestrator/db": "0.20.1",
31
+ "@smithers-orchestrator/devtools": "0.20.1",
32
+ "@smithers-orchestrator/driver": "0.20.1",
33
+ "@smithers-orchestrator/engine": "0.20.1",
34
+ "@smithers-orchestrator/errors": "0.20.1",
35
+ "@smithers-orchestrator/observability": "0.20.1",
36
+ "@smithers-orchestrator/gateway": "0.20.1",
37
+ "@smithers-orchestrator/protocol": "0.20.1",
38
+ "@smithers-orchestrator/scheduler": "0.20.1",
39
+ "@smithers-orchestrator/time-travel": "0.20.1"
40
40
  },
41
41
  "devDependencies": {
42
42
  "@types/bun": "latest",
43
43
  "react": "^19.2.5",
44
44
  "typescript": "~5.9.3",
45
45
  "zod": "^4.3.6",
46
- "@smithers-orchestrator/graph": "0.20.0"
46
+ "@smithers-orchestrator/graph": "0.20.1"
47
47
  },
48
48
  "scripts": {
49
49
  "test": "bun test tests",
package/src/gateway.js CHANGED
@@ -1076,6 +1076,22 @@ function parseJsonBuffer(body, description) {
1076
1076
  throw new SmithersError("INVALID_INPUT", `${description} must be valid JSON.`, undefined, { cause: error });
1077
1077
  }
1078
1078
  }
1079
+ /**
1080
+ * @param {string | null} lengthHeader
1081
+ * @param {number} maxBytes
1082
+ */
1083
+ function assertContentLengthWithinBounds(lengthHeader, maxBytes) {
1084
+ if (lengthHeader === null) {
1085
+ return;
1086
+ }
1087
+ const normalized = lengthHeader.trim();
1088
+ if (!/^\d+$/.test(normalized)) {
1089
+ throw new SmithersError("INVALID_INPUT", "Gateway request Content-Length must be a non-negative integer.", { contentLength: lengthHeader });
1090
+ }
1091
+ if (BigInt(normalized) > BigInt(maxBytes)) {
1092
+ throw new SmithersError("PayloadTooLarge", `Gateway request payload exceeds ${maxBytes} bytes.`, { maxBytes });
1093
+ }
1094
+ }
1079
1095
  /**
1080
1096
  * @param {IncomingMessage} req
1081
1097
  * @param {number} maxBytes
@@ -1084,10 +1100,7 @@ async function readRawBody(req, maxBytes) {
1084
1100
  const chunks = [];
1085
1101
  let total = 0;
1086
1102
  const lengthHeader = headerValue(req, "content-length");
1087
- const declaredLength = lengthHeader ? Number(lengthHeader) : NaN;
1088
- if (Number.isFinite(declaredLength) && declaredLength > maxBytes) {
1089
- throw new SmithersError("PayloadTooLarge", `Gateway request payload exceeds ${maxBytes} bytes.`, { maxBytes });
1090
- }
1103
+ assertContentLengthWithinBounds(lengthHeader, maxBytes);
1091
1104
  for await (const chunk of req) {
1092
1105
  const buffer = Buffer.from(chunk);
1093
1106
  total += buffer.length;