fix: server-side payload cap + cleaner image abort

Addresses Copilot review on PR #9:

- /api/vision: add MAX_ANNOTATED_BYTES (3 MB) cap on annotatedImageBase64,
  plus an explicit type/non-empty check. Browser annotator resizes to 768
  wide (typically 200-800 KB base64), so 3 MB rejects abusive direct-API
  payloads that would otherwise inflate upstream vision LLM costs.
- annotateClient: replace `img.src = ""` on timeout with removeAttribute
  to avoid the legacy browser behavior of treating empty src as a
  navigation to the current document URL.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
yuanzonghao
2026-06-02 22:13:40 +08:00
parent 72331bb865
commit 203e63edc2
2 changed files with 25 additions and 3 deletions
+22 -2
View File
@@ -6,6 +6,11 @@ import { loadEngineConfig } from "@/lib/config";
export const runtime = "nodejs";
export const maxDuration = 60;
// Browser annotator resizes to 768 wide → typically 200-800 KB base64.
// 3 MB caps abusive direct-API payloads (which would inflate upstream
// vision LLM costs) while leaving ~4x headroom for legitimate inputs.
const MAX_ANNOTATED_BYTES = 3 * 1024 * 1024;
export async function POST(req: Request) {
let body: VisionRequest;
try {
@@ -14,12 +19,27 @@ export async function POST(req: Request) {
return NextResponse.json({ error: "Invalid JSON" }, { status: 400 });
}
if (!body.session || !body.annotatedImageBase64) {
if (!body.session) {
return NextResponse.json(
{ error: "session and annotatedImageBase64 are required" },
{ error: "session is required" },
{ status: 400 },
);
}
if (
typeof body.annotatedImageBase64 !== "string" ||
body.annotatedImageBase64.length === 0
) {
return NextResponse.json(
{ error: "annotatedImageBase64 must be a non-empty string" },
{ status: 400 },
);
}
if (body.annotatedImageBase64.length > MAX_ANNOTATED_BYTES) {
return NextResponse.json(
{ error: `annotatedImageBase64 exceeds ${MAX_ANNOTATED_BYTES} bytes` },
{ status: 413 },
);
}
try {
const config = loadEngineConfig();