fix: server-side payload cap + cleaner image abort
Addresses Copilot review on PR #9: - /api/vision: add MAX_ANNOTATED_BYTES (3 MB) cap on annotatedImageBase64, plus an explicit type/non-empty check. Browser annotator resizes to 768 wide (typically 200-800 KB base64), so 3 MB rejects abusive direct-API payloads that would otherwise inflate upstream vision LLM costs. - annotateClient: replace `img.src = ""` on timeout with removeAttribute to avoid the legacy browser behavior of treating empty src as a navigation to the current document URL. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -6,6 +6,11 @@ import { loadEngineConfig } from "@/lib/config";
|
|||||||
export const runtime = "nodejs";
|
export const runtime = "nodejs";
|
||||||
export const maxDuration = 60;
|
export const maxDuration = 60;
|
||||||
|
|
||||||
|
// Browser annotator resizes to 768 wide → typically 200-800 KB base64.
|
||||||
|
// 3 MB caps abusive direct-API payloads (which would inflate upstream
|
||||||
|
// vision LLM costs) while leaving ~4x headroom for legitimate inputs.
|
||||||
|
const MAX_ANNOTATED_BYTES = 3 * 1024 * 1024;
|
||||||
|
|
||||||
export async function POST(req: Request) {
|
export async function POST(req: Request) {
|
||||||
let body: VisionRequest;
|
let body: VisionRequest;
|
||||||
try {
|
try {
|
||||||
@@ -14,12 +19,27 @@ export async function POST(req: Request) {
|
|||||||
return NextResponse.json({ error: "Invalid JSON" }, { status: 400 });
|
return NextResponse.json({ error: "Invalid JSON" }, { status: 400 });
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!body.session || !body.annotatedImageBase64) {
|
if (!body.session) {
|
||||||
return NextResponse.json(
|
return NextResponse.json(
|
||||||
{ error: "session and annotatedImageBase64 are required" },
|
{ error: "session is required" },
|
||||||
{ status: 400 },
|
{ status: 400 },
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
if (
|
||||||
|
typeof body.annotatedImageBase64 !== "string" ||
|
||||||
|
body.annotatedImageBase64.length === 0
|
||||||
|
) {
|
||||||
|
return NextResponse.json(
|
||||||
|
{ error: "annotatedImageBase64 must be a non-empty string" },
|
||||||
|
{ status: 400 },
|
||||||
|
);
|
||||||
|
}
|
||||||
|
if (body.annotatedImageBase64.length > MAX_ANNOTATED_BYTES) {
|
||||||
|
return NextResponse.json(
|
||||||
|
{ error: `annotatedImageBase64 exceeds ${MAX_ANNOTATED_BYTES} bytes` },
|
||||||
|
{ status: 413 },
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const config = loadEngineConfig();
|
const config = loadEngineConfig();
|
||||||
|
|||||||
@@ -59,7 +59,9 @@ function loadImage(
|
|||||||
return new Promise((resolve, reject) => {
|
return new Promise((resolve, reject) => {
|
||||||
const img = new Image();
|
const img = new Image();
|
||||||
const timer = setTimeout(() => {
|
const timer = setTimeout(() => {
|
||||||
img.src = "";
|
// removeAttribute, not `src = ""` — setting empty string can trigger
|
||||||
|
// a navigation to the current document URL in some browsers.
|
||||||
|
img.removeAttribute("src");
|
||||||
reject(new Error(`Image load timed out after ${timeoutMs}ms`));
|
reject(new Error(`Image load timed out after ${timeoutMs}ms`));
|
||||||
}, timeoutMs);
|
}, timeoutMs);
|
||||||
img.crossOrigin = "anonymous";
|
img.crossOrigin = "anonymous";
|
||||||
|
|||||||
Reference in New Issue
Block a user