Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[actions] Enforce body limit using Transform stream #64694

Merged
merged 2 commits into from
Apr 18, 2024
Merged

[actions] Enforce body limit using Transform stream #64694

merged 2 commits into from
Apr 18, 2024
+135 −75

Conversation

wyattjoh
Copy link
Member

@wyattjoh wyattjoh commented Apr 18, 2024
edited
Loading

What?

This ensures that the body limit option is enforced on all request bodies sent to the Node.js runtime, not just the multipart field size limits.

Why?

The documentation states that this should limit the body size, previously it only limited the field size.

How?

This uses a Transform stream from Node.js. Based on my benchmarks using the transform stream added next to no overhead, yet it did simplify the implementation quite a bit. Assuming this is due to the already performant stream support within Node.js.

Closes NEXT-3151

@ijjk ijjk added created-by: Next.js team PRs by the Next.js team. type: next labels Apr 18, 2024
@wyattjoh Graphite App
Copy link
Member Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @wyattjoh and the rest of your teammates on Graphite Graphite

@socket-security Socket Security
Copy link

socket-security bot commented Apr 18, 2024
edited
Loading

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@types/busboy@1.5.3 None 0 9.49 kB types

View full report↗︎

@ijjk
Copy link
Member

ijjk commented Apr 18, 2024
edited
Loading

Stats from current PR

Default Build (Increase detected ⚠️)
General Overall increase ⚠️
vercel/next.js canary vercel/next.js wyattjohnson/action-body-limit Change
buildDuration 17.5s 17.3s N/A
buildDurationCached 9.7s 8.1s N/A
nodeModulesSize 199 MB 199 MB ⚠️ +28.7 kB
nextStartRea..uration (ms) 440ms 466ms N/A
Client Bundles (main, webpack)
vercel/next.js canary vercel/next.js wyattjohnson/action-body-limit Change
2453-HASH.js gzip 31.5 kB 31.5 kB N/A
3304.HASH.js gzip 169 B 169 B
3f784ff6-HASH.js gzip 53.7 kB 53.7 kB N/A
8299-HASH.js gzip 5.1 kB 5.1 kB N/A
framework-HASH.js gzip 45.2 kB 45.2 kB
main-app-HASH.js gzip 228 B 228 B
main-HASH.js gzip 29.6 kB 29.6 kB N/A
webpack-HASH.js gzip 1.64 kB 1.65 kB N/A
Overall change 45.6 kB 45.6 kB
Legacy Client Bundles (polyfills)
vercel/next.js canary vercel/next.js wyattjohnson/action-body-limit Change
polyfills-HASH.js gzip 31 kB 31 kB
Overall change 31 kB 31 kB
Client Pages
vercel/next.js canary vercel/next.js wyattjohnson/action-body-limit Change
_app-HASH.js gzip 193 B 194 B N/A
_error-HASH.js gzip 193 B 191 B N/A
amp-HASH.js gzip 511 B 511 B
css-HASH.js gzip 342 B 343 B N/A
dynamic-HASH.js gzip 2.51 kB 2.51 kB N/A
edge-ssr-HASH.js gzip 265 B 265 B
head-HASH.js gzip 365 B 364 B N/A
hooks-HASH.js gzip 389 B 391 B N/A
image-HASH.js gzip 4.28 kB 4.28 kB N/A
index-HASH.js gzip 269 B 268 B N/A
link-HASH.js gzip 2.68 kB 2.69 kB N/A
routerDirect..HASH.js gzip 328 B 326 B N/A
script-HASH.js gzip 395 B 397 B N/A
withRouter-HASH.js gzip 323 B 323 B
1afbb74e6ecf..834.css gzip 106 B 106 B
Overall change 1.21 kB 1.21 kB
Client Build Manifests
vercel/next.js canary vercel/next.js wyattjohnson/action-body-limit Change
_buildManifest.js gzip 483 B 485 B N/A
Overall change 0 B 0 B
Rendered Page Sizes
vercel/next.js canary vercel/next.js wyattjohnson/action-body-limit Change
index.html gzip 528 B 528 B
link.html gzip 540 B 541 B N/A
withRouter.html gzip 522 B 523 B N/A
Overall change 528 B 528 B
Edge SSR bundle Size
vercel/next.js canary vercel/next.js wyattjohnson/action-body-limit Change
edge-ssr.js gzip 94.5 kB 94.5 kB N/A
page.js gzip 3.05 kB 3.04 kB N/A
Overall change 0 B 0 B
Middleware size
vercel/next.js canary vercel/next.js wyattjohnson/action-body-limit Change
middleware-b..fest.js gzip 622 B 626 B N/A
middleware-r..fest.js gzip 155 B 156 B N/A
middleware.js gzip 25.5 kB 25.6 kB N/A
edge-runtime..pack.js gzip 839 B 839 B
Overall change 839 B 839 B
Next Runtimes Overall increase ⚠️
vercel/next.js canary vercel/next.js wyattjohnson/action-body-limit Change
app-page-exp...dev.js gzip 171 kB 171 kB ⚠️ +110 B
app-page-exp..prod.js gzip 97.5 kB 97.6 kB ⚠️ +106 B
app-page-tur..prod.js gzip 99.2 kB 99.3 kB ⚠️ +107 B
app-page-tur..prod.js gzip 93.5 kB 93.6 kB ⚠️ +104 B
app-page.run...dev.js gzip 145 kB 145 kB ⚠️ +115 B
app-page.run..prod.js gzip 92 kB 92.1 kB ⚠️ +103 B
app-route-ex...dev.js gzip 21.5 kB 21.5 kB
app-route-ex..prod.js gzip 15.2 kB 15.2 kB
app-route-tu..prod.js gzip 15.2 kB 15.2 kB
app-route-tu..prod.js gzip 14.9 kB 14.9 kB
app-route.ru...dev.js gzip 21.1 kB 21.1 kB
app-route.ru..prod.js gzip 14.9 kB 14.9 kB
pages-api-tu..prod.js gzip 9.55 kB 9.55 kB
pages-api.ru...dev.js gzip 9.82 kB 9.82 kB
pages-api.ru..prod.js gzip 9.55 kB 9.55 kB
pages-turbo...prod.js gzip 21.4 kB 21.4 kB
pages.runtim...dev.js gzip 22.1 kB 22.1 kB
pages.runtim..prod.js gzip 21.4 kB 21.4 kB
server.runti..prod.js gzip 51.6 kB 51.6 kB
Overall change 945 kB 946 kB ⚠️ +645 B
build cache Overall increase ⚠️
vercel/next.js canary vercel/next.js wyattjohnson/action-body-limit Change
0.pack gzip 1.59 MB 1.59 MB ⚠️ +2.23 kB
index.pack gzip 107 kB 108 kB ⚠️ +451 B
Overall change 1.7 MB 1.7 MB ⚠️ +2.68 kB
Diff details
Diff for middleware.js

Diff too large to display

Diff for image-HASH.js 
@@ -1,7 +1,7 @@
 (self["webpackChunk_N_E"] = self["webpackChunk_N_E"] || []).push([
   [8358],
   {
-    /***/ 1552: /***/ (
+    /***/ 4070: /***/ (
       __unused_webpack_module,
       __unused_webpack_exports,
       __webpack_require__
@@ -9,7 +9,7 @@
       (window.__NEXT_P = window.__NEXT_P || []).push([
         "/image",
         function () {
-          return __webpack_require__(5237);
+          return __webpack_require__(396);
         },
       ]);
       if (false) {
@@ -18,7 +18,7 @@
       /***/
     },
 
-    /***/ 2016: /***/ (module, exports, __webpack_require__) => {
+    /***/ 8490: /***/ (module, exports, __webpack_require__) => {
       "use strict";
       /* __next_internal_client_entry_do_not_use__  cjs */
       Object.defineProperty(exports, "__esModule", {
@@ -40,15 +40,15 @@
         __webpack_require__(422)
       );
       const _head = /*#__PURE__*/ _interop_require_default._(
-        __webpack_require__(6074)
+        __webpack_require__(2457)
       );
-      const _getimgprops = __webpack_require__(9571);
-      const _imageconfig = __webpack_require__(6567);
-      const _imageconfigcontextsharedruntime = __webpack_require__(419);
-      const _warnonce = __webpack_require__(4486);
-      const _routercontextsharedruntime = __webpack_require__(162);
+      const _getimgprops = __webpack_require__(7932);
+      const _imageconfig = __webpack_require__(5706);
+      const _imageconfigcontextsharedruntime = __webpack_require__(9483);
+      const _warnonce = __webpack_require__(9035);
+      const _routercontextsharedruntime = __webpack_require__(4829);
       const _imageloader = /*#__PURE__*/ _interop_require_default._(
-        __webpack_require__(6996)
+        __webpack_require__(7240)
       );
       // This is replaced by webpack define plugin
       const configEnv = {
@@ -379,7 +379,7 @@
       /***/
     },
 
-    /***/ 9571: /***/ (
+    /***/ 7932: /***/ (
       __unused_webpack_module,
       exports,
       __webpack_require__
@@ -395,9 +395,9 @@
           return getImgProps;
         },
       });
-      const _warnonce = __webpack_require__(4486);
-      const _imageblursvg = __webpack_require__(133);
-      const _imageconfig = __webpack_require__(6567);
+      const _warnonce = __webpack_require__(9035);
+      const _imageblursvg = __webpack_require__(2642);
+      const _imageconfig = __webpack_require__(5706);
       const VALID_LOADING_VALUES =
         /* unused pure expression or super */ null && [
           "lazy",
@@ -772,7 +772,7 @@
       /***/
     },
 
-    /***/ 133: /***/ (__unused_webpack_module, exports) => {
+    /***/ 2642: /***/ (__unused_webpack_module, exports) => {
       "use strict";
       /**
        * A shared function, used on both client and server, to generate a SVG blur placeholder.
@@ -827,7 +827,7 @@
       /***/
     },
 
-    /***/ 4085: /***/ (
+    /***/ 503: /***/ (
       __unused_webpack_module,
       exports,
       __webpack_require__
@@ -854,10 +854,10 @@
         },
       });
       const _interop_require_default = __webpack_require__(2430);
-      const _getimgprops = __webpack_require__(9571);
-      const _imagecomponent = __webpack_require__(2016);
+      const _getimgprops = __webpack_require__(7932);
+      const _imagecomponent = __webpack_require__(8490);
       const _imageloader = /*#__PURE__*/ _interop_require_default._(
-        __webpack_require__(6996)
+        __webpack_require__(7240)
       );
       function getImageProps(imgProps) {
         const { props } = (0, _getimgprops.getImgProps)(imgProps, {
@@ -889,7 +889,7 @@
       /***/
     },
 
-    /***/ 6996: /***/ (__unused_webpack_module, exports) => {
+    /***/ 7240: /***/ (__unused_webpack_module, exports) => {
       "use strict";
 
       Object.defineProperty(exports, "__esModule", {
@@ -924,7 +924,7 @@
       /***/
     },
 
-    /***/ 5237: /***/ (
+    /***/ 396: /***/ (
       __unused_webpack_module,
       __webpack_exports__,
       __webpack_require__
@@ -941,8 +941,8 @@
 
       // EXTERNAL MODULE: ./node_modules/.pnpm/react@18.2.0/node_modules/react/jsx-runtime.js
       var jsx_runtime = __webpack_require__(1527);
-      // EXTERNAL MODULE: ./node_modules/.pnpm/file+..+main-repo+packages+next+next-packed.tgz_react-dom@18.2.0_react@18.2.0/node_modules/next/image.js
-      var next_image = __webpack_require__(1577);
+      // EXTERNAL MODULE: ./node_modules/.pnpm/file+..+diff-repo+packages+next+next-packed.tgz_react-dom@18.2.0_react@18.2.0/node_modules/next/image.js
+      var next_image = __webpack_require__(73);
       var image_default = /*#__PURE__*/ __webpack_require__.n(next_image); // CONCATENATED MODULE: ./pages/nextjs.png
       /* harmony default export */ const nextjs = {
         src: "/_next/static/media/nextjs.cae0b805.png",
@@ -972,12 +972,8 @@
       /***/
     },
 
-    /***/ 1577: /***/ (
-      module,
-      __unused_webpack_exports,
-      __webpack_require__
-    ) => {
-      module.exports = __webpack_require__(4085);
+    /***/ 73: /***/ (module, __unused_webpack_exports, __webpack_require__) => {
+      module.exports = __webpack_require__(503);
 
       /***/
     },
@@ -987,7 +983,7 @@
     /******/ var __webpack_exec__ = (moduleId) =>
       __webpack_require__((__webpack_require__.s = moduleId));
     /******/ __webpack_require__.O(0, [2888, 9774, 179], () =>
-      __webpack_exec__(1552)
+      __webpack_exec__(4070)
     );
     /******/ var __webpack_exports__ = __webpack_require__.O();
     /******/ _N_E = __webpack_exports__;
Diff for 2453-HASH.js

Diff too large to display

Diff for main-HASH.js

Diff too large to display

Diff for app-page-exp..ntime.dev.js

Diff too large to display

Diff for app-page-exp..time.prod.js

Diff too large to display

Diff for app-page-tur..time.prod.js

Diff too large to display

Diff for app-page-tur..time.prod.js

Diff too large to display

Diff for app-page.runtime.dev.js

Diff too large to display

Diff for app-page.runtime.prod.js

Diff too large to display

Commit: 0119565

@wyattjoh wyattjoh marked this pull request as ready for review April 18, 2024 00:39
@ijjk
Copy link
Member

ijjk commented Apr 18, 2024
edited
Loading

Tests Passed

@wyattjoh wyattjoh marked this pull request as draft April 18, 2024 00:41
@wyattjoh wyattjoh force-pushed the wyattjohnson/action-body-limit branch from abce5cd to 984aec9 Compare April 18, 2024 06:42
@ijjk ijjk added the tests label Apr 18, 2024
@wyattjoh wyattjoh force-pushed the wyattjohnson/action-body-limit branch from 984aec9 to 1d30239 Compare April 18, 2024 07:00
wyattjoh
wyattjoh commented Apr 18, 2024
View reviewed changes
package.json
@@ -95,6 +95,7 @@
"@swc/helpers": "0.5.5",
"@testing-library/jest-dom": "6.1.2",
"@testing-library/react": "13.0.0",
"@types/busboy": "1.5.3",
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We didn't have the types here before, this isn't bundled, but enhances the code that uses busboy with some types.

@wyattjoh wyattjoh marked this pull request as ready for review April 18, 2024 18:20
@wyattjoh wyattjoh merged commit 64e2ffc into canary Apr 18, 2024
75 of 80 checks passed
@wyattjoh wyattjoh deleted the wyattjohnson/action-body-limit branch April 18, 2024 22:04
@github-actions github-actions bot added the locked label May 3, 2024
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 3, 2024
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Reviewers

@shuding shuding shuding approved these changes

@timneutkens timneutkens Awaiting requested review from timneutkens

@ijjk ijjk Awaiting requested review from ijjk

@huozhi huozhi Awaiting requested review from huozhi

@feedthejim feedthejim Awaiting requested review from feedthejim

@ztanner ztanner Awaiting requested review from ztanner

Assignees
No one assigned
Labels
created-by: Next.js team PRs by the Next.js team. locked tests type: next
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wyattjoh @ijjk @shuding