fix(server): raise body parser limit so avatar upload doesn't 413 (#1149)

Profile avatars are sent to /profiles/:name/avatar as base64 image data URLs in a JSON body. The handler allows up to 1MB of raw image data, which is ~1.37MB once base64-encoded — larger than @koa/bodyparser's default 1mb jsonLimit, so uploads were rejected with HTTP 413 before reaching the handler. Set jsonLimit/textLimit to 4mb, leaving the handler's own 1MB raw-size check as the authoritative limit (now returning a clear 400 instead of a confusing 413). Co-authored-by: xingzhi <chuzihao.czh@alibaba-inc.com>
2026-05-30 16:32:46 +08:00
parent eea1d1decd
commit 12e0b5ebed
1 changed files with 4 additions and 1 deletions
@@ -133,7 +133,10 @@ export async function bootstrap() {
  console.log('[bootstrap] all stores initialized')

  app.use(cors({ origin: config.corsOrigins }))
-  app.use(bodyParser())
+  // Raise JSON/text limits above the default 1mb: profile avatars are posted
+  // as base64 data URLs (up to ~1MB raw → ~1.37MB base64), which otherwise
+  // tripped a 413 in the body parser before reaching the handler.
+  app.use(bodyParser({ encoding: 'utf-8', jsonLimit: '4mb', textLimit: '4mb' }))
  console.log('[bootstrap] cors + bodyParser registered')

  // Register all routes (handles auth internally)