From 12e0b5ebed1ae4d3c813bb576db069fe6f749272 Mon Sep 17 00:00:00 2001 From: sir1st <1174702930@qq.com> Date: Sat, 30 May 2026 16:32:46 +0800 Subject: [PATCH] fix(server): raise body parser limit so avatar upload doesn't 413 (#1149) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Profile avatars are sent to /profiles/:name/avatar as base64 image data URLs in a JSON body. The handler allows up to 1MB of raw image data, which is ~1.37MB once base64-encoded — larger than @koa/bodyparser's default 1mb jsonLimit, so uploads were rejected with HTTP 413 before reaching the handler. Set jsonLimit/textLimit to 4mb, leaving the handler's own 1MB raw-size check as the authoritative limit (now returning a clear 400 instead of a confusing 413). Co-authored-by: xingzhi --- packages/server/src/index.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts index ea076ce..7b5a82f 100644 --- a/packages/server/src/index.ts +++ b/packages/server/src/index.ts @@ -133,7 +133,10 @@ export async function bootstrap() { console.log('[bootstrap] all stores initialized') app.use(cors({ origin: config.corsOrigins })) - app.use(bodyParser()) + // Raise JSON/text limits above the default 1mb: profile avatars are posted + // as base64 data URLs (up to ~1MB raw → ~1.37MB base64), which otherwise + // tripped a 413 in the body parser before reaching the handler. + app.use(bodyParser({ encoding: 'utf-8', jsonLimit: '4mb', textLimit: '4mb' })) console.log('[bootstrap] cors + bodyParser registered') // Register all routes (handles auth internally)