Commit 26d6887
committed
fix: Critical security fixes and code cleanup for Turso PR
Security Fixes:
- Limit gRPC message size to 64MB (was usize::MAX) - CRITICAL DoS fix
- Add HTTP body size limits (10MB) to admin and user APIs
- Restrict CORS to specific methods/headers (was Any)
Code Cleanup:
- Delete 8 temporary files (CI_TRIGGER.txt, MIGRATION_*.md, etc.)
- Remove 90 lines of commented Connection struct code
- Remove commented // mod h2c and allocator lines
- Run cargo fmt for formatting
Files changed:
- replication_log_proxy.rs: Add MAX_DECODING_MESSAGE_SIZE constant
- admin/mod.rs: Add DefaultBodyLimit import and 10MB limit
- user/mod.rs: Add DefaultBodyLimit import, CORS restrictions, 10MB limit
- lib.rs: Remove commented code
- connection.rs: Remove 90 lines of commented code1 parent f8cbd84 commit 26d6887
13 files changed
Lines changed: 30 additions & 809 deletions
File tree
- libsql-server/src
- http
- admin
- user
- rpc
- replication
- libsql-sys/src
Whitespace-only changes.
This file was deleted.
This file was deleted.
This file was deleted.
0 commit comments