test_content_size_middleware.py
python
sha256:fc04e4cae9e1774d6a21b65c45daeed0e6787eb581d13aa1b03bfe9384a34226
Merge branch 'fix/two-column-scroll-layout' into dev
Human
9 days ago
| 1 | """Tests for ContentSizeLimitMiddleware (checklist 2.3 — body size cap).""" |
| 2 | from __future__ import annotations |
| 3 | |
| 4 | import pytest |
| 5 | from httpx import AsyncClient |
| 6 | |
| 7 | from musehub.middleware.content_size import API_MAX_BYTES, PUSH_MAX_BYTES |
| 8 | |
| 9 | |
| 10 | async def test_api_request_within_limit_passes( |
| 11 | client: AsyncClient, |
| 12 | ) -> None: |
| 13 | """A body under 10 MB on an API route must not be rejected by the middleware.""" |
| 14 | small_body = b"x" * 1024 # 1 KB |
| 15 | resp = await client.post( |
| 16 | "/api/repos", |
| 17 | content=small_body, |
| 18 | headers={"Content-Type": "application/json", "Content-Length": str(len(small_body))}, |
| 19 | ) |
| 20 | # May be 422 (invalid JSON) or 401 (auth required) — not 413 |
| 21 | assert resp.status_code != 413 |
| 22 | |
| 23 | |
| 24 | async def test_api_request_over_limit_returns_413( |
| 25 | client: AsyncClient, |
| 26 | ) -> None: |
| 27 | """Content-Length over 10 MB on a non-push route must return 413.""" |
| 28 | over_limit = API_MAX_BYTES + 1 |
| 29 | resp = await client.post( |
| 30 | "/api/repos", |
| 31 | headers={"Content-Length": str(over_limit)}, |
| 32 | content=b"", # actual body irrelevant — Content-Length header drives the check |
| 33 | ) |
| 34 | assert resp.status_code == 413 |
| 35 | assert "too large" in resp.json()["detail"].lower() |
| 36 | |
| 37 | |
| 38 | async def test_push_mpack_presign_under_push_limit_not_rejected( |
| 39 | client: AsyncClient, |
| 40 | ) -> None: |
| 41 | """Content-Length under 500 MB on push/mpack-presign must not be rejected.""" |
| 42 | import json |
| 43 | body = json.dumps({"mpack_key": "sha256:" + "a" * 64, "size_bytes": 1024}).encode() |
| 44 | # No auth → will get 401, but that's AFTER the size check — must not be 413 |
| 45 | resp = await client.post( |
| 46 | "/gabriel/my-repo/push/mpack-presign", |
| 47 | content=body, |
| 48 | headers={"Content-Type": "application/json"}, |
| 49 | ) |
| 50 | assert resp.status_code != 413 |
| 51 | |
| 52 | |
| 53 | async def test_push_mpack_presign_over_api_limit_but_under_push_limit_allowed( |
| 54 | client: AsyncClient, |
| 55 | ) -> None: |
| 56 | """A 20 MB Content-Length on push/mpack-presign must NOT return 413 (push limit is 500 MB).""" |
| 57 | over_api_limit = API_MAX_BYTES * 2 # 20 MB — over API limit but under push limit |
| 58 | resp = await client.post( |
| 59 | "/gabriel/my-repo/push/mpack-presign", |
| 60 | headers={"Content-Length": str(over_api_limit)}, |
| 61 | content=b"", |
| 62 | ) |
| 63 | # Should get 401 (no auth) or 422 (bad body) — not 413 |
| 64 | assert resp.status_code != 413 |
| 65 | |
| 66 | |
| 67 | async def test_push_mpack_presign_path_uses_push_limit( |
| 68 | client: AsyncClient, |
| 69 | ) -> None: |
| 70 | """/{owner}/{slug}/push/mpack-presign must use the 500 MB limit, not 10 MB.""" |
| 71 | over_api_limit = API_MAX_BYTES + 1 |
| 72 | resp = await client.post( |
| 73 | "/gabriel/my-repo/push/mpack-presign", |
| 74 | headers={"Content-Length": str(over_api_limit)}, |
| 75 | content=b"", |
| 76 | ) |
| 77 | assert resp.status_code != 413 |
| 78 | |
| 79 | |
| 80 | def test_limits_are_correct_values() -> None: |
| 81 | assert API_MAX_BYTES == 10 * 1024 * 1024 |
| 82 | assert PUSH_MAX_BYTES == 500 * 1024 * 1024 |
File History
13 commits
sha256:fc04e4cae9e1774d6a21b65c45daeed0e6787eb581d13aa1b03bfe9384a34226
Merge branch 'fix/two-column-scroll-layout' into dev
Human
9 days ago
sha256:408916fc5973ba59c6e4eebaa80ebdcc801c0a63205651e25009d11548f79454
chore: bump version to 0.2.0.dev2 — nightly.2, matching muse
Sonnet 4.6
patch
12 days ago
sha256:d035733f21ccff27735fddebfbbe0ed24565a32a22db8de5885402262671ecd2
chore: bump version to 0.2.0rc15 for musehub#113 fix release
Sonnet 4.6
patch
15 days ago
sha256:0032d6cfa33bc3c8367436ad768e7dd0e339b4332153160247da8266cb5fa352
Merge branch 'task/version-tags-phase3-server' into dev
Human
17 days ago
sha256:4669620efda9ff41c55bdefd1f7bfe1c239d468428744c84ead9957e5a003a53
merge: rescue snapshot-recovery hardening (c00aa21d) into d…
Opus 4.8
minor
⚠
30 days ago
sha256:a59da49c4611b970fc4b6ae48678ce4943261c213a07ddbd73ce9201df869b4a
fix: remove false-positive proposal_comments index drop fro…
Sonnet 4.6
patch
34 days ago
sha256:0a240d6dbff234f07d98a28a4a9a68db702f3f9ff9260196f24219bdb1c0b6f3
feat: render markdown mists as HTML with heading anchor links
Sonnet 4.6
patch
34 days ago
sha256:24a7d47486ebc4ebd1832830580e177ec6f877b48dced8c000e198cdec4ce9d6
Merge 'task/bump-version-rc12' into 'dev' — proposal: Bump …
Human
35 days ago
sha256:b9ff931d147e0114a1f17060f415b89ed551c170a91ff226c70437aa5c85f9ee
Merge 'task/bump-version-rc12' into 'dev' — proposal: Bump …
Human
36 days ago
sha256:d1122d21e73471879b460037b22c0b50fded7c423444a176f248428f75dac39c
Merge 'task/fix-issue-pagination-cursor' into 'dev' — propo…
Human
36 days ago
sha256:01e18975e73d2b3cd5b6db7929c895bef9aa6e0d4391dc5b2adfc548b41318dd
Merge 'feat/adding-debug-logs-to-staging' into 'dev' — prop…
Human
36 days ago
sha256:6b1949fc2797ca4c1936a637a4cbfec828ef56cf52398a2e74ca3c4f494e728f
fix: use wire_bytes not mpack_bytes_raw in compute_object_b…
Sonnet 4.6
patch
48 days ago
sha256:b99f2455dc346966d040133f5203297e6e3ef5803a93728a2c30568d0a0f7583
rename: delta_add → delta_upsert across wire format, models…
Sonnet 4.6
patch
50 days ago