Problem
\�pps/api/src/routes/uploadRoutes.js\ configures Multer with \memoryStorage()\ but no \limits.fileSize. Because uploaded files are buffered in memory before the controller responds, a client can POST an arbitrarily large multipart file to /api/uploads\ and force the API process to allocate that payload instead of rejecting it early.
This issue is limited only to the creator of this issue. This means that only the issue author can attempt to solve this issue. If you would like to work on it, please create another issue with the same contents and refer to issue #743 for more information.
Expected behavior
The upload route should enforce a bounded file size and return a structured 413 JSON error when a file exceeds that limit.
Proposed fix
- Add a \limits.fileSize\ cap to the Multer upload middleware.
- Map Multer's \LIMIT_FILE_SIZE\ error to the existing JSON failure response shape.
- Add a regression test proving an oversized upload is rejected.
Parent bounty
Related to #743.
Problem
\�pps/api/src/routes/uploadRoutes.js\ configures Multer with \memoryStorage()\ but no \limits.fileSize. Because uploaded files are buffered in memory before the controller responds, a client can POST an arbitrarily large multipart file to /api/uploads\ and force the API process to allocate that payload instead of rejecting it early.
This issue is limited only to the creator of this issue. This means that only the issue author can attempt to solve this issue. If you would like to work on it, please create another issue with the same contents and refer to issue #743 for more information.
Expected behavior
The upload route should enforce a bounded file size and return a structured 413 JSON error when a file exceeds that limit.
Proposed fix
Parent bounty
Related to #743.