chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: add payload size limits to task lane save endpoint

Browse Source 
- Max 50 questions, 50 actions, 100 responses (Pydantic max_length)
- Max 256KB total serialized payload (prevents DB bloat)
- Existing guards: JWT auth, role check, ownership check, rate limit

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
chihlasm
2026-03-28 19:16:06 +00:00
parent 80af408f2d
commit 4fa26149e6
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/app/schemas/ai_session.py
View File

@@ -289,10 +289,11 @@ class ChatMessageResponse(BaseModel):
class SaveTaskLaneRequest(BaseModel):
"""Save the full task lane state (AI items + user responses)."""
questions: list[QuestionItem] = []
actions: list[ActionItem] = []
questions: list[QuestionItem] = Field(default_factory=list, max_length=50)
actions: list[ActionItem] = Field(default_factory=list, max_length=50)
responses: list[dict[str, Any]] = Field(
default_factory=list,
max_length=100,
description="User's in-progress task responses with state/value",
)