From a87f4b6171b393f88b0688a0a51fb6fb3878b5ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Pie=C5=84kowski?=
 <4557247-Jakski@users.noreply.gitlab.com>
Date: Fri, 4 Jul 2025 16:16:44 +0000
Subject: [PATCH] fix: Respond with HTTP code 413, when request size is too big

---
 Cargo.lock                   |  1 +
 Cargo.toml                   |  2 ++
 src/api/ruma_wrapper/axum.rs | 19 ++++++++++++++-----
 src/main.rs                  | 10 ++--------
 4 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 32b155d8..8a28f31a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -510,6 +510,7 @@ dependencies = [
  "hickory-resolver",
  "hmac",
  "http",
+ "http-body-util",
  "humantime",
  "humantime-serde",
  "hyper",
diff --git a/Cargo.toml b/Cargo.toml
index 557b155b..5455ad79 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -152,6 +152,8 @@ tikv-jemallocator = { version = "0.6", features = [
 ], optional = true }
 
 sd-notify = { version = "0.4", optional = true }
+# Used for inspecting request errors
+http-body-util = "0.1.3"
 
 # Used for matrix spec type definitions and helpers
 [dependencies.ruma]
diff --git a/src/api/ruma_wrapper/axum.rs b/src/api/ruma_wrapper/axum.rs
index f933796e..04456543 100644
--- a/src/api/ruma_wrapper/axum.rs
+++ b/src/api/ruma_wrapper/axum.rs
@@ -1,10 +1,10 @@
-use std::{collections::BTreeMap, iter::FromIterator, str};
+use std::{collections::BTreeMap, error::Error as _, iter::FromIterator, str};
 
 use axum::{
     body::Body,
     extract::{FromRequest, Path},
     response::{IntoResponse, Response},
-    RequestExt, RequestPartsExt,
+    RequestPartsExt,
 };
 use axum_extra::{
     headers::{authorization::Bearer, Authorization},
@@ -48,8 +48,7 @@ where
         }
 
         let (mut parts, mut body) = {
-            let limited_req = req.with_limited_body();
-            let (parts, body) = limited_req.into_parts();
+            let (parts, body) = req.into_parts();
             let body = axum::body::to_bytes(
                 body,
                 services()
@@ -59,7 +58,17 @@ where
                     .unwrap_or(usize::MAX),
             )
             .await
-            .map_err(|_| Error::BadRequest(ErrorKind::MissingToken, "Missing token."))?;
+            .map_err(|err| {
+                if err
+                    .source()
+                    .is_some_and(|err| err.is::<http_body_util::LengthLimitError>())
+                {
+                    Error::BadRequest(ErrorKind::TooLarge, "Reached maximum request size")
+                } else {
+                    error!("An unknown error has occurred: {err}");
+                    Error::BadRequest(ErrorKind::Unknown, "An unknown error has occurred")
+                }
+            })?;
             (parts, body)
         };
 
diff --git a/src/main.rs b/src/main.rs
index 4af1162c..b9e34765 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -2,7 +2,7 @@ use std::{future::Future, io, net::SocketAddr, sync::atomic, time::Duration};
 
 use axum::{
     body::Body,
-    extract::{DefaultBodyLimit, FromRequestParts, MatchedPath},
+    extract::{FromRequestParts, MatchedPath},
     middleware::map_response,
     response::{IntoResponse, Response},
     routing::{any, get, on, MethodFilter},
@@ -240,13 +240,7 @@ async fn run_server() -> io::Result<()> {
                 ])
                 .max_age(Duration::from_secs(86400)),
         )
-        .layer(map_response(set_csp_header))
-        .layer(DefaultBodyLimit::max(
-            config
-                .max_request_size
-                .try_into()
-                .expect("failed to convert max request size"),
-        ));
+        .layer(map_response(set_csp_header));
 
     let app = routes(config).layer(middlewares).into_make_service();
     let handle = ServerHandle::new();