fix: Adds webhook size limit parameter (#42)

Fixes #40

---------

Co-authored-by: f_nie <frank_nietzold@sap.com>
Co-authored-by: Andre Meyering <info@andremeyering.de>
Co-authored-by: Dr. David A. Kunz <david.kunz@sap.com>

Author: 4 people

README.md

@@ -2,14 +2,10 @@
 
 [![REUSE status](https://api.reuse.software/badge/github.com/cap-js/event-broker)](https://api.reuse.software/info/github.com/cap-js/event-broker)
 
-
-
 ## About this project
 
 CDS plugin providing integration with SAP Cloud Application Event Hub (technical name: `event-broker`).
 
-
-
 ## Table of Contents
 
 - [About this project](#about-this-project)
@@ -19,15 +15,11 @@ CDS plugin providing integration with SAP Cloud Application Event Hub (technical
 - [Code of Conduct](#code-of-conduct)
 - [Licensing](#licensing)
 
-
-
 ## Requirements
 
 See [Getting Started](https://cap.cloud.sap/docs/get-started/in-a-nutshell) on how to jumpstart your development and grow as you go with SAP Cloud Application Programming Model (CAP).
 To learn about messaging in CAP, please consult the guide on [Events & Messaging](https://cap.cloud.sap/docs/guides/messaging/).
 
-
-
 ## Setup
 
 Install the plugin via:
@@ -67,26 +59,37 @@ If you are not using [IAS-based Authentication](https://cap.cloud.sap/docs/node.
 
 For more information, please see [SAP Cloud Application Event Hub](https://help.sap.com/docs/sap-cloud-application-event-hub) in SAP Help Portal.
 
+## Parameters
 
+### webhookSizeLimit
 
-## Support, Feedback, Contributing
+To set a size limit for events accepted by the webhook, set the ``webhookSizeLimit``parameter in the ``package.json`` file in the root folder of your app, e.g.
 
-This project is open to feature requests/suggestions, bug reports etc. via [GitHub issues](https://github.com/cap-js/event-broker/issues). Contribution and feedback are encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our [Contribution Guidelines](CONTRIBUTING.md).
+```jsonc
+"cds": {
+  "requires": {
+    "messaging": {
+      "kind": "event-broker",
+      "webhookSizeLimit": "1mb"
+    }
+  }
+}
+```
+
+If the parameter is not set, the [global request body size limit](https://pages.github.tools.sap/cap/docs/node.js/cds-server#maximum-request-body-size) ``cds.env.server.body_parser.limit`` is taken into account. If this parameter is not set either, the default value of ``1mb``is used.
 
+## Support, Feedback, Contributing
 
+This project is open to feature requests/suggestions, bug reports etc. via [GitHub issues](https://github.com/cap-js/event-broker/issues). Contribution and feedback are encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our [Contribution Guidelines](CONTRIBUTING.md).
 
 ## Security / Disclosure
 
 If you find any bug that may be a security problem, please follow our instructions at [in our security policy](https://github.com/cap-js/event-broker/security/policy) on how to report it. Please do not create GitHub issues for security-related doubts or problems.
 
-
-
 ## Code of Conduct
 
 We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone. By participating in this project, you agree to abide by its [Code of Conduct](https://github.com/cap-js/.github/blob/main/CODE_OF_CONDUCT.md) at all times.
 
-
-
 ## Licensing
 
 Copyright 2024 SAP SE or an SAP affiliate company and event-broker contributors. Please see our [LICENSE](LICENSE) for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available [via the REUSE tool](https://api.reuse.software/info/github.com/cap-js/event-broker).

cds-plugin.js

@@ -311,7 +311,9 @@ class EventBroker extends cds.MessagingService {
     } else {
       cds.app.post(webhookBasePath, _validateCertificate.bind(this))
     }
-    cds.app.post(webhookBasePath, express.json())
+
+    const limit = this.options.webhookSizeLimit ?? cds.env.server.body_parser?.limit ?? "1mb"
+    cds.app.post(webhookBasePath, express.json({ limit }))
     cds.app.post(webhookBasePath, this.onEventReceived.bind(this))
   }
 

package.json

@@ -35,6 +35,7 @@
           "format": "cloudevents",
           "outbox": true,
           "webhookPath": "/-/cds/event-broker/webhook",
+          "webhookSizeLimit": "1mb",
           "vcap": {
             "label": "event-broker"
           }

…ror-handling/event-broker-errors.test.js …r-unit-tests/event-broker-errors.test.jstest/event-broker-error-handling/event-broker-errors.test.js renamed to test/event-broker-unit-tests/event-broker-errors.test.js test/event-broker-error-handling/event-broker-errors.test.js renamed to test/event-broker-unit-tests/event-broker-errors.test.js

@@ -0,0 +1,59 @@
+describe('event broker webhook endpoint registration', () => {
+	test.each([
+		{
+			name: 'webhookSizeLimit correctly passed to express.json',
+			webhookPath: '/webhook-test',
+			webhookSizeLimit: '5mb',
+			bodyParserLimit: undefined,
+			expectedLimit: '5mb'
+		},
+		{
+			name: 'body_parser.limit overrides webhookSizeLimit',
+			webhookPath: '/webhook-test-2',
+			webhookSizeLimit: undefined,
+			bodyParserLimit: '42mb',
+			expectedLimit: '42mb'
+		}
+	])('$name', async ({ webhookPath, webhookSizeLimit, bodyParserLimit, expectedLimit }) => {
+		// Arrange
+		const express = require('express')
+		const originalJson = express.json
+		let calledLimit
+		express.json = opts => {
+			calledLimit = opts.limit
+			return (req, res, next) => next()
+		}
+
+		const cds = require('@sap/cds')
+		const originalServer = cds.env.server
+		if (bodyParserLimit) {
+			cds.env.server = { body_parser: { limit: bodyParserLimit } }
+		}
+
+		const EventBroker = require('../../cds-plugin.js')
+		const eb = new EventBroker('event-broker')
+		eb.options = {
+			webhookPath,
+			webhookSizeLimit,
+			credentials: {
+				ias: { clientId: 'clientId' },
+			}
+		}
+		eb.auth = { kind: 'ias', ias: { credentials: { certificate: 'cert', key: 'key' }, clientId: 'clientId' } }
+
+		const useMock = jest.fn()
+		const postMock = jest.fn()
+		cds.app = { use: useMock, post: postMock }
+
+		// Act
+		eb.registerWebhookEndpoints()
+
+		// Assert
+		expect(calledLimit).toBe(expectedLimit)
+
+		// Cleanup
+		express.json = originalJson
+		cds.server = originalServer
+	})
+
+})