Remove MAX_CONTENT_LENGTH, validate content-length with body length (payjoin#770)

This PR partially addresses issue payjoin#756 by removing the `MAX_CONTENT_LENGTH` check
from the v1 receive path.

Instead, the code now validates that the request body length matches the
Content-Length header, returning a specific error if there is a
mismatch. This change assumes the body is already allocated and within
application limits, simplifying validation and improving error
reporting.

- Removes `MAX_CONTENT_LENGTH` check from `validate_body`
- Adds a `ContentLengthMismatch` error variant
- Updates test and error handling accordingly

Author: spacebear21

payjoin/src/receive/v1/exclusive/error.rs

@@ -24,8 +24,8 @@ pub(crate) enum InternalRequestError {
     InvalidContentType(String),
     /// The Content-Length header could not be parsed as a number
     InvalidContentLength(std::num::ParseIntError),
-    /// The Content-Length value exceeds the maximum allowed size
-    ContentLengthTooLarge(usize),
+    /// The Content-Length value does not match the actual body length
+    ContentLengthMismatch { expected: usize, actual: usize },
 }
 
 impl From<InternalRequestError> for RequestError {
@@ -44,7 +44,7 @@ impl From<&RequestError> for JsonReply {
             MissingHeader(_)
             | InvalidContentType(_)
             | InvalidContentLength(_)
-            | ContentLengthTooLarge(_) =>
+            | ContentLengthMismatch { .. } =>
                 JsonReply::new(crate::error_codes::ErrorCode::OriginalPsbtRejected, e),
         }
     }
@@ -57,8 +57,8 @@ impl fmt::Display for RequestError {
             InternalRequestError::InvalidContentType(content_type) =>
                 write!(f, "Invalid content type: {content_type}"),
             InternalRequestError::InvalidContentLength(e) => write!(f, "{e}"),
-            InternalRequestError::ContentLengthTooLarge(length) =>
-                write!(f, "Content length too large: {length}."),
+            InternalRequestError::ContentLengthMismatch { expected, actual } =>
+                write!(f, "Content length mismatch: expected {expected}, got {actual}."),
         }
     }
 }
@@ -69,7 +69,7 @@ impl error::Error for RequestError {
             InternalRequestError::InvalidContentLength(e) => Some(e),
             InternalRequestError::MissingHeader(_) => None,
             InternalRequestError::InvalidContentType(_) => None,
-            InternalRequestError::ContentLengthTooLarge(_) => None,
+            InternalRequestError::ContentLengthMismatch { .. } => None,
         }
     }
 }

payjoin/src/receive/v1/exclusive/mod.rs

@@ -4,7 +4,7 @@ pub use error::RequestError;
 
 use super::*;
 use crate::into_url::IntoUrl;
-use crate::{Version, MAX_CONTENT_LENGTH};
+use crate::Version;
 
 const SUPPORTED_VERSIONS: &[Version] = &[Version::One];
 
@@ -54,11 +54,15 @@ fn validate_body(headers: impl Headers, body: &[u8]) -> Result<&[u8], RequestErr
         .ok_or(InternalRequestError::MissingHeader("Content-Length"))?
         .parse::<usize>()
         .map_err(InternalRequestError::InvalidContentLength)?;
-    if content_length > MAX_CONTENT_LENGTH {
-        return Err(InternalRequestError::ContentLengthTooLarge(content_length).into());
+    if body.len() != content_length {
+        return Err(InternalRequestError::ContentLengthMismatch {
+            expected: content_length,
+            actual: body.len(),
+        }
+        .into());
     }
 
-    Ok(&body[..content_length])
+    Ok(body)
 }
 
 #[cfg(test)]
@@ -89,21 +93,21 @@ mod tests {
 
     #[test]
     fn test_parse_body() {
-        let mut padded_body = ORIGINAL_PSBT.as_bytes().to_vec();
-        assert_eq!(MAX_CONTENT_LENGTH, 5333333_usize);
-        padded_body.resize(MAX_CONTENT_LENGTH + 1, 0);
-        let headers = MockHeaders::new(padded_body.len() as u64);
+        let body = ORIGINAL_PSBT.as_bytes().to_vec();
+        let headers = MockHeaders::new((body.len() + 1) as u64);
 
-        let validated_request = validate_body(headers.clone(), padded_body.as_slice());
+        let validated_request = validate_body(headers.clone(), body.as_slice());
         assert!(validated_request.is_err());
+
         match validated_request {
             Ok(_) => panic!("Expected error, got success"),
             Err(error) => {
                 assert_eq!(
                     error.to_string(),
-                    RequestError::from(InternalRequestError::ContentLengthTooLarge(
-                        padded_body.len()
-                    ))
+                    RequestError::from(InternalRequestError::ContentLengthMismatch {
+                        expected: body.len() + 1,
+                        actual: body.len(),
+                    })
                     .to_string()
                 );
             }