Log solve request data transfer #4082
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors the /solve endpoint to measure the duration of request body data transfer, which helps in diagnosing reported delays. The implementation correctly changes the endpoint to accept a raw HTTP request and streams the body to hyper::body::Bytes while timing the operation. However, this change introduces a critical security vulnerability. By processing the raw request body without a size limit, the service is exposed to a Denial of Service attack via memory exhaustion from an overly large request payload. My review includes a comment with a suggested fix to mitigate this vulnerability by applying a size limit to the request body.
| futures = { workspace = true } | ||
| const-hex = { workspace = true } | ||
| hex-literal = { workspace = true } | ||
| http-body = { workspace = true } |
There was a problem hiding this comment.
Seems like you're not using this, at least directly. If I had to guess, you added this but then hyper had this built in?
There was a problem hiding this comment.
Shouldn't you remove this dep then? Or did we misunderstood each other?
Description
Some solvers reported that some requests come significantly delayed (judging by the auction deadline). Currently we have no way to distinguish between receiving the start of the
/solverequest and streaming the actual data.This PR makes this possible by making the
solvehandler take a raw http request and stream the body afterwards.Changes
Instead of:
String(including utf8 check)Stringinto anArcto make copying it cheapSolveRequestWe now do:
BytestypeSolveRequestSince handling the raw request seems to bypass axum's request size checks I did it manually for this endpoint.
How to test
Existing tests should suffice