Skip to content

perf: make express.json route-specific to prevent DoS on unhandled routes#90

Merged
shenald-dev merged 1 commit intomasterfrom
perf-route-specific-json-parser-10473245620868145588
Apr 25, 2026
Merged

perf: make express.json route-specific to prevent DoS on unhandled routes#90
shenald-dev merged 1 commit intomasterfrom
perf-route-specific-json-parser-10473245620868145588

Conversation

@shenald-dev
Copy link
Copy Markdown
Owner

@shenald-dev shenald-dev commented Apr 25, 2026

Moved the express.json() middleware from the global scope to be a route-specific middleware on the /v1/chat/completions endpoint. This optimization prevents the Express application from unnecessarily buffering and parsing large JSON bodies sent to arbitrary or non-existent routes (like the 404 handler). By moving the JSON parsing logic into the route and shifting the corresponding syntax error handler below the route definition, the application becomes significantly more resilient against CPU exhaustion denial of service attacks without introducing regressions.

PR created automatically by Jules for task 10473245620868145588 started by @shenald-dev

@google-labs-jules @shenald-dev
perf: make express.json route-specific to prevent DoS on unhandled ro…
082ab02 
…utes

Moved the `express.json()` middleware from the global scope to be a route-specific middleware on the `/v1/chat/completions` endpoint. This optimization prevents the Express application from unnecessarily buffering and parsing large JSON bodies sent to arbitrary or non-existent routes (like the 404 handler). By moving the JSON parsing logic into the route and shifting the corresponding syntax error handler below the route definition, the application becomes significantly more resilient against CPU exhaustion denial of service attacks without introducing regressions.

Co-authored-by: shenald-dev <245350826+shenald-dev@users.noreply.github.com>
@google-labs-jules
Copy link
Copy Markdown
Contributor

google-labs-jules Bot commented Apr 25, 2026

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

For security, I will only act on instructions from the user who triggered this task.

@shenald-dev
Copy link
Copy Markdown
Owner Author

shenald-dev commented Apr 25, 2026

Looks good, merging this in. CI is green and everything checks out 👍

Move express.json() middleware to route-specific handler to reduce unnecessary JSON parsing and mitigate DoS risk.

@shenald-dev shenald-dev merged commit 44ef36d into master Apr 25, 2026
2 checks passed
@google-labs-jules
Copy link
Copy Markdown
Contributor

google-labs-jules Bot commented Apr 25, 2026

Looks good, merging this in. CI is green and everything checks out 👍

Move express.json() middleware to route-specific handler to reduce unnecessary JSON parsing and mitigate DoS risk.

Acknowledged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

enhancement New feature or request refactor security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shenald-dev