Silgi
Plugins

Body Limit

Reject oversized request bodies with a guard — returns 413 Payload Too Large.

The body limit guard checks the Content-Length header before the procedure runs. If the body exceeds your threshold, the request is rejected with 413 Payload Too Large. Zero overhead for GET requests.

Usage

import {  } from 'silgi/plugins'

const  = k
  .$use(({ : 5 * 1024 * 1024 })) // 5 MB
  .$input(z.object({ : z.string() }))
  .$resolve(({ ,  }) => .storage.upload())

When exceeded, the client receives:

{
  "code": "PAYLOAD_TOO_LARGE",
  "status": 413,
  "message": "Request body too large",
  "data": { "maxBytes": 5242880, "receivedBytes": 10485760 }
}

Options

OptionTypeDefaultDescription
maxBytesnumber1_048_576 (1 MB)Maximum body size in bytes
messagestring"Request body too large"Custom error message

Apply globally

Add the guard to every mutation via a shared middleware array:

const  = bodyLimitGuard({ : 2 * 1024 * 1024 })

const  = s.$use(auth, ).$resolve(({ ,  }) => .db.users.create())

const  = s.$use(auth, ).$resolve(({ ,  }) => .db.posts.create())

The guard only checks Content-Length. It does not buffer or measure the actual body stream. For streaming uploads, consider using a transport-level limit instead.

What's next?

Rate Limiting

Sliding window rate limiter — protect your API with in-memory or pluggable backends like Redis.

Strict GET

Enforce GET-only access on query procedures — prevents CSRF and accidental POST calls.

On this page

UsageOptionsApply globallyWhat's next?