Remove the configurability, limit to 100KB

src/core/activity_queue.rs

@@ -168,8 +168,7 @@ async fn do_send(
         }
         Ok(o) => {
             let status = o.status();
-            // Limit the status text to 1KB.
-            let text = o.text_limited(1024).await.map_err(Error::conv)?;
+            let text = o.text_limited().await.map_err(Error::conv)?;
             Err(anyhow!(
                 "Queueing activity {} to {} for retry after failure with status {}: {}",
                 task.activity_id,

src/lib.rs

@@ -111,12 +111,6 @@ pub struct InstanceSettings {
     /// use the same as timeout when sending
     #[builder(default = "Duration::from_secs(10)")]
     request_timeout: Duration,
-    /// Maximum size of the HTTP response body in bytes.
-    /// This is limited to prevent potential memory exhaustion DoS attacks.
-    ///
-    /// Defaults to 2MB
-    #[builder(default = "2 * 1024 * 1024")]
-    response_body_size: usize,
     /// Function used to verify that urls are valid, used when receiving activities or fetching remote
     /// objects. Use this to implement functionality like federation blocklists. In case verification
     /// fails, it should return an error message.

src/utils.rs

@@ -35,7 +35,7 @@ pub async fn fetch_object_http<Kind: DeserializeOwned>(
         return Err(Error::ObjectDeleted);
     }
 
-    res.json_limited(instance.settings.response_body_size).await
+    res.json_limited().await
 }
 
 /// Check that both urls have the same domain. If not, return UrlVerificationError.

src/utils/reqwest_shim.rs

@@ -1,3 +1,4 @@
+use crate::Error;
 use bytes::{BufMut, Bytes, BytesMut};
 use futures_core::{ready, stream::BoxStream, Stream};
 use pin_project_lite::pin_project;
@@ -11,7 +12,8 @@ use std::{
     task::{Context, Poll},
 };
 
-use crate::Error;
+/// 100KB
+const MAX_BODY_SIZE: usize = 102400;
 
 pin_project! {
     pub struct BytesFuture {
@@ -90,9 +92,9 @@ pub trait ResponseExt {
     type JsonFuture<T>;
     type TextFuture;
 
-    fn bytes_limited(self, limit: usize) -> Self::BytesFuture;
-    fn json_limited<T>(self, limit: usize) -> Self::JsonFuture<T>;
-    fn text_limited(self, limit: usize) -> Self::TextFuture;
+    fn bytes_limited(self) -> Self::BytesFuture;
+    fn json_limited<T>(self) -> Self::JsonFuture<T>;
+    fn text_limited(self) -> Self::TextFuture;
 }
 
 impl ResponseExt for Response {
@@ -100,24 +102,24 @@ impl ResponseExt for Response {
     type JsonFuture<T> = JsonFuture<T>;
     type TextFuture = TextFuture;
 
-    fn bytes_limited(self, limit: usize) -> Self::BytesFuture {
+    fn bytes_limited(self) -> Self::BytesFuture {
         BytesFuture {
             stream: Box::pin(self.bytes_stream()),
-            limit,
+            limit: MAX_BODY_SIZE,
             aggregator: BytesMut::new(),
         }
     }
 
-    fn json_limited<T>(self, limit: usize) -> Self::JsonFuture<T> {
+    fn json_limited<T>(self) -> Self::JsonFuture<T> {
         JsonFuture {
             _t: PhantomData,
-            future: self.bytes_limited(limit),
+            future: self.bytes_limited(),
         }
     }
 
-    fn text_limited(self, limit: usize) -> Self::TextFuture {
+    fn text_limited(self) -> Self::TextFuture {
         TextFuture {
-            future: self.bytes_limited(limit),
+            future: self.bytes_limited(),
         }
     }
 }