Skip to content

fix(stt): bound audio download response size#5412

Merged
waleedlatif1 merged 2 commits into
stagingfrom
fix/stt-audio-url-max-response-bytes
Jul 4, 2026
Merged

fix(stt): bound audio download response size#5412
waleedlatif1 merged 2 commits into
stagingfrom
fix/stt-audio-url-max-response-bytes

Conversation

@waleedlatif1

Copy link
Copy Markdown
Collaborator

Summary

  • The STT proxy's audioUrl download path had no response size cap, unlike the sibling download routes (e.g. sharepoint/download-file) which already pass maxResponseBytes.
  • Pass the platform's standard 100MB file-size ceiling (MAX_FILE_SIZE from @/lib/uploads/utils/validation) into the secureFetchWithPinnedIP call for audioUrl.
  • Classify the resulting size-limit error as a clean 413 response instead of letting it fall through to a generic 500, matching the pattern used in video/route.ts and tts/route.ts.

Type of Change

  • Bug fix

Testing

  • Added apps/sim/app/api/tools/stt/route.test.ts covering: an oversized audioUrl download is rejected with a 413 and clear message, and a normal well-under-cap download still transcribes successfully.
  • bun run vitest run app/api/tools/stt/route.test.ts passes.
  • bunx tsc --noEmit, bunx biome check, and bun run check:api-validation all pass on the changed files.

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

Cap the audioUrl download in the STT proxy route at the platform's standard 100MB file-size ceiling, matching the pattern already used by sharepoint/download-file and other external download routes. Classify size-limit rejections as a clean 413 instead of an unhandled 500.
@vercel

vercel Bot commented Jul 4, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Skipped Skipped Jul 4, 2026 7:11pm

Request Review

@cursor

cursor Bot commented Jul 4, 2026

Copy link
Copy Markdown

PR Summary

Low Risk
Small, defensive change to URL fetch limits and error mapping on the STT proxy; no auth or data-model changes.

Overview
The STT proxy’s audioUrl path now caps remote downloads at the platform 100MB ceiling by passing maxResponseBytes: MAX_FILE_SIZE into secureFetchWithPinnedIP, aligning with other tool download routes (e.g. SharePoint).

When that limit is hit, the route returns 413 with “Audio file exceeds the maximum supported size” instead of a generic 500, using isPayloadSizeLimitError like video and tts.

New route.test.ts covers oversized audioUrl responses (413 + limit passed to secure fetch) and a normal under-cap download that still transcribes.

Reviewed by Cursor Bugbot for commit 5602707. Configure here.

@greptile-apps

greptile-apps Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR closes a missing response-size cap on the STT proxy's audioUrl download path by passing MAX_FILE_SIZE (100 MB) into secureFetchWithPinnedIP, aligning it with all other download routes in the codebase. The outer catch block now maps the resulting PayloadSizeLimitError to a clean 413 rather than a generic 500.

  • route.ts: adds maxResponseBytes: MAX_FILE_SIZE to the secureFetchWithPinnedIP options and introduces an isSizeLimit local variable so the error type is checked once, mirroring the video/route.ts and tts/route.ts patterns.
  • route.test.ts: new test file with two cases — verifying the 413 rejection for oversized downloads and confirming the success path still transcribes correctly.

Confidence Score: 5/5

Safe to merge — the change is a minimal, targeted fix that adds a missing safety cap and is well-tested.

The two-line production change follows a pattern already established and proven in sibling routes. The isSizeLimit local variable is extracted correctly, the 413 is returned only for the specific error type, and the new test file directly verifies both the rejection and the happy-path cases.

No files require special attention.

Important Files Changed

Filename Overview
apps/sim/app/api/tools/stt/route.ts Adds maxResponseBytes: MAX_FILE_SIZE to the secureFetchWithPinnedIP call for audioUrl, and maps PayloadSizeLimitError to a 413 response in the outer catch block, matching the pattern used in sibling routes.
apps/sim/app/api/tools/stt/route.test.ts New test file covering the 413 rejection for oversized audioUrl downloads and the happy-path transcription flow; correctly verifies that maxResponseBytes is forwarded to secureFetchWithPinnedIP.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant Client
    participant STT Route
    participant secureFetchWithPinnedIP
    participant Transcription API

    Client->>STT Route: POST /api/tools/stt (audioUrl)
    STT Route->>secureFetchWithPinnedIP: GET audioUrl (maxResponseBytes: 100MB)
    alt Response within 100 MB
        secureFetchWithPinnedIP-->>STT Route: Response OK
        STT Route->>Transcription API: Submit audio buffer
        Transcription API-->>STT Route: Transcript
        STT Route-->>Client: 200 { transcript }
    else Response exceeds 100 MB
        secureFetchWithPinnedIP-->>STT Route: throws PayloadSizeLimitError
        STT Route-->>Client: 413 { error: "Audio file exceeds the maximum supported size" }
    else Fetch fails
        secureFetchWithPinnedIP-->>STT Route: throws Error
        STT Route-->>Client: 500 { error: ... }
    end
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant Client
    participant STT Route
    participant secureFetchWithPinnedIP
    participant Transcription API

    Client->>STT Route: POST /api/tools/stt (audioUrl)
    STT Route->>secureFetchWithPinnedIP: GET audioUrl (maxResponseBytes: 100MB)
    alt Response within 100 MB
        secureFetchWithPinnedIP-->>STT Route: Response OK
        STT Route->>Transcription API: Submit audio buffer
        Transcription API-->>STT Route: Transcript
        STT Route-->>Client: 200 { transcript }
    else Response exceeds 100 MB
        secureFetchWithPinnedIP-->>STT Route: throws PayloadSizeLimitError
        STT Route-->>Client: 413 { error: "Audio file exceeds the maximum supported size" }
    else Fetch fails
        secureFetchWithPinnedIP-->>STT Route: throws Error
        STT Route-->>Client: 500 { error: ... }
    end
Loading

Reviews (3): Last reviewed commit: "fix(stt): avoid double isPayloadSizeLimi..." | Re-trigger Greptile

Comment thread apps/sim/app/api/tools/stt/route.ts Outdated
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile-apps review

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 5602707. Configure here.

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile review

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 5602707. Configure here.

@waleedlatif1 waleedlatif1 merged commit a1fbb57 into staging Jul 4, 2026
18 checks passed
@waleedlatif1 waleedlatif1 deleted the fix/stt-audio-url-max-response-bytes branch July 4, 2026 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant