feat(http): add fetchText/fetchBuffer with timeout and size limits

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 15:09:31 +02:00
parent 9ddceb563b
commit 11b6b8fff1
2 changed files with 151 additions and 0 deletions
--- a/src/lib/server/http.ts
+++ b/src/lib/server/http.ts
@@ -0,0 +1,91 @@
+export type FetchOptions = {
+  maxBytes?: number;
+  timeoutMs?: number;
+  userAgent?: string;
+};
+
+const DEFAULTS: Required<FetchOptions> = {
+  maxBytes: 10 * 1024 * 1024,
+  timeoutMs: 10_000,
+  userAgent: 'Kochwas/0.1'
+};
+
+function assertSafeUrl(url: string): void {
+  let u: URL;
+  try {
+    u = new URL(url);
+  } catch {
+    throw new Error(`Invalid URL: ${url}`);
+  }
+  if (u.protocol !== 'http:' && u.protocol !== 'https:') {
+    throw new Error(`Unsupported URL scheme: ${u.protocol}`);
+  }
+}
+
+async function readBody(
+  response: Response,
+  maxBytes: number
+): Promise<{ data: Uint8Array; total: number }> {
+  const reader = response.body?.getReader();
+  if (!reader) {
+    const buf = new Uint8Array(await response.arrayBuffer());
+    if (buf.byteLength > maxBytes) throw new Error(`Response exceeds ${maxBytes} bytes`);
+    return { data: buf, total: buf.byteLength };
+  }
+  const chunks: Uint8Array[] = [];
+  let total = 0;
+  for (;;) {
+    const { value, done } = await reader.read();
+    if (done) break;
+    if (value) {
+      total += value.byteLength;
+      if (total > maxBytes) {
+        await reader.cancel();
+        throw new Error(`Response exceeds ${maxBytes} bytes`);
+      }
+      chunks.push(value);
+    }
+  }
+  const merged = new Uint8Array(total);
+  let offset = 0;
+  for (const c of chunks) {
+    merged.set(c, offset);
+    offset += c.byteLength;
+  }
+  return { data: merged, total };
+}
+
+async function doFetch(url: string, opts: FetchOptions): Promise<Response> {
+  assertSafeUrl(url);
+  const merged = { ...DEFAULTS, ...opts };
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), merged.timeoutMs);
+  try {
+    const res = await fetch(url, {
+      signal: controller.signal,
+      redirect: 'follow',
+      headers: { 'user-agent': merged.userAgent }
+    });
+    if (!res.ok) throw new Error(`HTTP ${res.status} for ${url}`);
+    return res;
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
+export async function fetchText(url: string, opts: FetchOptions = {}): Promise<string> {
+  const merged = { ...DEFAULTS, ...opts };
+  const res = await doFetch(url, merged);
+  const { data } = await readBody(res, merged.maxBytes);
+  return new TextDecoder('utf-8').decode(data);
+}
+
+export async function fetchBuffer(
+  url: string,
+  opts: FetchOptions = {}
+): Promise<{ data: Uint8Array; contentType: string | null }> {
+  const merged = { ...DEFAULTS, ...opts };
+  const res = await doFetch(url, merged);
+  const { data } = await readBody(res, merged.maxBytes);
+  return { data, contentType: res.headers.get('content-type') };
+}