refactor: replace BodyUncompressed() with streaming decoders for request decompression

[jerkeyray]

Summary

Refactors request body decompression to use streaming io.Reader decoders instead of fasthttp's BodyUncompressed(), following the same pattern already used for response-side decompression in DecompressStreamBody(). Size limits are now enforced during decompression via io.LimitedReader rather than after full expansion.

Changes

• Implemented custom request body decompression with streaming readers for gzip, deflate, brotli, and zstd encodings
• Added size limit enforcement during decompression rather than after, preventing memory bombs
• Added proper error handling with specific error types for oversized payloads vs invalid compressed data
• Included comprehensive test coverage for all supported encodings, edge cases, and error conditions

Type of change

• Bug fix
• Feature
• Refactor
• Documentation
• Chore/CI

Affected areas

• Core (Go)
• Transports (HTTP)
• Providers/Integrations
• Plugins
• UI (Next.js)
• Docs

How to test

Validate request decompression middleware handles various compression formats and enforces size limits:

# Run the new decompression tests
go test ./transports/bifrost-http/handlers -v -run TestRequestDecompressionMiddleware

# Test all transports
go test ./transports/...

# Full test suite
go test ./...

Test with compressed payloads that exceed the configured MaxRequestBodySizeMB limit to verify proper 413 responses.

Screenshots/Recordings

N/A

Breaking changes

• Yes
• No

Related issues

Addresses potential memory exhaustion vulnerabilities when processing compressed request bodies.

Security considerations

This change prevents memory exhaustion attacks where malicious clients could send small compressed payloads that expand to extremely large sizes when decompressed. The streaming approach with size limits ensures memory usage is bounded during decompression.

Checklist

• I read docs/contributing/README.md and followed the guidelines
• I added/updated tests where appropriate
• I updated documentation where needed
• I verified builds succeed (Go and UI)
• I verified the CI pipeline passes locally if applicable

[jerkeyray]

• feat: add threshold-gated streaming request decompression with pooled readers #2036
• refactor: replace BodyUncompressed() with streaming decoders for request decompression #1973 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

🧪 Test Suite Available

This PR can be tested by a repository admin.

Run tests for PR #1973

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9a3f937f-cec0-4b1d-81fa-446d86b74bf4

📥 Commits

Reviewing files that changed from the base of the PR and between 7e69860 and 72e294a.

📒 Files selected for processing (2)

• transports/bifrost-http/handlers/middlewares.go
• transports/bifrost-http/handlers/middlewares_test.go

---

📝 Walkthrough

Summary by CodeRabbit

• Improvements

  • Request decompression now streams compressed payloads and supports gzip, deflate, brotli and zstd.
  • Enforces decompressed request size limits and returns appropriate errors for oversized or invalid compressed bodies.
  • Clears Content-Encoding and Content-Length after successful decompression.

• Tests

  • Expanded coverage for supported encodings, invalid/unsupported payloads, empty-body cases, exact-limit edges, and header/state handling.

Walkthrough

Implements streaming decompression for HTTP request bodies (gzip, deflate, brotli, zstd) with a decompressed-size limit, adding decodeRequestBodyWithLimit() and requestBodyDecoder(), an errRequestBodyTooLarge sentinel, and middleware mapping decode errors to 400 and oversized decompressed bodies to 413.

Changes

Cohort / File(s)	Summary
Request Decompression Impl. transports/bifrost-http/handlers/middlewares.go	Replaces direct BodyUncompressed usage with streaming decoders: adds requestBodyDecoder and decodeRequestBodyWithLimit, errRequestBodyTooLarge, imports for gzip/flate/brotli/zstd, sets decoded body on request, clears Content-Encoding/Content-Length, and maps decode errors to 400/413 responses.
Tests: Decompression & Helpers transports/bifrost-http/handlers/middlewares_test.go	Adds comprehensive tests and compression helpers for gzip/deflate/brotli/zstd; covers valid encodings, invalid compressed payloads, unsupported encoding, decompressed-size limit (including exact limit), empty body with encoding, and header state validations.

Sequence Diagram(s)

sequenceDiagram
    participant Client as Client
    participant MW as RequestDecompressionMiddleware
    participant Decoder as requestBodyDecoder
    participant App as ApplicationHandler

    Client->>MW: POST with Content-Encoding + compressed body
    MW->>Decoder: detect encoding, create streaming reader + cleanup
    Decoder-->>MW: streaming Reader
    MW->>MW: decode stream with limit (decodeRequestBodyWithLimit)
    alt valid & within limit
        MW->>App: forward request with decompressed body (clear headers)
    else decompressed > limit
        MW-->>Client: 413 Request Entity Too Large
    else decoding error
        MW-->>Client: 400 Bad Request (invalid compressed body)
    end
    MW->>Decoder: invoke cleanup (if any)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• refactor: replace BodyUncompressed() with streaming decoders for request decompression #1973: Implements the same refactor in transports/bifrost-http/handlers/middlewares.go—replaces BodyUncompressed with streaming decoders and updates middleware/tests accordingly.

Suggested reviewers

• danpiths
• akshaydeo

Poem

🐇 I nibble compressed crumbs with care,

I stretch the stream and watch each byte fare,
If it balloons I thump — "Too large!" I say,
Else I spit out plain text and clear the way,
A tiny rabbit guarding payloads today.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: replacing BodyUncompressed() with streaming decoders for request decompression, which is the primary refactor in this changeset.
Description check	✅ Passed	The description comprehensively covers all required sections: summary, changes, type of change, affected areas, testing instructions, breaking changes, security considerations, and a completed checklist.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch refactor/request-streaming-decompression

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

transports/bifrost-http/handlers/middlewares.go (1)

159-161: Consider adding a comment explaining the 100MB hard cap.

This defensive default prevents unbounded decompression when config is nil or MaxRequestBodySizeMB is 0. A brief comment would help future maintainers understand this safety net.

📝 Suggested documentation

 	if maxRequestBodyBytes <= 0 {
-		maxRequestBodyBytes = 100 * 1024 * 1024 // 100 MB hard cap
+		// Safety net: 100 MB hard cap when config is missing or set to 0.
+		// Prevents unbounded decompression from exhausting memory.
+		maxRequestBodyBytes = 100 * 1024 * 1024
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@transports/bifrost-http/handlers/middlewares.go` around lines 159 - 161, Add
a short explanatory comment above the default assignment to maxRequestBodyBytes
that states the 100 * 1024 * 1024 (100MB) hard cap is a defensive default used
when MaxRequestBodySizeMB/config is nil or zero to prevent unbounded request
body decompression and DoS/resource exhaustion; reference the variable name
maxRequestBodyBytes and the surrounding maxRequestBodyBytes <= 0 check so future
maintainers know this is an intentional safety limit rather than an arbitrary
number.

transports/bifrost-http/handlers/middlewares_test.go (1)

1346-1353: Consider making empty body test assertions more specific per encoding.

The current test accepts either success or 400 for all encodings. If you want deterministic behavior, you could verify expected outcomes per encoding (e.g., gzip/deflate/brotli typically error on empty input, while zstd may differ).

That said, accepting either behavior is pragmatic if the contract only cares about "no crash, reasonable response."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@transports/bifrost-http/handlers/middlewares_test.go` around lines 1346 -
1353, The test currently treats empty-body behavior as acceptable if either
nextCalled is true or the response is 400; make it deterministic by branching on
the encoding under test (e.g., the table-driven "encoding" value) and asserting
the expected outcome per encoder: for gzip/deflate/brotli assert
ctx.Response.StatusCode() == fasthttp.StatusBadRequest, for encoders that allow
empty input (e.g., zstd) assert nextCalled is true (or a 2xx response). Update
the test logic around nextCalled and ctx.Response.StatusCode() to switch on the
encoding string used in the test case so each encoding has a precise
expectation.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@transports/bifrost-http/handlers/middlewares_test.go`:
- Around line 1346-1353: The test currently treats empty-body behavior as
acceptable if either nextCalled is true or the response is 400; make it
deterministic by branching on the encoding under test (e.g., the table-driven
"encoding" value) and asserting the expected outcome per encoder: for
gzip/deflate/brotli assert ctx.Response.StatusCode() ==
fasthttp.StatusBadRequest, for encoders that allow empty input (e.g., zstd)
assert nextCalled is true (or a 2xx response). Update the test logic around
nextCalled and ctx.Response.StatusCode() to switch on the encoding string used
in the test case so each encoding has a precise expectation.

In `@transports/bifrost-http/handlers/middlewares.go`:
- Around line 159-161: Add a short explanatory comment above the default
assignment to maxRequestBodyBytes that states the 100 * 1024 * 1024 (100MB) hard
cap is a defensive default used when MaxRequestBodySizeMB/config is nil or zero
to prevent unbounded request body decompression and DoS/resource exhaustion;
reference the variable name maxRequestBodyBytes and the surrounding
maxRequestBodyBytes <= 0 check so future maintainers know this is an intentional
safety limit rather than an arbitrary number.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0065447a-552b-4293-a7ae-6a8e50e0de2b

📥 Commits

Reviewing files that changed from the base of the PR and between 615b702 and db5cedd.

📒 Files selected for processing (2)

• transports/bifrost-http/handlers/middlewares.go
• transports/bifrost-http/handlers/middlewares_test.go

[CLAassistant]

All committers have signed the CLA.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

transports/bifrost-http/handlers/middlewares.go (1)

126-133: ⚠️ Potential issue | 🟡 Minor

Compute one effective max-body limit and reuse it everywhere.

These two paths disagree when config == nil or MaxRequestBodySizeMB <= 0: the middleware formats a 0 bytes error, while decodeRequestBodyWithLimit() actually enforces a 100 MB fallback. That makes the client-visible message wrong and can diverge from the server-level MaxRequestBodySize derived from the same config.

Suggested fix

 		return func(ctx *fasthttp.RequestCtx) {
 			if len(ctx.Request.Header.ContentEncoding()) > 0 {
-				maxRequestBodyBytes := 0
-				if config != nil && config.ClientConfig.MaxRequestBodySizeMB > 0 {
-					maxRequestBodyBytes = config.ClientConfig.MaxRequestBodySizeMB * 1024 * 1024
-				}
+				maxRequestBodyBytes := configstore.DefaultClientConfig.MaxRequestBodySizeMB * 1024 * 1024
+				if config != nil && config.ClientConfig.MaxRequestBodySizeMB > 0 {
+					maxRequestBodyBytes = config.ClientConfig.MaxRequestBodySizeMB * 1024 * 1024
+				}

 				body, err := decodeRequestBodyWithLimit(&ctx.Request, maxRequestBodyBytes)
 				if errors.Is(err, errRequestBodyTooLarge) {
 					SendError(ctx, fasthttp.StatusRequestEntityTooLarge, fmt.Sprintf("decompressed request body exceeds max allowed size of %d bytes", maxRequestBodyBytes))
 					return
@@
 func decodeRequestBodyWithLimit(req *fasthttp.Request, maxRequestBodyBytes int) ([]byte, error) {
 	reader, cleanup, err := requestBodyDecoder(req)
@@
-	if maxRequestBodyBytes <= 0 {
-		maxRequestBodyBytes = 100 * 1024 * 1024 // 100 MB hard cap
-	}
-
 	limitedReader := &io.LimitedReader{R: reader, N: int64(maxRequestBodyBytes + 1)}

Also applies to: 159-160

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@transports/bifrost-http/handlers/middlewares.go` around lines 126 - 133,
Compute and reuse a single effective max-body limit instead of computing
maxRequestBodyBytes separately: determine effectiveMaxRequestBodyBytes by
checking config != nil and config.ClientConfig.MaxRequestBodySizeMB > 0 else use
the same 100*1024*1024 fallback that decodeRequestBodyWithLimit uses, pass that
value into decodeRequestBodyWithLimit(&ctx.Request,
effectiveMaxRequestBodyBytes), and use effectiveMaxRequestBodyBytes in the
SendError message when errRequestBodyTooLarge is encountered (also update the
second occurrence at the other location). Ensure references are made to
maxRequestBodyBytes (replace with effectiveMaxRequestBodyBytes),
decodeRequestBodyWithLimit, errRequestBodyTooLarge, and SendError so both
enforcement and the error text agree.

🧹 Nitpick comments (1)

transports/bifrost-http/handlers/middlewares_test.go (1)

1323-1355: Make the empty-body contract explicit.

This test currently passes on either 400 or success, so it won’t catch a behavior change for any decoder. Pick the intended result for an empty compressed body and assert it per encoding; otherwise this case is effectively untested.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@transports/bifrost-http/handlers/middlewares_test.go` around lines 1323 -
1355, Update TestRequestDecompressionMiddleware_EmptyBodyWithContentEncoding to
make the empty-body contract explicit: replace the current encodings loop with a
table-driven test that maps each encoding (e.g., "gzip","deflate","br","zstd")
to an expected outcome (status code or success via nextCalled), remove the early
return that masks failures, and assert the concrete expectation per-encoding
(call RequestDecompressionMiddleware(config)(next) and then check either that
nextCalled is true or that ctx.Response.StatusCode() equals the expected
status); adjust the table to the intended behavior for
RequestDecompressionMiddleware so the test fails if any decoder's behavior
changes.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@transports/bifrost-http/handlers/middlewares.go`:
- Around line 188-190: The "deflate" branch currently uses flate.NewReader which
only accepts raw DEFLATE (RFC1951); instead, try zlib.NewReader(bodyReader)
first and if that returns an error fall back to flate.NewReader for
non-conformant servers, ensure you return the chosen reader and a close function
that closes it (e.g., the existing zr variable and its Close), and propagate any
final error; update the case "deflate" handling in
transports/bifrost-http/handlers/middlewares.go to implement this
try-zlib-then-flate pattern and keep the same return signature.

---

Outside diff comments:
In `@transports/bifrost-http/handlers/middlewares.go`:
- Around line 126-133: Compute and reuse a single effective max-body limit
instead of computing maxRequestBodyBytes separately: determine
effectiveMaxRequestBodyBytes by checking config != nil and
config.ClientConfig.MaxRequestBodySizeMB > 0 else use the same 100*1024*1024
fallback that decodeRequestBodyWithLimit uses, pass that value into
decodeRequestBodyWithLimit(&ctx.Request, effectiveMaxRequestBodyBytes), and use
effectiveMaxRequestBodyBytes in the SendError message when
errRequestBodyTooLarge is encountered (also update the second occurrence at the
other location). Ensure references are made to maxRequestBodyBytes (replace with
effectiveMaxRequestBodyBytes), decodeRequestBodyWithLimit,
errRequestBodyTooLarge, and SendError so both enforcement and the error text
agree.

---

Nitpick comments:
In `@transports/bifrost-http/handlers/middlewares_test.go`:
- Around line 1323-1355: Update
TestRequestDecompressionMiddleware_EmptyBodyWithContentEncoding to make the
empty-body contract explicit: replace the current encodings loop with a
table-driven test that maps each encoding (e.g., "gzip","deflate","br","zstd")
to an expected outcome (status code or success via nextCalled), remove the early
return that masks failures, and assert the concrete expectation per-encoding
(call RequestDecompressionMiddleware(config)(next) and then check either that
nextCalled is true or that ctx.Response.StatusCode() equals the expected
status); adjust the table to the intended behavior for
RequestDecompressionMiddleware so the test fails if any decoder's behavior
changes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c924113c-0ace-4e1b-ae3e-7731a675ac20

📥 Commits

Reviewing files that changed from the base of the PR and between db5cedd and b26a802.

📒 Files selected for processing (2)

• transports/bifrost-http/handlers/middlewares.go
• transports/bifrost-http/handlers/middlewares_test.go

[coderabbitai]

♻️ Duplicate comments (1)

transports/bifrost-http/handlers/middlewares.go (1)

188-190: ⚠️ Potential issue | 🔴 Critical

Use a zlib-compatible decoder for HTTP deflate.

compress/flate.NewReader only accepts raw RFC1951 streams, so this branch rejects standards-compliant Content-Encoding: deflate bodies and conflicts with the new deflateCompress() test helper, which emits the correct zlib-wrapped format.

Suggested fix

 	"bytes"
 	"compress/flate"
 	"compress/gzip"
+	"compress/zlib"
@@
 func requestBodyDecoder(req *fasthttp.Request) (io.Reader, func(), error) {
-	bodyReader := bytes.NewReader(req.Body())
+	rawBody := req.Body()
+	bodyReader := bytes.NewReader(rawBody)
 	encoding := strings.ToLower(strings.TrimSpace(string(req.Header.ContentEncoding())))
 	if encoding == "" {
 		return bodyReader, func() {}, nil
 	}
@@
 	case "deflate":
-		zr := flate.NewReader(bodyReader)
-		return zr, func() { _ = zr.Close() }, nil
+		zr, err := zlib.NewReader(bytes.NewReader(rawBody))
+		if err == nil {
+			return zr, func() { _ = zr.Close() }, nil
+		}
+		// Fallback for non-conformant raw-deflate senders.
+		fr := flate.NewReader(bytes.NewReader(rawBody))
+		return fr, func() { _ = fr.Close() }, nil

For HTTP Content-Encoding: deflate, do RFC 9110 and Go's compress/flate vs compress/zlib require zlib-wrapped DEFLATE? Which reader should decode compliant HTTP deflate bodies?

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@transports/bifrost-http/handlers/middlewares.go` around lines 188 - 190, The
"deflate" branch currently uses flate.NewReader (variable zr) which expects raw
RFC1951 streams; replace it with zlib.NewReader to accept zlib-wrapped DEFLATE
per HTTP standards, return the reader and a proper closer function that closes
the zlib reader (preserving the same return signature used by the function that
reads bodyReader), and update any variable names if needed (e.g., zr -> zrZlib)
to reflect the change so deflateCompress() test helper and standards-compliant
Content-Encoding: deflate bodies decode correctly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@transports/bifrost-http/handlers/middlewares.go`:
- Around line 188-190: The "deflate" branch currently uses flate.NewReader
(variable zr) which expects raw RFC1951 streams; replace it with zlib.NewReader
to accept zlib-wrapped DEFLATE per HTTP standards, return the reader and a
proper closer function that closes the zlib reader (preserving the same return
signature used by the function that reads bodyReader), and update any variable
names if needed (e.g., zr -> zrZlib) to reflect the change so deflateCompress()
test helper and standards-compliant Content-Encoding: deflate bodies decode
correctly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5f57eccf-0422-477c-bb5a-1d8b7b7af301

📥 Commits

Reviewing files that changed from the base of the PR and between b26a802 and c529cf3.

📒 Files selected for processing (2)

• transports/bifrost-http/handlers/middlewares.go
• transports/bifrost-http/handlers/middlewares_test.go

[danpiths]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[danpiths]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

♻️ Duplicate comments (1)

transports/bifrost-http/handlers/middlewares.go (1)

188-190: ⚠️ Potential issue | 🔴 Critical

Use a zlib decoder for HTTP Content-Encoding: deflate.

compress/flate.NewReader expects a raw RFC 1951 stream, but the HTTP deflate content-coding is zlib-wrapped. The new helper in transports/bifrost-http/handlers/middlewares_test.go already generates the RFC-correct format, so this branch will reject valid requests and break the new deflate coverage.

Suggested fix

-	"compress/flate"
+	"compress/zlib"

 	case "deflate":
-		zr := flate.NewReader(bodyReader)
+		zr, err := zlib.NewReader(bodyReader)
+		if err != nil {
+			return nil, func() {}, err
+		}
 		return zr, func() { _ = zr.Close() }, nil

Based on learnings: in transports/bifrost-http/handlers/middlewares.go, requestBodyDecoder for request Content-Encoding: deflate should use only compress/zlib.NewReader with no raw-flate fallback.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@transports/bifrost-http/handlers/middlewares.go` around lines 188 - 190, In
requestBodyDecoder handle the "deflate" branch by using compress/zlib.NewReader
(not compress/flate.NewReader) and return that reader plus a close wrapper;
remove any raw RFC1951 flate fallback so valid HTTP deflate (zlib-wrapped)
payloads produced by the test helper are accepted. Update the "deflate" case in
requestBodyDecoder to call zlib.NewReader(bodyReader), return the reader and a
func that closes it, and return nil error.

🧹 Nitpick comments (1)

transports/bifrost-http/handlers/middlewares_test.go (1)

1323-1355: Make the empty-body expectation deterministic.

This test currently passes for two opposite outcomes: either the middleware rejects the payload with 400, or it silently accepts it and calls next. That makes the suite too weak to catch regressions here. Please pin the intended contract per encoding, and if success is allowed, assert the post-decompression header/body state on that path too.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@transports/bifrost-http/handlers/middlewares_test.go` around lines 1323 -
1355, The test TestRequestDecompressionMiddleware_EmptyBodyWithContentEncoding
is nondeterministic because it accepts either a 400 response or calling next;
update it to assert a deterministic contract per encoding: decide which
encodings should return 400 vs succeed (e.g., disallow empty input for "gzip"
and "deflate" but allow "br" and "zstd"), and for each subtest compare against
the expected outcome; when success is expected assert nextCalled == true and
also verify the post-decompression state (e.g., RequestDecompressionMiddleware
removed/cleared the Content-Encoding header and ctx.Request.Body() is an empty
byte slice), and when failure is expected assert ctx.Response.StatusCode() ==
fasthttp.StatusBadRequest and nextCalled == false.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@transports/bifrost-http/handlers/middlewares.go`:
- Around line 188-190: In requestBodyDecoder handle the "deflate" branch by
using compress/zlib.NewReader (not compress/flate.NewReader) and return that
reader plus a close wrapper; remove any raw RFC1951 flate fallback so valid HTTP
deflate (zlib-wrapped) payloads produced by the test helper are accepted. Update
the "deflate" case in requestBodyDecoder to call zlib.NewReader(bodyReader),
return the reader and a func that closes it, and return nil error.

---

Nitpick comments:
In `@transports/bifrost-http/handlers/middlewares_test.go`:
- Around line 1323-1355: The test
TestRequestDecompressionMiddleware_EmptyBodyWithContentEncoding is
nondeterministic because it accepts either a 400 response or calling next;
update it to assert a deterministic contract per encoding: decide which
encodings should return 400 vs succeed (e.g., disallow empty input for "gzip"
and "deflate" but allow "br" and "zstd"), and for each subtest compare against
the expected outcome; when success is expected assert nextCalled == true and
also verify the post-decompression state (e.g., RequestDecompressionMiddleware
removed/cleared the Content-Encoding header and ctx.Request.Body() is an empty
byte slice), and when failure is expected assert ctx.Response.StatusCode() ==
fasthttp.StatusBadRequest and nextCalled == false.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1514c00b-5700-4fe5-a694-a8682483ace9

📥 Commits

Reviewing files that changed from the base of the PR and between c529cf3 and 71ddf55.

📒 Files selected for processing (2)

• transports/bifrost-http/handlers/middlewares.go
• transports/bifrost-http/handlers/middlewares_test.go

[Pratham-Mishra04]

Merge activity

• Mar 13, 8:32 AM UTC: A user started a stack merge that includes this pull request via Graphite.
• Mar 13, 8:33 AM UTC: Graphite rebased this pull request as part of a merge.
• Mar 13, 8:34 AM UTC: @Pratham-Mishra04 merged this pull request with Graphite.