From 3147636babff5e132b5978539289ab148bdfd804 Mon Sep 17 00:00:00 2001
From: Can Yu <fineaisa@gmail.com>
Date: Tue, 9 Jun 2026 15:48:23 +0800
Subject: [PATCH] fix(api): handle body read error and cap response size in
 FormatHTTPError

Address review feedback: stop discarding the io.ReadAll error so I/O
failures surface in the error message, and wrap the body reader with
LimitReader(1 MiB) to guard against oversized error responses from
proxies.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 pkg/util/http.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/util/http.go b/pkg/util/http.go
index 520a4b5..e9d7739 100644
--- a/pkg/util/http.go
+++ b/pkg/util/http.go
@@ -20,7 +20,10 @@ import (
 //
 // action is a short verb phrase describing what failed, e.g. "create upload session".
 func FormatHTTPError(action string, resp *http.Response) error {
-	body, _ := io.ReadAll(resp.Body)
+	body, err := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
+	if err != nil {
+		return fmt.Errorf("%s: failed to read response body (status: %d): %w", action, resp.StatusCode, err)
+	}
 
 	var errResp struct {
 		Code  string `json:"code"`