From 386cba15b5ee56908e3b33f7ee52a4c8486d5d8f Mon Sep 17 00:00:00 2001
From: Delweng <delweng@gmail.com>
Date: Wed, 16 Aug 2023 21:26:49 +0800
Subject: [PATCH] node: increase batch limits for auth rpc API (#27924)

This raises the JSON-RPC batch request limits significantly for the engine API endpoint.
The limits are now also hard-coded, so users won't get them wrong. I have chosen these limits:

    maximum batch items: 2000
    maximum batch response size: 250MB

While it would also be possible to disable batch limits completely for the engine API,
I think having some limits is a good safety net against misbehaving CLs. Since this
 isn't configurable, we really want to ensure this limit will never become an issue in the
 CL/EL communication, so I set them quite high.

---------

Signed-off-by: jsvisa <delweng@gmail.com>
Co-authored-by: Felix Lange <fjl@twurst.com>
---
 node/defaults.go | 7 +++++++
 node/node.go     | 7 +++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/node/defaults.go b/node/defaults.go
index d8f718121..42d9d4cde 100644
--- a/node/defaults.go
+++ b/node/defaults.go
@@ -36,6 +36,13 @@ const (
 	DefaultAuthPort = 8551        // Default port for the authenticated apis
 )
 
+const (
+	// Engine API batch limits: these are not configurable by users, and should cover the
+	// needs of all CLs.
+	engineAPIBatchItemLimit         = 2000
+	engineAPIBatchResponseSizeLimit = 250 * 1000 * 1000
+)
+
 var (
 	DefaultAuthCors    = []string{"localhost"} // Default cors domain for the authenticated apis
 	DefaultAuthVhosts  = []string{"localhost"} // Default virtual hosts for the authenticated apis
diff --git a/node/node.go b/node/node.go
index da41169c5..41c9971fe 100644
--- a/node/node.go
+++ b/node/node.go
@@ -449,8 +449,11 @@ func (n *Node) startRPC() error {
 		if err := server.setListenAddr(n.config.AuthAddr, port); err != nil {
 			return err
 		}
-		sharedConfig := rpcConfig
-		sharedConfig.jwtSecret = secret
+		sharedConfig := rpcEndpointConfig{
+			jwtSecret:              secret,
+			batchItemLimit:         engineAPIBatchItemLimit,
+			batchResponseSizeLimit: engineAPIBatchResponseSizeLimit,
+		}
 		if err := server.enableRPC(allAPIs, httpConfig{
 			CorsAllowedOrigins: DefaultAuthCors,
 			Vhosts:             n.config.AuthVirtualHosts,