Harden Node adapter HTTP server defaults and request body handling

[matthewp]

Changes

• Adds a global body size limit to createRequest() that enforces a maximum request body size via a streaming size-limiting wrapper
• The Node adapter's createAppHandler applies a default 1GB body size limit to prevent unbounded memory consumption
• Adds new bodySizeLimit option in the adapter, ex. node({ bodySizeLimit: Infinity }) sets to no limit

Testing

• Added unit tests for body size limiting in packages/astro/test/units/app/node.test.js:
  • Verifies request body exceeding the limit is rejected
  • Verifies request body within the limit is accepted
  • Verifies no limit is enforced when bodySizeLimit is not configured

Docs

• Document bodySizeLimit option for @astrojs/node adapter docs#13344

[changeset-bot]

🦋 Changeset detected

Latest commit: de0fbb8

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[codspeed-hq]

Merging this PR will not alter performance

✅ 18 untouched benchmarks

---

_{Comparing fix/bugbot-129 (de0fbb8) with main (631aaed)¹}

Footnotes

1. No successful run was found on main (2ff96f4) during the generation of this report, so 631aaed was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[sarah11918]

Changeset LGTM!

(I think in the past we've done things like split the patch and minor up, so that e.g. the patch is only about the timeout stuff, and the minor is only about the new config option. If you think it's fine to combine them like this, then it's good as written!)

[ematipico]

Aren't generators slow?

[matthewp]

Iterables are comparitively, but there already is an iterable here (the request).