CLDSRV-909: Reject CopyObject when source exceeds 5 GiB

[tcarmet]

Align cloudserver's CopyObject with the AWS S3 contract by rejecting requests whose source object exceeds 5 GiB. AWS S3 returns HTTP 400 InvalidRequest ("The specified copy source is larger than the maximum allowable size for a copy source: 5368709120") and expects clients to use the multipart copy flow instead; cloudserver currently accepts these requests, leaving a gap with the published contract.

Targeting development/9.4 because changing a previously-accepted response is a behavior break for clients that relied on cloudserver's permissive behavior, happy to retarget development/9.3 if we prefer wider rollout.

Last commit contains a prettier fmt command and is kept separate from the actual code change for review. We should not focus on it as most of it is existing change.

[bert-e]

Hello tcarmet,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

[bert-e]

Incorrect fix version

The Fix Version/s in issue CLDSRV-909 contains:

• None

Considering where you are trying to merge, I ignored possible hotfix versions and I expected to find:

• 9.4.0

Please check the Fix Version/s of CLDSRV-909, or the target
branch of this pull request.

[claude]

LGTM

Review by Claude Code

[codecov]

Codecov Report

❌ Patch coverage is 90.22989% with 17 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.30%. Comparing base (580d648) to head (f34ae66).
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
lib/api/objectCopy.js	90.22%	17 Missing ⚠️

Additional details and impacted files

Files with missing lines	Coverage Δ
lib/api/objectCopy.js	91.69% <90.22%> (+0.20%)	⬆️

... and 2 files with indirect coverage changes

@@                 Coverage Diff                 @@
##           development/9.4    #6177      +/-   ##
===================================================
+ Coverage            85.25%   85.30%   +0.04%     
===================================================
  Files                  208      208              
  Lines                13919    13925       +6     
===================================================
+ Hits                 11867    11879      +12     
+ Misses                2052     2046       -6     

Flag	Coverage Δ
file-ft-tests	68.81% <84.48%> (-0.01%)	⬇️
kmip-ft-tests	28.12% <57.47%> (+<0.01%)	⬆️
mongo-v0-ft-tests	70.01% <84.48%> (+0.03%)	⬆️
mongo-v1-ft-tests	69.96% <84.48%> (-0.11%)	⬇️
multiple-backend	36.59% <2.29%> (-0.02%)	⬇️
sur-tests	36.35% <15.51%> (-0.02%)	⬇️
sur-tests-inflights	37.32% <15.51%> (-0.02%)	⬇️
unit	72.03% <72.41%> (+0.01%)	⬆️
utapi-v2-tests	34.77% <56.32%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[claude]

LGTM

Review by Claude Code

[claude]

• config.bypassMaxPutObjectSize leaks if the bypass test fails — reset it in the after block (tests/unit/api/objectCopy.js:660)

Review by Claude Code

[claude]

• config.bypassMaxPutObjectSize cleanup in the bypass test is inside the callback — if the assertion throws, the flag leaks. Move the reset into the after() block.
  • See inline comment on tests/unit/api/objectCopy.js:790

Review by Claude Code

[claude]

• config.bypassMaxPutObjectSize is not restored in the after() block of the 'objectCopy source size limit' test suite — if the test callback doesn't run (timeout, sync throw), the flag leaks to subsequent suites.
  - Add config.bypassMaxPutObjectSize = false; to the after() block.
  
  Review by Claude Code

[claude]

LGTM

Review by Claude Code