commit e5025de6e556bf1659ba93dd720a72f444d945a6
parent 72ca4e80aaa7db99a741afcc4e5bdc1d8e417bda
Author: Antoine A <>
Date: Fri, 27 Sep 2024 16:31:01 +0200
common: set limits to params
Diffstat:
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/common/src/main/kotlin/Constants.kt b/common/src/main/kotlin/Constants.kt
@@ -31,4 +31,9 @@ const val REVENUE_API_VERSION: String = "1:0:1"
// HTTP headers
const val X_CHALLENGE_ID: String = "X-Challenge-Id"
-const val X_FORWARD_PREFIX: String = "X-Forward-Prefix"
-\ No newline at end of file
+const val X_FORWARD_PREFIX: String = "X-Forward-Prefix"
+
+// Params
+const val MAX_PAGE_SIZE: Int = 1024
+const val MAX_TIMEOUT_MS: Long = 60 * 60 * 1000 // 1h
+// TODO make MAX_TIMEOUT_MS configurable
+\ No newline at end of file
diff --git a/common/src/main/kotlin/params.kt b/common/src/main/kotlin/params.kt
@@ -20,6 +20,7 @@
package tech.libeufin.common
import io.ktor.http.*
+import kotlin.math.min
import java.util.*
fun Parameters.expect(name: String): String
@@ -69,9 +70,10 @@ data class PageParams(
val limit: Int = new_limit_value ?: legacy_limit_value ?: -20
if (limit == 0) throw badRequest("Param 'limit' must be non-zero", TalerErrorCode.GENERIC_PARAMETER_MALFORMED)
+ else if (limit > MAX_PAGE_SIZE) throw badRequest("Param 'limit' must be <= ${MAX_PAGE_SIZE}", TalerErrorCode.GENERIC_PARAMETER_MALFORMED)
val offset: Long = new_offset_value ?: legacy_offset_value ?: if (limit >= 0) 0L else Long.MAX_VALUE
if (offset < 0) throw badRequest("Param 'offset' must be a positive number", TalerErrorCode.GENERIC_PARAMETER_MALFORMED)
- // TODO enforce max limit
+
return PageParams(limit, offset)
}
}
@@ -104,7 +106,7 @@ data class PollingParams(
val new_value = params.long("timeout_ms")
if (legacy_value != null && new_value != null && legacy_value != new_value)
throw badRequest("Param 'timeout_ms' cannot be used with param 'long_poll_ms'", TalerErrorCode.GENERIC_PARAMETER_MALFORMED)
- val timeout_ms: Long = new_value ?: legacy_value ?: 0
+ val timeout_ms: Long = min(new_value ?: legacy_value ?: 0, MAX_TIMEOUT_MS)
if (timeout_ms < 0) throw badRequest("Param 'timeout_ms' must be a positive number", TalerErrorCode.GENERIC_PARAMETER_MALFORMED)
return PollingParams(timeout_ms)
}
diff --git a/common/src/test/kotlin/ParamsTest.kt b/common/src/test/kotlin/ParamsTest.kt
@@ -45,8 +45,11 @@ class ParamsTest {
).forEach { case -> case.check(1, 2, 3) }
"".check(0, -20, Long.MAX_VALUE)
"limit=1".check(0, 1, 0)
+ "limit=${MAX_PAGE_SIZE}".check(0, MAX_PAGE_SIZE, 0)
"limit=0".fail("Param 'limit' must be non-zero")
+ "limit=${MAX_PAGE_SIZE+1}".fail("Param 'limit' must be <= ${MAX_PAGE_SIZE}")
"offset=-1".fail("Param 'offset' must be a positive number")
+ "long_poll_ms=${MAX_TIMEOUT_MS+1}".check(MAX_TIMEOUT_MS, 0, 0)
"long_poll_ms=1&timeout_ms=2".fail("Param 'timeout_ms' cannot be used with param 'long_poll_ms'")
"limit=1&delta=2".fail("Param 'limit' cannot be used with param 'delta'")
"offset=1&start=2".fail("Param 'offset' cannot be used with param 'start'")
