commit c8b6ad8abd3a9bd2491262fc9cb881b9b491969d
parent b637514b36e6c0f44505fca510f3033b85c932ff
Author: Jonathan Buchanan <jonathan.russ.buchanan@gmail.com>
Date: Mon, 29 Jun 2020 15:30:11 -0400
filler max_upload values for all POST/PATCH handlers
Diffstat:
1 file changed, 48 insertions(+), 11 deletions(-)
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
@@ -782,14 +782,24 @@ url_handler (void *cls,
{
.url_prefix = "/",
.method = MHD_HTTP_METHOD_PATCH,
- .handler = &TMH_private_patch_instances_ID
+ .handler = &TMH_private_patch_instances_ID,
+ /* allow instance data of up to 8 MB, that should be plenty;
+ note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB)
+ would require further changes to the allocation logic
+ in the code... */
+ .max_upload = 1024 * 1024 * 8
},
/* POST /instances: */
{
.url_prefix = "/instances",
.method = MHD_HTTP_METHOD_POST,
.skip_instance = true,
- .handler = &TMH_private_post_instances
+ .handler = &TMH_private_post_instances,
+ /* allow instance data of up to 8 MB, that should be plenty;
+ note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB)
+ would require further changes to the allocation logic
+ in the code... */
+ .max_upload = 1024 * 1024 * 8
},
/* GET /products: */
{
@@ -840,7 +850,10 @@ url_handler (void *cls,
.url_suffix = "lock",
.method = MHD_HTTP_METHOD_POST,
.have_id_segment = true,
- .handler = &TMH_private_post_products_ID_lock
+ .handler = &TMH_private_post_products_ID_lock,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* POST /orders: */
{
@@ -872,7 +885,10 @@ url_handler (void *cls,
.url_suffix = "refund",
.method = MHD_HTTP_METHOD_POST,
.have_id_segment = true,
- .handler = &TMH_private_post_orders_ID_refund
+ .handler = &TMH_private_post_orders_ID_refund,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* DELETE /orders/$ID: */
{
@@ -885,7 +901,10 @@ url_handler (void *cls,
{
.url_prefix = "/reserves",
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_private_post_reserves
+ .handler = &TMH_private_post_reserves,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* DELETE /reserves/$ID: */
{
@@ -900,13 +919,19 @@ url_handler (void *cls,
.url_suffix = "authorize-tip",
.have_id_segment = true,
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_private_post_reserves_ID_authorize_tip
+ .handler = &TMH_private_post_reserves_ID_authorize_tip,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* POST /tips: */
{
.url_prefix = "/tips",
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_private_post_tips
+ .handler = &TMH_private_post_tips,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* GET /tips: */
{
@@ -938,7 +963,10 @@ url_handler (void *cls,
{
.url_prefix = "/transfers",
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_private_post_transfers
+ .handler = &TMH_private_post_transfers,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* GET /transfers: */
{
@@ -980,7 +1008,10 @@ url_handler (void *cls,
.have_id_segment = true,
.url_suffix = "abort",
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_post_orders_ID_abort
+ .handler = &TMH_post_orders_ID_abort,
+ /* wallet may give us many coins to sign, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* POST /orders/$ID/claim: */
{
@@ -988,7 +1019,10 @@ url_handler (void *cls,
.have_id_segment = true,
.url_suffix = "claim",
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_post_orders_ID_claim
+ .handler = &TMH_post_orders_ID_claim,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* POST /orders/$ID/pay: */
{
@@ -996,7 +1030,10 @@ url_handler (void *cls,
.have_id_segment = true,
.url_suffix = "pay",
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_post_orders_ID_pay
+ .handler = &TMH_post_orders_ID_pay,
+ /* wallet may give us many coins to sign, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* GET /orders/$ID: */
{
