diff options
| author | Chocobozzz <me@florianbigard.com> | 2020-01-09 09:36:31 +0100 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2020-01-09 09:36:31 +0100 |
| commit | e0b56b7495e809581a1e6447794bf7573a78af56 (patch) | |
| tree | 7bf3917b7109fc8d671c994b4f501fd020257b38 | |
| parent | 240458d0c95133bfb03a3f695a1b4e5cb63e20ef (diff) | |
| download | PeerTube-e0b56b7495e809581a1e6447794bf7573a78af56.tar.gz PeerTube-e0b56b7495e809581a1e6447794bf7573a78af56.tar.zst PeerTube-e0b56b7495e809581a1e6447794bf7573a78af56.zip | |
Return an error on invalid count pagination
| -rw-r--r-- | server/initializers/constants.ts | 13 | ||||
| -rw-r--r-- | server/middlewares/pagination.ts | 4 | ||||
| -rw-r--r-- | server/middlewares/validators/activitypub/pagination.ts | 9 | ||||
| -rw-r--r-- | server/middlewares/validators/pagination.ts | 9 | ||||
| -rw-r--r-- | shared/extra-utils/requests/check-api-params.ts | 12 |
5 files changed, 35 insertions, 12 deletions
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index f4a2b358b..8461c7320 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts | |||
| @@ -22,9 +22,16 @@ const API_VERSION = 'v1' | |||
| 22 | const PEERTUBE_VERSION = require(join(root(), 'package.json')).version | 22 | const PEERTUBE_VERSION = require(join(root(), 'package.json')).version |
| 23 | 23 | ||
| 24 | const PAGINATION = { | 24 | const PAGINATION = { |
| 25 | COUNT: { | 25 | GLOBAL: { |
| 26 | DEFAULT: 15, | 26 | COUNT: { |
| 27 | MAX: 100 | 27 | DEFAULT: 15, |
| 28 | MAX: 100 | ||
| 29 | } | ||
| 30 | }, | ||
| 31 | OUTBOX: { | ||
| 32 | COUNT: { | ||
| 33 | MAX: 50 | ||
| 34 | } | ||
| 28 | } | 35 | } |
| 29 | } | 36 | } |
| 30 | 37 | ||
diff --git a/server/middlewares/pagination.ts b/server/middlewares/pagination.ts index 043869303..b59717d7b 100644 --- a/server/middlewares/pagination.ts +++ b/server/middlewares/pagination.ts | |||
| @@ -5,11 +5,9 @@ function setDefaultPagination (req: express.Request, res: express.Response, next | |||
| 5 | if (!req.query.start) req.query.start = 0 | 5 | if (!req.query.start) req.query.start = 0 |
| 6 | else req.query.start = parseInt(req.query.start, 10) | 6 | else req.query.start = parseInt(req.query.start, 10) |
| 7 | 7 | ||
| 8 | if (!req.query.count) req.query.count = PAGINATION.COUNT.DEFAULT | 8 | if (!req.query.count) req.query.count = PAGINATION.GLOBAL.COUNT.DEFAULT |
| 9 | else req.query.count = parseInt(req.query.count, 10) | 9 | else req.query.count = parseInt(req.query.count, 10) |
| 10 | 10 | ||
| 11 | if (req.query.count > PAGINATION.COUNT.MAX) req.query.count = PAGINATION.COUNT.MAX | ||
| 12 | |||
| 13 | return next() | 11 | return next() |
| 14 | } | 12 | } |
| 15 | 13 | ||
diff --git a/server/middlewares/validators/activitypub/pagination.ts b/server/middlewares/validators/activitypub/pagination.ts index 8b32d3415..fa21f063d 100644 --- a/server/middlewares/validators/activitypub/pagination.ts +++ b/server/middlewares/validators/activitypub/pagination.ts | |||
| @@ -2,10 +2,15 @@ import * as express from 'express' | |||
| 2 | import { query } from 'express-validator' | 2 | import { query } from 'express-validator' |
| 3 | import { logger } from '../../../helpers/logger' | 3 | import { logger } from '../../../helpers/logger' |
| 4 | import { areValidationErrors } from '../utils' | 4 | import { areValidationErrors } from '../utils' |
| 5 | import { PAGINATION } from '@server/initializers/constants' | ||
| 5 | 6 | ||
| 6 | const apPaginationValidator = [ | 7 | const apPaginationValidator = [ |
| 7 | query('page').optional().isInt({ min: 1 }).withMessage('Should have a valid page number'), | 8 | query('page') |
| 8 | query('size').optional().isInt({ max: 50 }).withMessage('Should have a valid page size (max: 50)'), | 9 | .optional() |
| 10 | .isInt({ min: 1 }).withMessage('Should have a valid page number'), | ||
| 11 | query('size') | ||
| 12 | .optional() | ||
| 13 | .isInt({ min: 0, max: PAGINATION.OUTBOX.COUNT.MAX }).withMessage(`Should have a valid page size (max: ${PAGINATION.OUTBOX.COUNT.MAX})`), | ||
| 9 | 14 | ||
| 10 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 15 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
| 11 | logger.debug('Checking pagination parameters', { parameters: req.query }) | 16 | logger.debug('Checking pagination parameters', { parameters: req.query }) |
diff --git a/server/middlewares/validators/pagination.ts b/server/middlewares/validators/pagination.ts index 80ae57c0b..1cae7848c 100644 --- a/server/middlewares/validators/pagination.ts +++ b/server/middlewares/validators/pagination.ts | |||
| @@ -2,10 +2,15 @@ import * as express from 'express' | |||
| 2 | import { query } from 'express-validator' | 2 | import { query } from 'express-validator' |
| 3 | import { logger } from '../../helpers/logger' | 3 | import { logger } from '../../helpers/logger' |
| 4 | import { areValidationErrors } from './utils' | 4 | import { areValidationErrors } from './utils' |
| 5 | import { PAGINATION } from '@server/initializers/constants' | ||
| 5 | 6 | ||
| 6 | const paginationValidator = [ | 7 | const paginationValidator = [ |
| 7 | query('start').optional().isInt({ min: 0 }).withMessage('Should have a number start'), | 8 | query('start') |
| 8 | query('count').optional().isInt({ min: 0 }).withMessage('Should have a number count'), | 9 | .optional() |
| 10 | .isInt({ min: 0 }).withMessage('Should have a number start'), | ||
| 11 | query('count') | ||
| 12 | .optional() | ||
| 13 | .isInt({ min: 0, max: PAGINATION.GLOBAL.COUNT.MAX }).withMessage(`Should have a number count (max: ${PAGINATION.GLOBAL.COUNT.MAX})`), | ||
| 9 | 14 | ||
| 10 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 15 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
| 11 | logger.debug('Checking pagination parameters', { parameters: req.query }) | 16 | logger.debug('Checking pagination parameters', { parameters: req.query }) |
diff --git a/shared/extra-utils/requests/check-api-params.ts b/shared/extra-utils/requests/check-api-params.ts index a2a549682..c34c7c216 100644 --- a/shared/extra-utils/requests/check-api-params.ts +++ b/shared/extra-utils/requests/check-api-params.ts | |||
| @@ -11,14 +11,22 @@ function checkBadStartPagination (url: string, path: string, token?: string, que | |||
| 11 | }) | 11 | }) |
| 12 | } | 12 | } |
| 13 | 13 | ||
| 14 | function checkBadCountPagination (url: string, path: string, token?: string, query = {}) { | 14 | async function checkBadCountPagination (url: string, path: string, token?: string, query = {}) { |
| 15 | return makeGetRequest({ | 15 | await makeGetRequest({ |
| 16 | url, | 16 | url, |
| 17 | path, | 17 | path, |
| 18 | token, | 18 | token, |
| 19 | query: immutableAssign(query, { count: 'hello' }), | 19 | query: immutableAssign(query, { count: 'hello' }), |
| 20 | statusCodeExpected: 400 | 20 | statusCodeExpected: 400 |
| 21 | }) | 21 | }) |
| 22 | |||
| 23 | await makeGetRequest({ | ||
| 24 | url, | ||
| 25 | path, | ||
| 26 | token, | ||
| 27 | query: immutableAssign(query, { count: 2000 }), | ||
| 28 | statusCodeExpected: 400 | ||
| 29 | }) | ||
| 22 | } | 30 | } |
| 23 | 31 | ||
| 24 | function checkBadSortPagination (url: string, path: string, token?: string, query = {}) { | 32 | function checkBadSortPagination (url: string, path: string, token?: string, query = {}) { |