aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2020-01-09 09:36:31 +0100
committerChocobozzz <me@florianbigard.com>2020-01-09 09:36:31 +0100
commite0b56b7495e809581a1e6447794bf7573a78af56 (patch)
tree7bf3917b7109fc8d671c994b4f501fd020257b38
parent240458d0c95133bfb03a3f695a1b4e5cb63e20ef (diff)
downloadPeerTube-e0b56b7495e809581a1e6447794bf7573a78af56.tar.gz
PeerTube-e0b56b7495e809581a1e6447794bf7573a78af56.tar.zst
PeerTube-e0b56b7495e809581a1e6447794bf7573a78af56.zip
Return an error on invalid count pagination
-rw-r--r--server/initializers/constants.ts13
-rw-r--r--server/middlewares/pagination.ts4
-rw-r--r--server/middlewares/validators/activitypub/pagination.ts9
-rw-r--r--server/middlewares/validators/pagination.ts9
-rw-r--r--shared/extra-utils/requests/check-api-params.ts12
5 files changed, 35 insertions, 12 deletions
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index f4a2b358b..8461c7320 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -22,9 +22,16 @@ const API_VERSION = 'v1'
22const PEERTUBE_VERSION = require(join(root(), 'package.json')).version 22const PEERTUBE_VERSION = require(join(root(), 'package.json')).version
23 23
24const PAGINATION = { 24const PAGINATION = {
25 COUNT: { 25 GLOBAL: {
26 DEFAULT: 15, 26 COUNT: {
27 MAX: 100 27 DEFAULT: 15,
28 MAX: 100
29 }
30 },
31 OUTBOX: {
32 COUNT: {
33 MAX: 50
34 }
28 } 35 }
29} 36}
30 37
diff --git a/server/middlewares/pagination.ts b/server/middlewares/pagination.ts
index 043869303..b59717d7b 100644
--- a/server/middlewares/pagination.ts
+++ b/server/middlewares/pagination.ts
@@ -5,11 +5,9 @@ function setDefaultPagination (req: express.Request, res: express.Response, next
5 if (!req.query.start) req.query.start = 0 5 if (!req.query.start) req.query.start = 0
6 else req.query.start = parseInt(req.query.start, 10) 6 else req.query.start = parseInt(req.query.start, 10)
7 7
8 if (!req.query.count) req.query.count = PAGINATION.COUNT.DEFAULT 8 if (!req.query.count) req.query.count = PAGINATION.GLOBAL.COUNT.DEFAULT
9 else req.query.count = parseInt(req.query.count, 10) 9 else req.query.count = parseInt(req.query.count, 10)
10 10
11 if (req.query.count > PAGINATION.COUNT.MAX) req.query.count = PAGINATION.COUNT.MAX
12
13 return next() 11 return next()
14} 12}
15 13
diff --git a/server/middlewares/validators/activitypub/pagination.ts b/server/middlewares/validators/activitypub/pagination.ts
index 8b32d3415..fa21f063d 100644
--- a/server/middlewares/validators/activitypub/pagination.ts
+++ b/server/middlewares/validators/activitypub/pagination.ts
@@ -2,10 +2,15 @@ import * as express from 'express'
2import { query } from 'express-validator' 2import { query } from 'express-validator'
3import { logger } from '../../../helpers/logger' 3import { logger } from '../../../helpers/logger'
4import { areValidationErrors } from '../utils' 4import { areValidationErrors } from '../utils'
5import { PAGINATION } from '@server/initializers/constants'
5 6
6const apPaginationValidator = [ 7const apPaginationValidator = [
7 query('page').optional().isInt({ min: 1 }).withMessage('Should have a valid page number'), 8 query('page')
8 query('size').optional().isInt({ max: 50 }).withMessage('Should have a valid page size (max: 50)'), 9 .optional()
10 .isInt({ min: 1 }).withMessage('Should have a valid page number'),
11 query('size')
12 .optional()
13 .isInt({ min: 0, max: PAGINATION.OUTBOX.COUNT.MAX }).withMessage(`Should have a valid page size (max: ${PAGINATION.OUTBOX.COUNT.MAX})`),
9 14
10 (req: express.Request, res: express.Response, next: express.NextFunction) => { 15 (req: express.Request, res: express.Response, next: express.NextFunction) => {
11 logger.debug('Checking pagination parameters', { parameters: req.query }) 16 logger.debug('Checking pagination parameters', { parameters: req.query })
diff --git a/server/middlewares/validators/pagination.ts b/server/middlewares/validators/pagination.ts
index 80ae57c0b..1cae7848c 100644
--- a/server/middlewares/validators/pagination.ts
+++ b/server/middlewares/validators/pagination.ts
@@ -2,10 +2,15 @@ import * as express from 'express'
2import { query } from 'express-validator' 2import { query } from 'express-validator'
3import { logger } from '../../helpers/logger' 3import { logger } from '../../helpers/logger'
4import { areValidationErrors } from './utils' 4import { areValidationErrors } from './utils'
5import { PAGINATION } from '@server/initializers/constants'
5 6
6const paginationValidator = [ 7const paginationValidator = [
7 query('start').optional().isInt({ min: 0 }).withMessage('Should have a number start'), 8 query('start')
8 query('count').optional().isInt({ min: 0 }).withMessage('Should have a number count'), 9 .optional()
10 .isInt({ min: 0 }).withMessage('Should have a number start'),
11 query('count')
12 .optional()
13 .isInt({ min: 0, max: PAGINATION.GLOBAL.COUNT.MAX }).withMessage(`Should have a number count (max: ${PAGINATION.GLOBAL.COUNT.MAX})`),
9 14
10 (req: express.Request, res: express.Response, next: express.NextFunction) => { 15 (req: express.Request, res: express.Response, next: express.NextFunction) => {
11 logger.debug('Checking pagination parameters', { parameters: req.query }) 16 logger.debug('Checking pagination parameters', { parameters: req.query })
diff --git a/shared/extra-utils/requests/check-api-params.ts b/shared/extra-utils/requests/check-api-params.ts
index a2a549682..c34c7c216 100644
--- a/shared/extra-utils/requests/check-api-params.ts
+++ b/shared/extra-utils/requests/check-api-params.ts
@@ -11,14 +11,22 @@ function checkBadStartPagination (url: string, path: string, token?: string, que
11 }) 11 })
12} 12}
13 13
14function checkBadCountPagination (url: string, path: string, token?: string, query = {}) { 14async function checkBadCountPagination (url: string, path: string, token?: string, query = {}) {
15 return makeGetRequest({ 15 await makeGetRequest({
16 url, 16 url,
17 path, 17 path,
18 token, 18 token,
19 query: immutableAssign(query, { count: 'hello' }), 19 query: immutableAssign(query, { count: 'hello' }),
20 statusCodeExpected: 400 20 statusCodeExpected: 400
21 }) 21 })
22
23 await makeGetRequest({
24 url,
25 path,
26 token,
27 query: immutableAssign(query, { count: 2000 }),
28 statusCodeExpected: 400
29 })
22} 30}
23 31
24function checkBadSortPagination (url: string, path: string, token?: string, query = {}) { 32function checkBadSortPagination (url: string, path: string, token?: string, query = {}) {