From e0b56b7495e809581a1e6447794bf7573a78af56 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 9 Jan 2020 09:36:31 +0100 Subject: Return an error on invalid count pagination --- server/middlewares/pagination.ts | 4 +--- server/middlewares/validators/activitypub/pagination.ts | 9 +++++++-- server/middlewares/validators/pagination.ts | 9 +++++++-- 3 files changed, 15 insertions(+), 7 deletions(-) (limited to 'server/middlewares') diff --git a/server/middlewares/pagination.ts b/server/middlewares/pagination.ts index 043869303..b59717d7b 100644 --- a/server/middlewares/pagination.ts +++ b/server/middlewares/pagination.ts @@ -5,11 +5,9 @@ function setDefaultPagination (req: express.Request, res: express.Response, next if (!req.query.start) req.query.start = 0 else req.query.start = parseInt(req.query.start, 10) - if (!req.query.count) req.query.count = PAGINATION.COUNT.DEFAULT + if (!req.query.count) req.query.count = PAGINATION.GLOBAL.COUNT.DEFAULT else req.query.count = parseInt(req.query.count, 10) - if (req.query.count > PAGINATION.COUNT.MAX) req.query.count = PAGINATION.COUNT.MAX - return next() } diff --git a/server/middlewares/validators/activitypub/pagination.ts b/server/middlewares/validators/activitypub/pagination.ts index 8b32d3415..fa21f063d 100644 --- a/server/middlewares/validators/activitypub/pagination.ts +++ b/server/middlewares/validators/activitypub/pagination.ts @@ -2,10 +2,15 @@ import * as express from 'express' import { query } from 'express-validator' import { logger } from '../../../helpers/logger' import { areValidationErrors } from '../utils' +import { PAGINATION } from '@server/initializers/constants' const apPaginationValidator = [ - query('page').optional().isInt({ min: 1 }).withMessage('Should have a valid page number'), - query('size').optional().isInt({ max: 50 }).withMessage('Should have a valid page size (max: 50)'), + query('page') + .optional() + .isInt({ min: 1 }).withMessage('Should have a valid page number'), + query('size') + .optional() + .isInt({ min: 0, max: PAGINATION.OUTBOX.COUNT.MAX }).withMessage(`Should have a valid page size (max: ${PAGINATION.OUTBOX.COUNT.MAX})`), (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking pagination parameters', { parameters: req.query }) diff --git a/server/middlewares/validators/pagination.ts b/server/middlewares/validators/pagination.ts index 80ae57c0b..1cae7848c 100644 --- a/server/middlewares/validators/pagination.ts +++ b/server/middlewares/validators/pagination.ts @@ -2,10 +2,15 @@ import * as express from 'express' import { query } from 'express-validator' import { logger } from '../../helpers/logger' import { areValidationErrors } from './utils' +import { PAGINATION } from '@server/initializers/constants' const paginationValidator = [ - query('start').optional().isInt({ min: 0 }).withMessage('Should have a number start'), - query('count').optional().isInt({ min: 0 }).withMessage('Should have a number count'), + query('start') + .optional() + .isInt({ min: 0 }).withMessage('Should have a number start'), + query('count') + .optional() + .isInt({ min: 0, max: PAGINATION.GLOBAL.COUNT.MAX }).withMessage(`Should have a number count (max: ${PAGINATION.GLOBAL.COUNT.MAX})`), (req: express.Request, res: express.Response, next: express.NextFunction) => { logger.debug('Checking pagination parameters', { parameters: req.query }) -- cgit v1.2.3