return error when input limit exceeds the max allowed value

vechain · Jun 21, 2024 · a9c8682 · a9c8682
1 parent c2f6257
commit a9c8682
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 24 deletions.
diff --git a/api/events/events.go b/api/events/events.go
@@ -33,7 +33,7 @@ func New(repo *chain.Repository, db *logdb.LogDB, logsLimit uint64) *Events {
 // Filter query events with option
 func (e *Events) filter(ctx context.Context, ef *EventFilter) ([]*FilteredEvent, error) {
 	chain := e.repo.NewBestChain()
-	filter, err := convertEventFilter(chain, ef, e.limit)
+	filter, err := convertEventFilter(chain, ef)
 	if err != nil {
 		return nil, err
 	}
@@ -53,6 +53,16 @@ func (e *Events) handleFilter(w http.ResponseWriter, req *http.Request) error {
 	if err := utils.ParseJSON(req.Body, &filter); err != nil {
 		return utils.BadRequest(errors.WithMessage(err, "body"))
 	}
+	if filter.Options != nil && filter.Options.Limit > e.limit {
+		return utils.Forbidden(errors.New("options.limit exceeds the maximum allowed value"))
+	}
+	if filter.Options == nil {
+		filter.Options = &logdb.Options{
+			Offset: 0,
+			Limit:  e.limit,
+		}
+	}
+
 	fes, err := e.filter(req.Context(), &filter)
 	if err != nil {
 		return err

diff --git a/api/events/events_test.go b/api/events/events_test.go
@@ -212,9 +212,3 @@ func newReceipt() *tx.Receipt {
 		},
 	}
 }
-
-func TestNormalize(t *testing.T) {
-	assert.Equal(t, &logdb.Options{Offset: 0, Limit: 10}, events.NormalizeOptions(nil, 10))
-	assert.Equal(t, &logdb.Options{Offset: 10, Limit: 5}, events.NormalizeOptions(&logdb.Options{Offset: 10, Limit: 5}, 10))
-	assert.Equal(t, &logdb.Options{Offset: 10, Limit: 10}, events.NormalizeOptions(&logdb.Options{Offset: 10, Limit: 15}, 10))
-}
diff --git a/api/events/types.go b/api/events/types.go
@@ -101,14 +101,14 @@ type EventFilter struct {
 	Order       logdb.Order      `json:"order"`
 }
 
-func convertEventFilter(chain *chain.Chain, filter *EventFilter, logsLimit uint64) (*logdb.EventFilter, error) {
+func convertEventFilter(chain *chain.Chain, filter *EventFilter) (*logdb.EventFilter, error) {
 	rng, err := ConvertRange(chain, filter.Range)
 	if err != nil {
 		return nil, err
 	}
 	f := &logdb.EventFilter{
 		Range:   rng,
-		Options: NormalizeOptions(filter.Options, logsLimit),
+		Options: filter.Options,
 		Order:   filter.Order,
 	}
 	if len(filter.CriteriaSet) > 0 {
@@ -187,17 +187,3 @@ func ConvertRange(chain *chain.Chain, r *Range) (*logdb.Range, error) {
 		To:   uint32(r.To),
 	}, nil
 }
-
-func NormalizeOptions(ops *logdb.Options, defaultLimit uint64) *logdb.Options {
-	if ops == nil {
-		return &logdb.Options{
-			Offset: 0,
-			Limit:  defaultLimit,
-		}
-	}
-
-	if ops.Limit > defaultLimit {
-		ops.Limit = defaultLimit
-	}
-	return ops
-}
diff --git a/api/transfers/transfers.go b/api/transfers/transfers.go
@@ -41,7 +41,7 @@ func (t *Transfers) filter(ctx context.Context, filter *TransferFilter) ([]*Filt
 	transfers, err := t.db.FilterTransfers(ctx, &logdb.TransferFilter{
 		CriteriaSet: filter.CriteriaSet,
 		Range:       rng,
-		Options:     events.NormalizeOptions(filter.Options, t.limit),
+		Options:     filter.Options,
 		Order:       filter.Order,
 	})
 	if err != nil {
@@ -59,6 +59,16 @@ func (t *Transfers) handleFilterTransferLogs(w http.ResponseWriter, req *http.Re
 	if err := utils.ParseJSON(req.Body, &filter); err != nil {
 		return utils.BadRequest(errors.WithMessage(err, "body"))
 	}
+	if filter.Options != nil && filter.Options.Limit > t.limit {
+		return utils.Forbidden(errors.New("options.limit exceeds the maximum allowed value"))
+	}
+	if filter.Options == nil {
+		filter.Options = &logdb.Options{
+			Offset: 0,
+			Limit:  t.limit,
+		}
+	}
+
 	tLogs, err := t.filter(req.Context(), &filter)
 	if err != nil {
 		return err