From a9c868296b73a905af116f04498780c3a1857e54 Mon Sep 17 00:00:00 2001 From: tony Date: Fri, 21 Jun 2024 17:55:02 +0800 Subject: [PATCH] return error when input limit exceeds the max allowed value --- api/events/events.go | 12 +++++++++++- api/events/events_test.go | 6 ------ api/events/types.go | 18 ++---------------- api/transfers/transfers.go | 12 +++++++++++- 4 files changed, 24 insertions(+), 24 deletions(-) diff --git a/api/events/events.go b/api/events/events.go index 6596d5668..0d598d499 100644 --- a/api/events/events.go +++ b/api/events/events.go @@ -33,7 +33,7 @@ func New(repo *chain.Repository, db *logdb.LogDB, logsLimit uint64) *Events { // Filter query events with option func (e *Events) filter(ctx context.Context, ef *EventFilter) ([]*FilteredEvent, error) { chain := e.repo.NewBestChain() - filter, err := convertEventFilter(chain, ef, e.limit) + filter, err := convertEventFilter(chain, ef) if err != nil { return nil, err } @@ -53,6 +53,16 @@ func (e *Events) handleFilter(w http.ResponseWriter, req *http.Request) error { if err := utils.ParseJSON(req.Body, &filter); err != nil { return utils.BadRequest(errors.WithMessage(err, "body")) } + if filter.Options != nil && filter.Options.Limit > e.limit { + return utils.Forbidden(errors.New("options.limit exceeds the maximum allowed value")) + } + if filter.Options == nil { + filter.Options = &logdb.Options{ + Offset: 0, + Limit: e.limit, + } + } + fes, err := e.filter(req.Context(), &filter) if err != nil { return err diff --git a/api/events/events_test.go b/api/events/events_test.go index fdd47eb8e..a58e47214 100644 --- a/api/events/events_test.go +++ b/api/events/events_test.go @@ -212,9 +212,3 @@ func newReceipt() *tx.Receipt { }, } } - -func TestNormalize(t *testing.T) { - assert.Equal(t, &logdb.Options{Offset: 0, Limit: 10}, events.NormalizeOptions(nil, 10)) - assert.Equal(t, &logdb.Options{Offset: 10, Limit: 5}, events.NormalizeOptions(&logdb.Options{Offset: 10, Limit: 5}, 10)) - assert.Equal(t, &logdb.Options{Offset: 10, Limit: 10}, events.NormalizeOptions(&logdb.Options{Offset: 10, Limit: 15}, 10)) -} diff --git a/api/events/types.go b/api/events/types.go index aae09ed53..0dce06aa4 100644 --- a/api/events/types.go +++ b/api/events/types.go @@ -101,14 +101,14 @@ type EventFilter struct { Order logdb.Order `json:"order"` } -func convertEventFilter(chain *chain.Chain, filter *EventFilter, logsLimit uint64) (*logdb.EventFilter, error) { +func convertEventFilter(chain *chain.Chain, filter *EventFilter) (*logdb.EventFilter, error) { rng, err := ConvertRange(chain, filter.Range) if err != nil { return nil, err } f := &logdb.EventFilter{ Range: rng, - Options: NormalizeOptions(filter.Options, logsLimit), + Options: filter.Options, Order: filter.Order, } if len(filter.CriteriaSet) > 0 { @@ -187,17 +187,3 @@ func ConvertRange(chain *chain.Chain, r *Range) (*logdb.Range, error) { To: uint32(r.To), }, nil } - -func NormalizeOptions(ops *logdb.Options, defaultLimit uint64) *logdb.Options { - if ops == nil { - return &logdb.Options{ - Offset: 0, - Limit: defaultLimit, - } - } - - if ops.Limit > defaultLimit { - ops.Limit = defaultLimit - } - return ops -} diff --git a/api/transfers/transfers.go b/api/transfers/transfers.go index 4b7444d13..215490e77 100644 --- a/api/transfers/transfers.go +++ b/api/transfers/transfers.go @@ -41,7 +41,7 @@ func (t *Transfers) filter(ctx context.Context, filter *TransferFilter) ([]*Filt transfers, err := t.db.FilterTransfers(ctx, &logdb.TransferFilter{ CriteriaSet: filter.CriteriaSet, Range: rng, - Options: events.NormalizeOptions(filter.Options, t.limit), + Options: filter.Options, Order: filter.Order, }) if err != nil { @@ -59,6 +59,16 @@ func (t *Transfers) handleFilterTransferLogs(w http.ResponseWriter, req *http.Re if err := utils.ParseJSON(req.Body, &filter); err != nil { return utils.BadRequest(errors.WithMessage(err, "body")) } + if filter.Options != nil && filter.Options.Limit > t.limit { + return utils.Forbidden(errors.New("options.limit exceeds the maximum allowed value")) + } + if filter.Options == nil { + filter.Options = &logdb.Options{ + Offset: 0, + Limit: t.limit, + } + } + tLogs, err := t.filter(req.Context(), &filter) if err != nil { return err