monoid/ionian
1
0
Fork 0
Code Issues 9 Pull Requests Projects Releases Wiki Activity

feat: add size limit for 'search by gid' api

Browse Source
This commit is contained in:
monoid 2024-12-27 20:29:21 +09:00
parent 18a137e441
commit fa23178baf
1 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
packages/server/src/route/contents.ts
View File

@ -210,18 +210,26 @@ function getRescanDocumentHandler(controller: DocumentAccessor) {
}; };
} }
export const getContentRouter = (controller: DocumentAccessor) => { function ContentGidListHandler(controller: DocumentAccessor) {
const ret = new Router(); return async (ctx: Context, next: Next) => {
ret.get("/search", PerCheck(Per.QueryContent), ContentQueryHandler(controller));
ret.get("/_gid", PerCheck(Per.QueryContent), async (ctx, next) => {
const gid_list = ParseQueryArray(ctx.query.gid).map((x) => Number.parseInt(x)) const gid_list = ParseQueryArray(ctx.query.gid).map((x) => Number.parseInt(x))
if (gid_list.some((x) => Number.isNaN(x))) { if (gid_list.some((x) => Number.isNaN(x))) {
return sendError(400, "gid is not a number"); return sendError(400, "gid is not a number");
} }
// size limit
if (gid_list.length > 100) {
return sendError(400, "gid list is too long");
}
const r = await controller.findByGidList(gid_list); const r = await controller.findByGidList(gid_list);
ctx.body = r; ctx.body = r;
ctx.type = "json"; ctx.type = "json";
}); };
}
export const getContentRouter = (controller: DocumentAccessor) => {
const ret = new Router();
ret.get("/search", PerCheck(Per.QueryContent), ContentQueryHandler(controller));
ret.get("/_gid", PerCheck(Per.QueryContent), ContentGidListHandler(controller));
ret.get("/:num(\\d+)", PerCheck(Per.QueryContent), ContentIDHandler(controller)); ret.get("/:num(\\d+)", PerCheck(Per.QueryContent), ContentIDHandler(controller));
ret.all("/:num(\\d+)/(.*)", PerCheck(Per.QueryContent), ContentHandler(controller)); ret.all("/:num(\\d+)/(.*)", PerCheck(Per.QueryContent), ContentHandler(controller));
ret.post("/:num(\\d+)", AdminOnly, UpdateContentHandler(controller)); ret.post("/:num(\\d+)", AdminOnly, UpdateContentHandler(controller));