diff --git a/lib/apierrors/errors.go b/lib/apierrors/errors.go
index 8b0b1c35f32fa4bba85e1239fc09f1ef0733449c..67c9c10b4e2d63f294b3a618b92a9b7676b58f78 100644
--- a/lib/apierrors/errors.go
+++ b/lib/apierrors/errors.go
@@ -33,7 +33,7 @@ var (
InvalidOffsetOrLimit = APIError{false, 400, "invalid offset or limit query paramters", false}
// OffsetTooLarge is a 400 bad request error.
- OffsetTooLarge = APIError{false, 400, "offset is too big", false}
+ LimitTooLarge = APIError{false, 400, "limit is too big", false}
// NoObjectFound is a 404 not found error.
NoObjectFound = APIError{false, 404, "no object found", false}
diff --git a/lib/routes/listobjects.go b/lib/routes/listobjects.go
index 8647c39a3544abd2d8d64e690e46652c6b913a90..c4a905825fe03334674b8ea2eae67583b002d325 100644
--- a/lib/routes/listobjects.go
+++ b/lib/routes/listobjects.go
@@ -15,7 +15,7 @@ import (
)
// Maximum objects per page
-const maxOffset = 100
+const maxLimit = 100
// listObjectsResponse is the response format for ListObjects.
type listObjectsResponse struct {
@@ -45,17 +45,17 @@ func ListObjects(w http.ResponseWriter, r *http.Request) {
query := r.URL.Query()
l := query.Get("limit")
limit, err := strconv.Atoi(l)
- if err != nil {
+ if err != nil || limit < 0 {
panic(apierrors.InvalidOffsetOrLimit)
}
+ if limit > maxLimit {
+ panic(apierrors.LimitTooLarge)
+ }
o := query.Get("offset")
offset, err := strconv.Atoi(o)
- if err != nil {
+ if err != nil || offset < 0 {
panic(apierrors.InvalidOffsetOrLimit)
}
- if limit > maxOffset {
- panic(apierrors.OffsetTooLarge)
- }
asc := false
if query.Get("order") == "asc" {
asc = true
diff --git a/main.go b/main.go
index 9049d1db94c375cd4eb5ec793b35c945c4357f61..f3c256347c5bc3c8723ca7dfb237a9b1a68a9d9d 100644
--- a/main.go
+++ b/main.go
@@ -26,7 +26,7 @@ import (
const (
configLocationUnix = "/etc/whats-this/api/config.toml"
shutdownTimeout = 10 * time.Second
- version = "1.6.3"
+ version = "1.6.4"
)
// printConfiguration iterates through a configuration map[string]interface{}