Skip to content
Snippets Groups Projects
Commit c97d9277 authored by Dean's avatar Dean
Browse files

version 1.6.4: 400 on negative offset/limit

parent c4cc52a7
No related branches found
No related tags found
No related merge requests found
...@@ -33,7 +33,7 @@ var ( ...@@ -33,7 +33,7 @@ var (
InvalidOffsetOrLimit = APIError{false, 400, "invalid offset or limit query paramters", false} InvalidOffsetOrLimit = APIError{false, 400, "invalid offset or limit query paramters", false}
// OffsetTooLarge is a 400 bad request error. // OffsetTooLarge is a 400 bad request error.
OffsetTooLarge = APIError{false, 400, "offset is too big", false} LimitTooLarge = APIError{false, 400, "limit is too big", false}
// NoObjectFound is a 404 not found error. // NoObjectFound is a 404 not found error.
NoObjectFound = APIError{false, 404, "no object found", false} NoObjectFound = APIError{false, 404, "no object found", false}
......
...@@ -15,7 +15,7 @@ import ( ...@@ -15,7 +15,7 @@ import (
) )
// Maximum objects per page // Maximum objects per page
const maxOffset = 100 const maxLimit = 100
// listObjectsResponse is the response format for ListObjects. // listObjectsResponse is the response format for ListObjects.
type listObjectsResponse struct { type listObjectsResponse struct {
...@@ -45,17 +45,17 @@ func ListObjects(w http.ResponseWriter, r *http.Request) { ...@@ -45,17 +45,17 @@ func ListObjects(w http.ResponseWriter, r *http.Request) {
query := r.URL.Query() query := r.URL.Query()
l := query.Get("limit") l := query.Get("limit")
limit, err := strconv.Atoi(l) limit, err := strconv.Atoi(l)
if err != nil { if err != nil || limit < 0 {
panic(apierrors.InvalidOffsetOrLimit) panic(apierrors.InvalidOffsetOrLimit)
} }
if limit > maxLimit {
panic(apierrors.LimitTooLarge)
}
o := query.Get("offset") o := query.Get("offset")
offset, err := strconv.Atoi(o) offset, err := strconv.Atoi(o)
if err != nil { if err != nil || offset < 0 {
panic(apierrors.InvalidOffsetOrLimit) panic(apierrors.InvalidOffsetOrLimit)
} }
if limit > maxOffset {
panic(apierrors.OffsetTooLarge)
}
asc := false asc := false
if query.Get("order") == "asc" { if query.Get("order") == "asc" {
asc = true asc = true
......
...@@ -26,7 +26,7 @@ import ( ...@@ -26,7 +26,7 @@ import (
const ( const (
configLocationUnix = "/etc/whats-this/api/config.toml" configLocationUnix = "/etc/whats-this/api/config.toml"
shutdownTimeout = 10 * time.Second shutdownTimeout = 10 * time.Second
version = "1.6.3" version = "1.6.4"
) )
// printConfiguration iterates through a configuration map[string]interface{} // printConfiguration iterates through a configuration map[string]interface{}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment