Commit e307c56e authored by Konrad Borowski's avatar Konrad Borowski

Check field lengths instead of body size

This makes length limits more consistent.
parent d7a2f700
Pipeline #98374340 passed with stages
in 17 minutes and 1 second
......@@ -73,6 +73,18 @@ pub fn insert(
.optional()
.map_err(warp::reject::custom)?
.ok_or_else(|| warp::reject::custom(CustomRejection::UnrecognizedLanguageIdentifier))?;
for (field, name) in &[(&paste, "paste"), (&stdin, "stdin")] {
if field.len() > 1_000_000 {
Err(warp::reject::custom(CustomRejection::FieldTooLarge(name)))?;
}
}
for (field, name) in &[(&stdout, "stdout"), (&stderr, "stderr")] {
if let Some(field) = field {
if field.len() > 1_000_000 {
Err(warp::reject::custom(CustomRejection::FieldTooLarge(name)))?;
}
}
}
let insert_paste = InsertPaste {
identifier,
delete_at,
......
......@@ -5,12 +5,14 @@ use warp::http::StatusCode;
#[derive(Debug)]
pub enum CustomRejection {
UnrecognizedLanguageIdentifier,
FieldTooLarge(&'static str),
}
impl CustomRejection {
pub fn status_code(&self) -> StatusCode {
match self {
Self::UnrecognizedLanguageIdentifier => StatusCode::BAD_REQUEST,
Self::FieldTooLarge(_) => StatusCode::PAYLOAD_TOO_LARGE,
}
}
}
......@@ -19,6 +21,7 @@ impl Display for CustomRejection {
fn fmt(&self, f: &mut Formatter<'_>) -> Result {
match self {
Self::UnrecognizedLanguageIdentifier => write!(f, "unrecognized language identifier"),
Self::FieldTooLarge(name) => write!(f, "{} is longer than a megabyte", name),
}
}
}
......
......@@ -59,7 +59,6 @@ fn index(pool: PgPool) -> BoxedFilter<(impl Reply,)> {
warp::path::end()
.and(
warp::post2()
.and(warp::body::content_length_limit(1_000_000))
.and(warp::body::form())
.and(connection(pool.clone()))
.and_then(insert_paste::insert_paste)
......@@ -105,7 +104,6 @@ fn api_v0(pool: PgPool) -> BoxedFilter<(impl Reply,)> {
let run = root
.and(path!("run" / String))
.and(warp::post2())
.and(warp::body::content_length_limit(1_000_000))
.and(warp::body::form())
.and_then(run::run);
language.or(run).boxed()
......@@ -120,7 +118,6 @@ fn api_v1(pool: PgPool) -> BoxedFilter<(impl Reply,)> {
let pastes = warp::path("pastes")
.and(warp::path::end())
.and(warp::post2())
.and(warp::body::content_length_limit(1_000_000))
.and(warp::body::form())
.and(connection(pool))
.and_then(api_v1::pastes::insert_paste);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment