enforce limits

2025-09-05 17:00:39 +00:00 · 2022-03-01 16:16:02 +01:00
parent d112eba8fe
commit 36fa451249
12 changed files with 57 additions and 26 deletions
--- a/backend/src/config.rs
+++ b/backend/src/config.rs
@@ -4,15 +4,15 @@ lazy_static! {
  pub static ref VERSION: String = option_env!("CARGO_PKG_VERSION")
    .unwrap_or("Unknown")
    .to_string();
-  pub static ref LIMIT: usize =
+  pub static ref LIMIT: u32 =
    Byte::from_str(std::env::var("SIZE_LIMIT").unwrap_or("1 KiB".to_string()))
      .unwrap()
-      .get_bytes() as usize;
-  pub static ref MAX_VIEWS: usize = std::env::var("MAX_VIEWS")
+      .get_bytes() as u32;
+  pub static ref MAX_VIEWS: u32 = std::env::var("MAX_VIEWS")
    .unwrap_or("100".to_string())
    .parse()
    .unwrap();
-  pub static ref MAX_EXPIRATION: usize = std::env::var("MAX_EXPIRATION")
+  pub static ref MAX_EXPIRATION: u32 = std::env::var("MAX_EXPIRATION")
    .unwrap_or("360".to_string()) // 6 hours in minutes
    .parse()
    .unwrap();
--- a/backend/src/note/model.rs
+++ b/backend/src/note/model.rs
@@ -6,7 +6,7 @@ use serde::{Deserialize, Serialize};
 pub struct Note {
  pub meta: String,
  pub contents: String,
-  pub views: Option<u8>,
+  pub views: Option<u32>,
  pub expiration: Option<u32>,
 }

--- a/backend/src/note/routes.rs
+++ b/backend/src/note/routes.rs
@@ -2,6 +2,7 @@ use actix_web::{delete, get, post, web, HttpResponse, Responder, Scope};
 use serde::{Deserialize, Serialize};
 use std::time::SystemTime;

+use crate::config;
 use crate::note::{generate_id, Note, NoteInfo, NotePublic};
 use crate::store;

@@ -40,17 +41,22 @@ async fn create(note: web::Json<Note>) -> impl Responder {
  if n.views == None && n.expiration == None {
    return bad_req;
  }
+  if !*config::ALLOW_ADVANCED {
+    n.views = Some(1);
+    n.expiration = None;
+  }
  match n.views {
    Some(v) => {
-      if v > 100 {
+      if v > *config::MAX_VIEWS {
        return bad_req;
      }
+      n.expiration = None; // views overrides expiration
    }
    _ => {}
  }
  match n.expiration {
    Some(e) => {
-      if e > 360 {
+      if e > *config::MAX_EXPIRATION {
        return bad_req;
      }
      let expiration = now() + (e * 60);
--- a/backend/src/status/model.rs
+++ b/backend/src/status/model.rs
@@ -3,8 +3,8 @@ use serde::{Deserialize, Serialize};
 #[derive(Serialize, Deserialize)]
 pub struct Status {
  pub version: String,
-  pub max_size: usize,
-  pub max_views: usize,
-  pub max_expiration: usize,
+  pub max_size: u32,
+  pub max_views: u32,
+  pub max_expiration: u32,
  pub allow_advanced: bool,
 }