Skip to content

Commit

Permalink
Add hard limit on rows per request (#370)
Browse files Browse the repository at this point in the history
## tl;dr

- Enforce limit on max rows per request
  • Loading branch information
neekolas authored Apr 10, 2024
1 parent b44149a commit ac22dc7
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 0 deletions.
7 changes: 7 additions & 0 deletions pkg/api/message/v1/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ const (
// maxQueriesPerBatch defines the maximum number of queries we can support per batch.
maxQueriesPerBatch = 50

// maxRowsPerQuery defines the maximum number of rows we can return in a single query
maxRowsPerQuery = 100

// maxTopicsPerQueryRequest defines the maximum number of topics that can be queried in a single request.
// the number is likely to be more than we want it to be, but would be a safe place to put it -
// per Test_LargeQueryTesting, the request decoding already failing before it reaches th handler.
Expand Down Expand Up @@ -343,6 +346,10 @@ func (s *Service) Query(ctx context.Context, req *proto.QueryRequest) (*proto.Qu
}
}

if req.PagingInfo != nil && req.PagingInfo.Limit > maxRowsPerQuery {
return nil, status.Errorf(codes.InvalidArgument, "cannot exceed %d rows per query", maxRowsPerQuery)
}

return s.store.Query(req)
}

Expand Down
20 changes: 20 additions & 0 deletions pkg/api/server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,26 @@ func Test_QueryNoTopics(t *testing.T) {
})
}

func Test_QueryTooManyRows(t *testing.T) {
ctx := withAuth(t, context.Background())
testGRPCAndHTTP(t, ctx, func(t *testing.T, client messageclient.Client, _ *Server) {
queryRes, err := client.Query(ctx, &messageV1.QueryRequest{
ContentTopics: []string{"foo"},
PagingInfo: &messageV1.PagingInfo{
Limit: 200,
},
})
grpcErr, ok := status.FromError(err)
if ok {
require.Equal(t, codes.InvalidArgument, grpcErr.Code())
require.EqualError(t, err, `rpc error: code = InvalidArgument desc = cannot exceed 100 rows per query`)
} else {
require.Regexp(t, `400 Bad Request: {"code\":3,\s?"message":"cannot exceed 100 rows per query",\s?"details":\[\]}`, err.Error())
}
require.Nil(t, queryRes)
})
}

func Test_QueryNonExistentTopic(t *testing.T) {
ctx := withAuth(t, context.Background())
testGRPCAndHTTP(t, ctx, func(t *testing.T, client messageclient.Client, _ *Server) {
Expand Down

0 comments on commit ac22dc7

Please sign in to comment.