highperfocused/khatru
1
0
Fork 0
mirror of https://github.com/fiatjaf/khatru.git synced 2025-04-04 01:48:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

limit against abusive queries.

Browse Source
This commit is contained in:
fiatjaf 2022-01-01 21:38:54 -03:00
parent 9a455b8db6
commit f86eb9246b
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
basic/query.go
View File

@ -25,6 +25,11 @@ func (b *BasicRelay) QueryEvents(
}
if filter.IDs != nil {
if len(filter.IDs) > 500 {
// too many ids, fail everything
return
}
inids := make([]string, 0, len(filter.IDs))
for _, id := range filter.IDs {
// to prevent sql attack here we will check if
@ -43,6 +48,11 @@ func (b *BasicRelay) QueryEvents(
}
if filter.Authors != nil {
if len(filter.Authors) > 500 {
// too many authors, fail everything
return
}
inkeys := make([]string, 0, len(filter.Authors))
for _, key := range filter.Authors {
// to prevent sql attack here we will check if
@ -61,6 +71,11 @@ func (b *BasicRelay) QueryEvents(
}
if filter.Kinds != nil {
if len(filter.Kinds) > 10 {
// too many kinds, fail everything
return
}
if len(filter.Kinds) == 0 {
// kinds being [] mean you won't get anything
return
@ -74,6 +89,11 @@ func (b *BasicRelay) QueryEvents(
}
if filter.TagE != nil {
if len(filter.TagE) > 10 {
// too many tags, fail everything
return
}
if len(filter.TagE) == 0 {
// #e being [] mean you won't get anything
return
@ -87,6 +107,11 @@ func (b *BasicRelay) QueryEvents(
}
if filter.TagP != nil {
if len(filter.TagP) > 10 {
// too many tags, fail everything
return
}
if len(filter.TagP) == 0 {
// #p being [] mean you won't get anything
return