summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@archive.org>2020-08-25 18:34:02 -0700
committerBryan Newbold <bnewbold@archive.org>2020-08-25 18:34:02 -0700
commit2ab089684a1bdbbb6f1f027399adb61d5e8f7291 (patch)
tree0950cac48f2bb3a8874920e091109b3166f9f6e7 /src
parent45e4cd9537f289a98579eef36a2dc3e561cc48fa (diff)
downloades-public-proxy-2ab089684a1bdbbb6f1f027399adb61d5e8f7291.tar.gz
es-public-proxy-2ab089684a1bdbbb6f1f027399adb61d5e8f7291.zip
filter out '_all' as a scroll id
Diffstat (limited to 'src')
-rw-r--r--src/lib.rs18
1 files changed, 15 insertions, 3 deletions
diff --git a/src/lib.rs b/src/lib.rs
index fc13e64..c5fe410 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -124,11 +124,24 @@ pub async fn filter_request(req: Request<Body>, config: &ProxyConfig) -> Result<
Ok(upstream_req)
}
pub fn filter_scroll_request(_params: &UrlQueryParams, body: &[u8], _config: &ProxyConfig) -> Result<Body, ProxyError> {
- // XXX
- // TODO: check that scroll_id is not "_all"
if body.len() > 0 {
let parsed: parse::ScrollBody = serde_json::from_slice(body)
.map_err(|e| ProxyError::ParseError(e.to_string()))?;
+ // check that scroll_id is not "_all" or too short
+ match &parsed.scroll_id {
+ parse::StringOrArray::String(single) => {
+ if single == "_all" || single.len() < 8 {
+ return Err(ProxyError::NotSupported(format!("short scroll_id: {}", single)));
+ }
+ },
+ parse::StringOrArray::Array(array) => {
+ for single in array {
+ if single == "_all" || single.len() < 8 {
+ return Err(ProxyError::NotSupported(format!("short scroll_id: {}", single)));
+ }
+ }
+ }
+ }
Ok(Body::from(serde_json::to_string(&parsed).unwrap()))
} else {
Ok(Body::empty())
@@ -139,7 +152,6 @@ pub fn filter_read_request(index: &str, _endpoint: &str, _key: &str, _params: &U
if !config.allow_index(index) {
return Err(ProxyError::NotAllowed(format!("index doesn't exist or isn't proxied: {}", index)));
}
- // XXX: no body needed?
Ok(Body::empty())
}