diff options
| -rw-r--r-- | src/lib.rs | 18 |
1 files changed, 15 insertions, 3 deletions
@@ -124,11 +124,24 @@ pub async fn filter_request(req: Request<Body>, config: &ProxyConfig) -> Result< Ok(upstream_req) } pub fn filter_scroll_request(_params: &UrlQueryParams, body: &[u8], _config: &ProxyConfig) -> Result<Body, ProxyError> { - // XXX - // TODO: check that scroll_id is not "_all" if body.len() > 0 { let parsed: parse::ScrollBody = serde_json::from_slice(body) .map_err(|e| ProxyError::ParseError(e.to_string()))?; + // check that scroll_id is not "_all" or too short + match &parsed.scroll_id { + parse::StringOrArray::String(single) => { + if single == "_all" || single.len() < 8 { + return Err(ProxyError::NotSupported(format!("short scroll_id: {}", single))); + } + }, + parse::StringOrArray::Array(array) => { + for single in array { + if single == "_all" || single.len() < 8 { + return Err(ProxyError::NotSupported(format!("short scroll_id: {}", single))); + } + } + } + } Ok(Body::from(serde_json::to_string(&parsed).unwrap())) } else { Ok(Body::empty()) @@ -139,7 +152,6 @@ pub fn filter_read_request(index: &str, _endpoint: &str, _key: &str, _params: &U if !config.allow_index(index) { return Err(ProxyError::NotAllowed(format!("index doesn't exist or isn't proxied: {}", index))); } - // XXX: no body needed? Ok(Body::empty()) } |