diff options
author | Robert Newson <rnewson@apache.org> | 2014-03-25 15:02:50 +0000 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2014-03-25 15:10:01 +0000 |
commit | 477e8b3fe0976a05180513fd8cc3beb8c535bb25 (patch) | |
tree | 39faa66a46a14eeb61be6497ed5117f26fff7942 | |
parent | b68abf9c6f61991cdccabed04b48a7df70775983 (diff) | |
download | couchdb-477e8b3fe0976a05180513fd8cc3beb8c535bb25.tar.gz |
Configurable upper bound to _uuids count parameter
-rw-r--r-- | etc/couchdb/default.ini.tpl.in | 2 | ||||
-rw-r--r-- | share/www/script/test/uuids.js | 4 | ||||
-rw-r--r-- | src/couchdb/couch_httpd_misc_handlers.erl | 5 |
3 files changed, 11 insertions, 0 deletions
diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in index 736d9cd07..a5aa4485f 100644 --- a/etc/couchdb/default.ini.tpl.in +++ b/etc/couchdb/default.ini.tpl.in @@ -209,6 +209,8 @@ algorithm = sequential ; The utc_id_suffix value will be appended to uuids generated by the utc_id algorithm. ; Replicating instances should have unique utc_id_suffix values to ensure uniqueness of utc_id ids. utc_id_suffix = +# Maximum number of UUIDs retrievable from /_uuids in a single request +max_count = 1000 [stats] ; rate is in milliseconds diff --git a/share/www/script/test/uuids.js b/share/www/script/test/uuids.js index 6f5d223a6..0f141a905 100644 --- a/share/www/script/test/uuids.js +++ b/share/www/script/test/uuids.js @@ -80,6 +80,10 @@ couchTests.uuids = function(debug) { } }; + // test max_uuid_count + var xhr = CouchDB.request("GET", "/_uuids?count=1001"); + TEquals(401, xhr.status, "should error when count > max_count"); + run_on_modified_server([{ "section": "uuids", "key": "algorithm", diff --git a/src/couchdb/couch_httpd_misc_handlers.erl b/src/couchdb/couch_httpd_misc_handlers.erl index 2150bea62..57694075e 100644 --- a/src/couchdb/couch_httpd_misc_handlers.erl +++ b/src/couchdb/couch_httpd_misc_handlers.erl @@ -99,7 +99,12 @@ handle_restart_req(Req) -> handle_uuids_req(#httpd{method='GET'}=Req) -> + Max = list_to_integer(couch_config:get("uuids","max","1000")), Count = list_to_integer(couch_httpd:qs_value(Req, "count", "1")), + case Count > Max of + true -> throw({forbidden, <<"count parameter too large">>}); + false -> ok + end, UUIDs = [couch_uuids:new() || _ <- lists:seq(1, Count)], Etag = couch_httpd:make_etag(UUIDs), couch_httpd:etag_respond(Req, Etag, fun() -> |