diff options
author | Robert Newson <rnewson@apache.org> | 2014-03-25 15:02:50 +0000 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2014-03-25 15:09:40 +0000 |
commit | 75e856b167c546f7b81f8b694c948355511a56b9 (patch) | |
tree | 4e7b7c5819868ee9eb625ac068241cf8f38cfb1c | |
parent | e24ff92187a2fba3545a01a4c39bd3adca7f56a2 (diff) | |
download | couchdb-75e856b167c546f7b81f8b694c948355511a56b9.tar.gz |
Configurable upper bound to _uuids count parameter
-rw-r--r-- | etc/couchdb/default.ini.tpl.in | 2 | ||||
-rw-r--r-- | share/www/script/test/uuids.js | 4 | ||||
-rw-r--r-- | src/couchdb/couch_httpd_misc_handlers.erl | 5 |
3 files changed, 11 insertions, 0 deletions
diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in index 3267001ae..5b366685a 100644 --- a/etc/couchdb/default.ini.tpl.in +++ b/etc/couchdb/default.ini.tpl.in @@ -215,6 +215,8 @@ algorithm = sequential ; The utc_id_suffix value will be appended to uuids generated by the utc_id algorithm. ; Replicating instances should have unique utc_id_suffix values to ensure uniqueness of utc_id ids. utc_id_suffix = +# Maximum number of UUIDs retrievable from /_uuids in a single request +max_count = 1000 [stats] ; rate is in milliseconds diff --git a/share/www/script/test/uuids.js b/share/www/script/test/uuids.js index 6f5d223a6..0f141a905 100644 --- a/share/www/script/test/uuids.js +++ b/share/www/script/test/uuids.js @@ -80,6 +80,10 @@ couchTests.uuids = function(debug) { } }; + // test max_uuid_count + var xhr = CouchDB.request("GET", "/_uuids?count=1001"); + TEquals(401, xhr.status, "should error when count > max_count"); + run_on_modified_server([{ "section": "uuids", "key": "algorithm", diff --git a/src/couchdb/couch_httpd_misc_handlers.erl b/src/couchdb/couch_httpd_misc_handlers.erl index 96a05c6d6..67e3a122a 100644 --- a/src/couchdb/couch_httpd_misc_handlers.erl +++ b/src/couchdb/couch_httpd_misc_handlers.erl @@ -105,7 +105,12 @@ handle_restart_req(Req) -> handle_uuids_req(#httpd{method='GET'}=Req) -> + Max = list_to_integer(couch_config:get("uuids","max","1000")), Count = list_to_integer(couch_httpd:qs_value(Req, "count", "1")), + case Count > Max of + true -> throw({forbidden, <<"count parameter too large">>}); + false -> ok + end, UUIDs = [couch_uuids:new() || _ <- lists:seq(1, Count)], Etag = couch_httpd:make_etag(UUIDs), couch_httpd:etag_respond(Req, Etag, fun() -> |