diff options
author | Robert Newson <rnewson@apache.org> | 2014-03-25 15:02:50 +0000 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2014-03-25 16:16:18 +0000 |
commit | 0fb5aa9e67bd291ca2638dba961f4ddd3f6ccb3e (patch) | |
tree | 40071bf0c70486a1df67bdf217b42a8c85def952 | |
parent | 198bea3479dfecac13ab1a3e95f902b8eba02f7d (diff) | |
download | couchdb-0fb5aa9e67bd291ca2638dba961f4ddd3f6ccb3e.tar.gz |
Configurable upper bound to _uuids count parameter
-rw-r--r-- | etc/couchdb/default.ini.tpl.in | 2 | ||||
-rw-r--r-- | share/www/script/test/uuids.js | 4 | ||||
-rw-r--r-- | src/couchdb/couch_httpd_misc_handlers.erl | 5 |
3 files changed, 11 insertions, 0 deletions
diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in index fd953c2fc..32537e088 100644 --- a/etc/couchdb/default.ini.tpl.in +++ b/etc/couchdb/default.ini.tpl.in @@ -217,6 +217,8 @@ algorithm = sequential ; The utc_id_suffix value will be appended to uuids generated by the utc_id algorithm. ; Replicating instances should have unique utc_id_suffix values to ensure uniqueness of utc_id ids. utc_id_suffix = +# Maximum number of UUIDs retrievable from /_uuids in a single request +max_count = 1000 [stats] ; rate is in milliseconds diff --git a/share/www/script/test/uuids.js b/share/www/script/test/uuids.js index 6f5d223a6..0f141a905 100644 --- a/share/www/script/test/uuids.js +++ b/share/www/script/test/uuids.js @@ -80,6 +80,10 @@ couchTests.uuids = function(debug) { } }; + // test max_uuid_count + var xhr = CouchDB.request("GET", "/_uuids?count=1001"); + TEquals(401, xhr.status, "should error when count > max_count"); + run_on_modified_server([{ "section": "uuids", "key": "algorithm", diff --git a/src/couchdb/couch_httpd_misc_handlers.erl b/src/couchdb/couch_httpd_misc_handlers.erl index 96a05c6d6..67e3a122a 100644 --- a/src/couchdb/couch_httpd_misc_handlers.erl +++ b/src/couchdb/couch_httpd_misc_handlers.erl @@ -105,7 +105,12 @@ handle_restart_req(Req) -> handle_uuids_req(#httpd{method='GET'}=Req) -> + Max = list_to_integer(couch_config:get("uuids","max","1000")), Count = list_to_integer(couch_httpd:qs_value(Req, "count", "1")), + case Count > Max of + true -> throw({forbidden, <<"count parameter too large">>}); + false -> ok + end, UUIDs = [couch_uuids:new() || _ <- lists:seq(1, Count)], Etag = couch_httpd:make_etag(UUIDs), couch_httpd:etag_respond(Req, Etag, fun() -> |