From 49d71ea1114aa49997df18ddbbe60e380aa0cca1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20Franke?= Date: Mon, 9 Jan 2023 12:58:48 +0100 Subject: [PATCH] Make amount of users in patch configurable. This PR changes the following: * Create an API config section for API configurables. * Add a setting `UserPatchLimit` that controls how many users can be changed in a PATCH request. * Use this setting in the API to limit the amount of users that can be changed. --- services/graph/pkg/config/config.go | 7 +++++++ services/graph/pkg/config/defaults/defaultconfig.go | 3 +++ services/graph/pkg/service/v0/groups.go | 7 +++---- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/services/graph/pkg/config/config.go b/services/graph/pkg/config/config.go index 79d18268a9..880a21cdef 100644 --- a/services/graph/pkg/config/config.go +++ b/services/graph/pkg/config/config.go @@ -19,6 +19,8 @@ type Config struct { HTTP HTTP `yaml:"http"` + API API `yaml:"api"` + Reva *shared.Reva `yaml:"reva"` TokenManager *TokenManager `yaml:"token_manager"` GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` @@ -85,6 +87,11 @@ type Identity struct { LDAP LDAP `yaml:"ldap"` } +// API represents API configuration parameters. +type API struct { + UserPatchLimit int `yaml:"user_patch_limit" env:"GRAPH_USER_PATCH_LIMIT" desc:"The amount of users allowed to be changed in PATCH requests."` +} + // Events combines the configuration options for the event bus. type Events struct { Endpoint string `yaml:"endpoint" env:"GRAPH_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events."` diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go index 84c0fc9493..f5016163df 100644 --- a/services/graph/pkg/config/defaults/defaultconfig.go +++ b/services/graph/pkg/config/defaults/defaultconfig.go @@ -30,6 +30,9 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "graph", }, + API: config.API{ + UserPatchLimit: 20, + }, Reva: shared.DefaultRevaConfig(), Spaces: config.Spaces{ WebDavBase: "https://localhost:9200", diff --git a/services/graph/pkg/service/v0/groups.go b/services/graph/pkg/service/v0/groups.go index 2df0cc3966..3fa9f92dd0 100644 --- a/services/graph/pkg/service/v0/groups.go +++ b/services/graph/pkg/service/v0/groups.go @@ -19,7 +19,6 @@ import ( "github.com/go-chi/render" ) -const memberRefsLimit = 20 const memberTypeUsers = "users" // GetGroups implements the Service interface. @@ -124,13 +123,13 @@ func (g Graph) PatchGroup(w http.ResponseWriter, r *http.Request) { if memberRefs, ok := changes.GetMembersodataBindOk(); ok { // The spec defines a limit of 20 members maxium per Request - if len(memberRefs) > memberRefsLimit { + if len(memberRefs) > g.config.API.UserPatchLimit { logger.Debug(). Int("number", len(memberRefs)). - Int("limit", memberRefsLimit). + Int("limit", g.config.API.UserPatchLimit). Msg("could not create group, exceeded members limit") errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, - fmt.Sprintf("Request is limited to %d members", memberRefsLimit)) + fmt.Sprintf("Request is limited to %d members", g.config.API.UserPatchLimit)) return } memberIDs := make([]string, 0, len(memberRefs))