[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] 264/277: filler max_upload values for all POST/PATCH ha
From: |
gnunet |
Subject: |
[taler-merchant] 264/277: filler max_upload values for all POST/PATCH handlers |
Date: |
Sun, 05 Jul 2020 20:52:57 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
commit c8b6ad8abd3a9bd2491262fc9cb881b9b491969d
Author: Jonathan Buchanan <jonathan.russ.buchanan@gmail.com>
AuthorDate: Mon Jun 29 15:30:11 2020 -0400
filler max_upload values for all POST/PATCH handlers
---
src/backend/taler-merchant-httpd.c | 59 +++++++++++++++++++++++++++++++-------
1 file changed, 48 insertions(+), 11 deletions(-)
diff --git a/src/backend/taler-merchant-httpd.c
b/src/backend/taler-merchant-httpd.c
index 488e45b..b60eec4 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -782,14 +782,24 @@ url_handler (void *cls,
{
.url_prefix = "/",
.method = MHD_HTTP_METHOD_PATCH,
- .handler = &TMH_private_patch_instances_ID
+ .handler = &TMH_private_patch_instances_ID,
+ /* allow instance data of up to 8 MB, that should be plenty;
+ note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB)
+ would require further changes to the allocation logic
+ in the code... */
+ .max_upload = 1024 * 1024 * 8
},
/* POST /instances: */
{
.url_prefix = "/instances",
.method = MHD_HTTP_METHOD_POST,
.skip_instance = true,
- .handler = &TMH_private_post_instances
+ .handler = &TMH_private_post_instances,
+ /* allow instance data of up to 8 MB, that should be plenty;
+ note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB)
+ would require further changes to the allocation logic
+ in the code... */
+ .max_upload = 1024 * 1024 * 8
},
/* GET /products: */
{
@@ -840,7 +850,10 @@ url_handler (void *cls,
.url_suffix = "lock",
.method = MHD_HTTP_METHOD_POST,
.have_id_segment = true,
- .handler = &TMH_private_post_products_ID_lock
+ .handler = &TMH_private_post_products_ID_lock,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* POST /orders: */
{
@@ -872,7 +885,10 @@ url_handler (void *cls,
.url_suffix = "refund",
.method = MHD_HTTP_METHOD_POST,
.have_id_segment = true,
- .handler = &TMH_private_post_orders_ID_refund
+ .handler = &TMH_private_post_orders_ID_refund,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* DELETE /orders/$ID: */
{
@@ -885,7 +901,10 @@ url_handler (void *cls,
{
.url_prefix = "/reserves",
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_private_post_reserves
+ .handler = &TMH_private_post_reserves,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* DELETE /reserves/$ID: */
{
@@ -900,13 +919,19 @@ url_handler (void *cls,
.url_suffix = "authorize-tip",
.have_id_segment = true,
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_private_post_reserves_ID_authorize_tip
+ .handler = &TMH_private_post_reserves_ID_authorize_tip,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* POST /tips: */
{
.url_prefix = "/tips",
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_private_post_tips
+ .handler = &TMH_private_post_tips,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* GET /tips: */
{
@@ -938,7 +963,10 @@ url_handler (void *cls,
{
.url_prefix = "/transfers",
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_private_post_transfers
+ .handler = &TMH_private_post_transfers,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* GET /transfers: */
{
@@ -980,7 +1008,10 @@ url_handler (void *cls,
.have_id_segment = true,
.url_suffix = "abort",
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_post_orders_ID_abort
+ .handler = &TMH_post_orders_ID_abort,
+ /* wallet may give us many coins to sign, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* POST /orders/$ID/claim: */
{
@@ -988,7 +1019,10 @@ url_handler (void *cls,
.have_id_segment = true,
.url_suffix = "claim",
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_post_orders_ID_claim
+ .handler = &TMH_post_orders_ID_claim,
+ /* the body should be pretty small, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* POST /orders/$ID/pay: */
{
@@ -996,7 +1030,10 @@ url_handler (void *cls,
.have_id_segment = true,
.url_suffix = "pay",
.method = MHD_HTTP_METHOD_POST,
- .handler = &TMH_post_orders_ID_pay
+ .handler = &TMH_post_orders_ID_pay,
+ /* wallet may give us many coins to sign, allow 1 MB of upload
+ to set a conservative bound for sane wallets */
+ .max_upload = 1024 * 1024
},
/* GET /orders/$ID: */
{
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-merchant] 241/277: clarify with/without wire fee issue, (continued)
- [taler-merchant] 241/277: clarify with/without wire fee issue, gnunet, 2020/07/05
- [taler-merchant] 244/277: use and handle all /pay status codes, gnunet, 2020/07/05
- [taler-merchant] 247/277: harder tests for GET /private/instances, GET /private/products, gnunet, 2020/07/05
- [taler-merchant] 249/277: made a testing trait for order claim nonce, gnunet, 2020/07/05
- [taler-merchant] 251/277: wallet get order handles refunds properly, gnunet, 2020/07/05
- [taler-merchant] 256/277: test for auto marking orders as wired after inserting sufficient transfers, gnunet, 2020/07/05
- [taler-merchant] 258/277: excluded doc/doxygen from gitignore, gnunet, 2020/07/05
- [taler-merchant] 257/277: updated doxygen generation, gnunet, 2020/07/05
- [taler-merchant] 260/277: fix #6236, gnunet, 2020/07/05
- [taler-merchant] 262/277: deduplicate logic, gnunet, 2020/07/05
- [taler-merchant] 264/277: filler max_upload values for all POST/PATCH handlers,
gnunet <=
- [taler-merchant] 265/277: got tips test working again, gnunet, 2020/07/05
- [taler-merchant] 261/277: removed hardcoded row numbers from backenddb tests, gnunet, 2020/07/05
- [taler-merchant] 263/277: long polling test for GET /private/orders, gnunet, 2020/07/05
- [taler-merchant] 270/277: twister, get tips, instance, and post transfer tests, gnunet, 2020/07/05
- [taler-merchant] 259/277: more docs/thorough checks for backend db & long polling for merchant get order, gnunet, 2020/07/05
- [taler-merchant] 266/277: get reserve and tip testing commands use variadic args, gnunet, 2020/07/05
- [taler-merchant] 267/277: get pay-again and pay-abort working again, gnunet, 2020/07/05
- [taler-merchant] 272/277: more merchant benchmark cleanup, gnunet, 2020/07/05
- [taler-merchant] 273/277: use improved rewind API, gnunet, 2020/07/05
- [taler-merchant] 274/277: test GET /private/transfers, gnunet, 2020/07/05