From b1653ca107afa1e26257c55045b8617e87739e1d Mon Sep 17 00:00:00 2001 From: YoussefAWasfy <112941926+YoussefAWasfy@users.noreply.github.com> Date: Thu, 10 Oct 2024 13:55:58 +0200 Subject: [PATCH] fix(FTL-17164): limit message deletion to 100 per request and limit list to 100 (#62) --- affinidi-messaging-mediator/src/database/list.rs | 4 ++++ .../src/handlers/message_delete.rs | 14 ++++++++++++-- affinidi-messaging-sdk/src/messages/delete.rs | 9 ++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/affinidi-messaging-mediator/src/database/list.rs b/affinidi-messaging-mediator/src/database/list.rs index 105150c..c871608 100644 --- a/affinidi-messaging-mediator/src/database/list.rs +++ b/affinidi-messaging-mediator/src/database/list.rs @@ -7,6 +7,8 @@ use crate::common::errors::MediatorError; use super::DatabaseHandler; +const MAX_MESSAGES_LIMIT: usize = 100; + impl DatabaseHandler { /// Retrieves list of messages for the specified DID and folder /// The folder can be either Inbox or Outbox @@ -43,6 +45,8 @@ impl DatabaseHandler { .arg(&key) .arg(start) .arg(end) + .arg("COUNT") + .arg(MAX_MESSAGES_LIMIT) .query_async(&mut conn) .await .map_err(|err| { diff --git a/affinidi-messaging-mediator/src/handlers/message_delete.rs b/affinidi-messaging-mediator/src/handlers/message_delete.rs index 1fef7db..ad5cfad 100644 --- a/affinidi-messaging-mediator/src/handlers/message_delete.rs +++ b/affinidi-messaging-mediator/src/handlers/message_delete.rs @@ -8,10 +8,10 @@ use serde::{Deserialize, Serialize}; use tracing::{debug, span, warn, Instrument, Level}; use crate::{ - common::errors::{AppError, Session, SuccessResponse}, + common::errors::{AppError, MediatorError, Session, SuccessResponse}, SharedData, }; - +const MAX_MESSAGES_TO_DELETE_LIMIT: usize = 100; #[derive(Serialize, Deserialize, Debug, Default, Clone)] pub struct ResponseData { pub body: String, @@ -34,6 +34,16 @@ pub async fn message_delete_handler( ); async move { debug!("Deleting ({}) messages", body.message_ids.len()); + if body.message_ids.len() > MAX_MESSAGES_TO_DELETE_LIMIT { + return Err(MediatorError::RequestDataError( + session.session_id.clone(), + format!( + "Operation exceeds the allowed limit. You may delete a maximum of 100 messages per request. Received {} ids.", + body.message_ids.len() + ), + ) + .into()); + } let mut deleted: DeleteMessageResponse = DeleteMessageResponse::default(); for message in &body.message_ids { diff --git a/affinidi-messaging-sdk/src/messages/delete.rs b/affinidi-messaging-sdk/src/messages/delete.rs index d0754f6..35ceb5f 100644 --- a/affinidi-messaging-sdk/src/messages/delete.rs +++ b/affinidi-messaging-sdk/src/messages/delete.rs @@ -4,6 +4,8 @@ use crate::{errors::ATMError, messages::SuccessResponse, ATM}; use super::{DeleteMessageRequest, DeleteMessageResponse}; +const MAX_MESSAGES_TO_DELETE_LIMIT: usize = 100; + impl<'c> ATM<'c> { /// Delete messages from ATM /// - messages: List of message_ids to delete @@ -15,7 +17,12 @@ impl<'c> ATM<'c> { // Check if authenticated let tokens = self.authenticate().await?; - + if messages.message_ids.len() > MAX_MESSAGES_TO_DELETE_LIMIT { + return Err(ATMError::MsgSendError(format!( + "Operation exceeds the allowed limit. You may delete a maximum of 100 messages per request. Received {} ids.", + messages.message_ids.len() + ))); + } let msg = serde_json::to_string(messages).map_err(|e| { ATMError::TransportError(format!( "Could not serialize delete message request: {:?}",