From 964aa2bb79285ee7bc595d92747e07d539e41307 Mon Sep 17 00:00:00 2001 From: ansuz Date: Thu, 8 Oct 2020 16:10:42 +0530 Subject: [PATCH] validate custom limits provided via config at launch --- lib/historyKeeper.js | 46 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 40 insertions(+), 6 deletions(-) diff --git a/lib/historyKeeper.js b/lib/historyKeeper.js index 25d86f212..cc1ff1fef 100644 --- a/lib/historyKeeper.js +++ b/lib/historyKeeper.js @@ -8,6 +8,10 @@ const RPC = require("./rpc"); const HK = require("./hk-util.js"); const Core = require("./commands/core"); +const Keys = require("./keys"); +const Quota = require("./commands/quota"); +const Util = require("./common-util"); + const Store = require("./storage/file"); const BlobStore = require("./storage/blob"); const Workers = require("./workers/index"); @@ -73,19 +77,49 @@ module.exports.create = function (config, cb) { myDomain: config.myDomain, mySubdomain: config.mySubdomain, // only exists for the accounts integration - customLimits: config.customLimits || {}, + customLimits: {}, // FIXME this attribute isn't in the default conf // but it is referenced in Quota domain: config.domain }; (function () { - var custom = Env.customLimits; - for (var k in custom) { - if (k.length === 44 && custom[k]) { - custom.origin = 'config'; + var custom = config.customLimits; + var stored = Env.customLimits; + + Object.keys(custom).forEach(function (k) { + var unsafeKey = Keys.canonicalize(k); + + if (!unsafeKey) { + Log.warn("INVALID_CUSTOM_LIMIT_ID", { + message: "A custom quota upgrade was provided via your config with an invalid identifier. It will be ignored.", + key: k, + value: custom[k], + }); + return; } - } + + if (stored[unsafeKey]) { + Log.warn("INVALID_CUSTOM_LIMIT_DUPLICATED", { + message: "A duplicated custom quota upgrade was provided via your config which would have overridden an existing value. It will be ignored.", + key: k, + value: custom[k], + }); + return; + } + + if (!Quota.isValidLimit(custom[k])) { + Log.warn("INVALID_CUSTOM_LIMIT_VALUE", { + message: "A custom quota upgrade was provided via your config with an invalid value. It will be ignored.", + key: k, + value: custom[k], + }); + return; + } + + var limit = stored[unsafeKey] = Util.clone(custom[k]); + limit.origin = 'config'; + }); }()); (function () {