Enforce changeset size limit for API calls which make changes

2024-06-18 20:45:00 +01:00 · 2024-06-18 20:45:00 +01:00 · c38e3d6144
commit c38e3d6144
parent f61ac2586f
3 changed files with 27 additions and 0 deletions
--- a/app/models/changeset.rb
+++ b/app/models/changeset.rb
@ -130,6 +130,8 @@ class Changeset < ApplicationRecord
  def update_bbox!(bbox_update)
    bbox.expand!(bbox_update)

+    raise OSM::APISizeLimitExceeded if bbox.linear_size > size_limit
+
    # update active record. rails 2.1's dirty handling should take care of
    # whether this object needs saving or not.
    self.min_lon, self.min_lat, self.max_lon, self.max_lat = @bbox.to_a.collect(&:round) if bbox.complete?
@ -225,4 +227,10 @@ class Changeset < ApplicationRecord
  def subscribed?(user)
    subscribers.exists?(user.id)
  end
+
+  def size_limit
+    @size_limit ||= ActiveRecord::Base.connection.select_value(
+      "SELECT api_size_limit($1)", "api_size_limit", [user_id]
+    )
+  end
 end
--- a/lib/bounding_box.rb
+++ b/lib/bounding_box.rb
@ -88,6 +88,14 @@ class BoundingBox
    end
  end

+  def linear_size
+    if complete?
+      (max_lon - min_lon) + (max_lat - min_lat)
+    else
+      0
+    end
+  end
+
  def complete?
    to_a.exclude?(nil)
  end
--- a/lib/osm.rb
+++ b/lib/osm.rb
@ -364,6 +364,17 @@ module OSM
    end
  end

+  # Raised when a size limit is exceeded
+  class APISizeLimitExceeded < APIError
+    def initialize
+      super("Size limit exceeded")
+    end
+
+    def status
+      :payload_too_large
+    end
+  end
+
  # Helper methods for going to/from mercator and lat/lng.
  class Mercator
    include Math