User authentication: limit the number of domains sent in "Logged" to a hundred.

2024-04-28 17:16:06 +02:00 · 2024-04-28 17:16:06 +02:00 · 158d772727
parent 723c1a83a0
commit 158d772727
2 changed files with 6 additions and 2 deletions
--- a/src/requests/user.cr
+++ b/src/requests/user.cr
@ -18,7 +18,11 @@ class DNSManager::Request
 				dnsmanagerd.storage.user_must_exist! user_id

 				accepted_domains = dnsmanagerd.configuration.accepted_domains.not_nil!
-				user_domains = dnsmanagerd.storage.user_domains user_id
+
+				# Limit the number of domains in this message.
+				# Pagination will be required beyond a hundred domains.
+				user_domains = dnsmanagerd.storage.user_domains(user_id).[0..100]
+
 				perms = dnsmanagerd.check_permissions user_id, "*"
 				Response::Logged.new (perms == AuthD::User::PermissionLevel::Admin), accepted_domains, user_domains
 			else
--- a/src/storage.cr
+++ b/src/storage.cr
@ -134,7 +134,7 @@ class DNSManager::Storage

 		matching_domains.each do |md|
 			# Prevent empty domains (from crafted requests) to be accepted.
-			return Response::InvalidDomainName.new unless (domain.chomp md).size > 2
+			return Response::InvalidDomainName.new unless (domain.chomp md).size > 1
 			Baguette::Log.info "Add new domain #{domain} (matching domain #{md})"
 		end