prosody
58d228da618f
plugins/mod_pubsub/pubsub.lib.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_pubsub/pubsub.lib.lua @ 8324:58d228da618f

mod_pubsub: Limit number of items to fetch from archive storage to pubsub#max_items to prevent unbounded query (thanks Martin and lovetox)
author Kim Alvefur <zash@zash.se>
date Sun, 15 Oct 2017 18:59:37 +0200
parent 8323:f2c1d65f706b
child 8325:9a845e9e9cbf
comparison
equal deleted inserted replaced
8323:f2c1d65f706b 8324:58d228da618f
1 local t_unpack = table.unpack or unpack; -- luacheck: ignore 113 1 local t_unpack = table.unpack or unpack; -- luacheck: ignore 113
2 local time_now = os.time; 2 local time_now = os.time;
3 3
4 local st = require "util.stanza"; 4 local st = require "util.stanza";
5 local ti = require "util.iterators";
5 local uuid_generate = require "util.uuid".generate; 6 local uuid_generate = require "util.uuid".generate;
6 local dataform = require"util.dataforms".new; 7 local dataform = require"util.dataforms".new;
7 8
8 local xmlns_pubsub = "http://jabber.org/protocol/pubsub"; 9 local xmlns_pubsub = "http://jabber.org/protocol/pubsub";
9 local xmlns_pubsub_errors = "http://jabber.org/protocol/pubsub#errors"; 10 local xmlns_pubsub_errors = "http://jabber.org/protocol/pubsub#errors";
338 339
339 local function archive_itemstore(archive, config, user, node, expose_publisher) 340 local function archive_itemstore(archive, config, user, node, expose_publisher)
340 module:log("debug", "Creation of itemstore for node %s with config %s", node, config); 341 module:log("debug", "Creation of itemstore for node %s with config %s", node, config);
341 local get_set = {}; 342 local get_set = {};
342 function get_set:items() -- luacheck: ignore 212/self 343 function get_set:items() -- luacheck: ignore 212/self
343 local data, err = archive:find(user); 344 local data, err = archive:find(user, {
345 limit = tonumber(config["pubsub#max_items"]);
346 reverse = true;
347 });
344 if not data then 348 if not data then
345 module:log("error", "Unable to get items: %s", err); 349 module:log("error", "Unable to get items: %s", err);
346 return true; 350 return true;
347 end 351 end
348 module:log("debug", "Listed items %s", data); 352 module:log("debug", "Listed items %s", data);
349 return function() 353 return it.reverse(function()
350 local id, payload, when, publisher = data(); 354 local id, payload, when, publisher = data();
351 if id == nil then 355 if id == nil then
352 return; 356 return;
353 end 357 end
354 local item = create_encapsulating_item(id, payload, publisher, expose_publisher); 358 local item = create_encapsulating_item(id, payload, publisher, expose_publisher);
355 return id, item; 359 return id, item;
356 end; 360 end);
357 end 361 end
358 function get_set:get(key) -- luacheck: ignore 212/self 362 function get_set:get(key) -- luacheck: ignore 212/self
359 local data, err = archive:find(user, { 363 local data, err = archive:find(user, {
360 key = key; 364 key = key;
361 -- Get the last item with that key, if the archive doesn't deduplicate 365 -- Get the last item with that key, if the archive doesn't deduplicate