From 1f7ee139879cac474125453105adc35e7a104ca1 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Tue, 7 Sep 2021 01:01:46 -0700 Subject: [PATCH 1/4] set limit in sqlalchemy between 1 and 10000 --- .vscode/settings.json | 19 ++++++++++++ .../stac_fastapi/sqlalchemy/types/search.py | 3 +- stac_fastapi/sqlalchemy/tests/api/test_api.py | 30 +++++++++++++++++++ 3 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 000000000..475a18bf9 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,19 @@ +{ + "workbench.colorCustomizations": { + "activityBar.activeBackground": "#fbed80", + "activityBar.activeBorder": "#06b9a5", + "activityBar.background": "#fbed80", + "activityBar.foreground": "#15202b", + "activityBar.inactiveForeground": "#15202b99", + "activityBarBadge.background": "#06b9a5", + "activityBarBadge.foreground": "#15202b", + "statusBar.background": "#f9e64f", + "statusBar.foreground": "#15202b", + "statusBarItem.hoverBackground": "#f7df1e", + "titleBar.activeBackground": "#f9e64f", + "titleBar.activeForeground": "#15202b", + "titleBar.inactiveBackground": "#f9e64f99", + "titleBar.inactiveForeground": "#15202b99" + }, + "peacock.color": "#f9e64f" +} \ No newline at end of file diff --git a/stac_fastapi/sqlalchemy/stac_fastapi/sqlalchemy/types/search.py b/stac_fastapi/sqlalchemy/stac_fastapi/sqlalchemy/types/search.py index 8c584dfe4..92b89090a 100644 --- a/stac_fastapi/sqlalchemy/stac_fastapi/sqlalchemy/types/search.py +++ b/stac_fastapi/sqlalchemy/stac_fastapi/sqlalchemy/types/search.py @@ -11,7 +11,7 @@ from typing import Any, Callable, Dict, List, Optional, Set, Union import sqlalchemy as sa -from pydantic import Field, ValidationError, root_validator +from pydantic import Field, ValidationError, root_validator, conint from pydantic.error_wrappers import ErrorWrapper from stac_pydantic.api import Search from stac_pydantic.api.extensions.fields import FieldsExtension as FieldsBase @@ -145,6 +145,7 @@ class SQLAlchemySTACSearch(Search): # Override query extension with supported operators query: Optional[Dict[Queryables, Dict[Operator, Any]]] token: Optional[str] = None + limit: Optional[conint(ge=0, le=10000)] = 10 @root_validator(pre=True) def validate_query_fields(cls, values: Dict) -> Dict: diff --git a/stac_fastapi/sqlalchemy/tests/api/test_api.py b/stac_fastapi/sqlalchemy/tests/api/test_api.py index c29b875b3..e784f4b32 100644 --- a/stac_fastapi/sqlalchemy/tests/api/test_api.py +++ b/stac_fastapi/sqlalchemy/tests/api/test_api.py @@ -91,6 +91,36 @@ def test_app_query_extension(load_test_data, app_client, postgres_transactions): assert len(resp_json["features"]) == 0 +def test_app_query_extension_limit_lt0( + load_test_data, app_client, postgres_transactions +): + item = load_test_data("test_item.json") + postgres_transactions.create_item(item, request=MockStarletteRequest) + + params = {"limit": -1} + resp = app_client.post("/search", json=params) + assert resp.status_code == 400 + +def test_app_query_extension_limit_gt10000( + load_test_data, app_client, postgres_transactions +): + item = load_test_data("test_item.json") + postgres_transactions.create_item(item, request=MockStarletteRequest) + + params = {"limit": 10001} + resp = app_client.post("/search", json=params) + assert resp.status_code == 400 + +def test_app_query_extension_limit_10000( + load_test_data, app_client, postgres_transactions +): + item = load_test_data("test_item.json") + postgres_transactions.create_item(item, request=MockStarletteRequest) + + params = {"limit": 10000} + resp = app_client.post("/search", json=params) + assert resp.status_code == 200 + def test_app_sort_extension(load_test_data, app_client, postgres_transactions): first_item = load_test_data("test_item.json") item_date = datetime.strptime( From 7d87f6e7611766f7222eb9809ad570666d65ce10 Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Tue, 7 Sep 2021 01:09:15 -0700 Subject: [PATCH 2/4] pre commit --- .../sqlalchemy/stac_fastapi/sqlalchemy/types/search.py | 2 +- stac_fastapi/sqlalchemy/tests/api/test_api.py | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/stac_fastapi/sqlalchemy/stac_fastapi/sqlalchemy/types/search.py b/stac_fastapi/sqlalchemy/stac_fastapi/sqlalchemy/types/search.py index 92b89090a..6039d90e1 100644 --- a/stac_fastapi/sqlalchemy/stac_fastapi/sqlalchemy/types/search.py +++ b/stac_fastapi/sqlalchemy/stac_fastapi/sqlalchemy/types/search.py @@ -11,7 +11,7 @@ from typing import Any, Callable, Dict, List, Optional, Set, Union import sqlalchemy as sa -from pydantic import Field, ValidationError, root_validator, conint +from pydantic import Field, ValidationError, conint, root_validator from pydantic.error_wrappers import ErrorWrapper from stac_pydantic.api import Search from stac_pydantic.api.extensions.fields import FieldsExtension as FieldsBase diff --git a/stac_fastapi/sqlalchemy/tests/api/test_api.py b/stac_fastapi/sqlalchemy/tests/api/test_api.py index e784f4b32..08edce16e 100644 --- a/stac_fastapi/sqlalchemy/tests/api/test_api.py +++ b/stac_fastapi/sqlalchemy/tests/api/test_api.py @@ -101,6 +101,7 @@ def test_app_query_extension_limit_lt0( resp = app_client.post("/search", json=params) assert resp.status_code == 400 + def test_app_query_extension_limit_gt10000( load_test_data, app_client, postgres_transactions ): @@ -111,6 +112,7 @@ def test_app_query_extension_limit_gt10000( resp = app_client.post("/search", json=params) assert resp.status_code == 400 + def test_app_query_extension_limit_10000( load_test_data, app_client, postgres_transactions ): @@ -121,6 +123,7 @@ def test_app_query_extension_limit_10000( resp = app_client.post("/search", json=params) assert resp.status_code == 200 + def test_app_sort_extension(load_test_data, app_client, postgres_transactions): first_item = load_test_data("test_item.json") item_date = datetime.strptime( From 4b6a5d92e1fe0fc74b202bb79df84462a92adcfa Mon Sep 17 00:00:00 2001 From: jonhealy1 Date: Tue, 7 Sep 2021 01:14:22 -0700 Subject: [PATCH 3/4] remove .vscode --- .vscode/settings.json | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 475a18bf9..000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "workbench.colorCustomizations": { - "activityBar.activeBackground": "#fbed80", - "activityBar.activeBorder": "#06b9a5", - "activityBar.background": "#fbed80", - "activityBar.foreground": "#15202b", - "activityBar.inactiveForeground": "#15202b99", - "activityBarBadge.background": "#06b9a5", - "activityBarBadge.foreground": "#15202b", - "statusBar.background": "#f9e64f", - "statusBar.foreground": "#15202b", - "statusBarItem.hoverBackground": "#f7df1e", - "titleBar.activeBackground": "#f9e64f", - "titleBar.activeForeground": "#15202b", - "titleBar.inactiveBackground": "#f9e64f99", - "titleBar.inactiveForeground": "#15202b99" - }, - "peacock.color": "#f9e64f" -} \ No newline at end of file From 12203ba8f08321c9a55e81942fea67b339f573e6 Mon Sep 17 00:00:00 2001 From: Jeff Albrecht Date: Sat, 11 Sep 2021 20:33:11 -0600 Subject: [PATCH 4/4] update changelog --- CHANGES.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGES.md b/CHANGES.md index 3e10cd524..7dcd1d547 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -11,6 +11,7 @@ ### Fixed * Pin FastAPI to 0.67 to avoid issues with rendering OpenAPI documentation ([#246](https://github.com/stac-utils/stac-fastapi/pull/246)) +* Restrict `limit` parameter in sqlalchemy backend to between 1 and 10,000. ([#251](https://github.com/stac-utils/stac-fastapi/pull/251)) ## [2.1.0]