Add limit check

2023-03-23 00:16:53 +09:00 · 2023-03-23 00:16:53 +09:00 · 6aea440a0e
parent 863615e40a
commit 6aea440a0e
2 changed files with 14 additions and 4 deletions
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@ -15,6 +15,7 @@ class Api::V1::AccountsController < Api::BaseController
  before_action :check_account_approval, except: [:index, :create]
  before_action :check_account_confirmation, except: [:index, :create]
  before_action :check_enabled_registrations, only: [:create]
+  before_action :check_accounts_limit, only: [:index]

  skip_before_action :require_authenticated_user!, only: :create

@ -96,6 +97,10 @@ class Api::V1::AccountsController < Api::BaseController
    raise(ActiveRecord::RecordNotFound) if @account.local? && !@account.user_confirmed?
  end

+  def check_accounts_limit
+    raise(Mastodon::ValidationError) if account_ids.size > DEFAULT_ACCOUNTS_LIMIT
+  end
+
  def relationships(**options)
    AccountRelationshipsPresenter.new([@account], current_user.account_id, **options)
  end
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@ -5,10 +5,11 @@ class Api::V1::StatusesController < Api::BaseController

  before_action -> { authorize_if_got_token! :read, :'read:statuses' }, except: [:create, :update, :destroy]
  before_action -> { doorkeeper_authorize! :write, :'write:statuses' }, only:   [:create, :update, :destroy]
-  before_action :require_user!, except:  [:index, :show, :context]
-  before_action :set_statuses, only:     [:index]
-  before_action :set_status, only:       [:show, :context]
-  before_action :set_thread, only:       [:create]
+  before_action :require_user!, except:      [:index, :show, :context]
+  before_action :set_statuses, only:         [:index]
+  before_action :set_status, only:           [:show, :context]
+  before_action :set_thread, only:           [:create]
+  before_action :check_statuses_limit, only: [:index]

  override_rate_limit_headers :create, family: :statuses
  override_rate_limit_headers :update, family: :statuses
@ -135,6 +136,10 @@ class Api::V1::StatusesController < Api::BaseController
    render json: { error: I18n.t('statuses.errors.in_reply_not_found') }, status: 404
  end

+  def check_statuses_limit
+    raise(Mastodon::ValidationError) if status_ids.size > DEFAULT_STATUSES_LIMIT
+  end
+
  def status_ids
    Array(statuses_params[:ids]).uniq.map(&:to_i)
  end