Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-20 02:31:30 +01:00
Code Issues Projects Releases Wiki Activity

abuse limits on bulk apis

Browse Source
This commit is contained in:
Kyle Spearrin 2017-10-09 16:58:37 -04:00
parent f8c5bc1c39
commit 255b5bbdb0
2 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/Api/Controllers/CiphersController.cs
View File

@ -210,6 +210,11 @@ namespace Bit.Api.Controllers
[HttpPost("import")] [HttpPost("import")]
public async Task PostImport([FromBody]ImportCiphersRequestModel model) public async Task PostImport([FromBody]ImportCiphersRequestModel model)
{ {
if(model.Ciphers.Count() > 5000 || model.FolderRelationships.Count() > 5000 || model.Folders.Count() > 200)
{
throw new BadRequestException("You cannot import this much data at once.");
}
var userId = _userService.GetProperUserId(User).Value; var userId = _userService.GetProperUserId(User).Value;
var folders = model.Folders.Select(f => f.ToFolder(userId)).ToList(); var folders = model.Folders.Select(f => f.ToFolder(userId)).ToList();
var ciphers = model.Ciphers.Select(c => c.ToCipherDetails(userId)).ToList(); var ciphers = model.Ciphers.Select(c => c.ToCipherDetails(userId)).ToList();
@ -219,6 +224,11 @@ namespace Bit.Api.Controllers
[HttpPost("import-organization")] [HttpPost("import-organization")]
public async Task PostImport([FromQuery]string organizationId, [FromBody]ImportOrganizationCiphersRequestModel model) public async Task PostImport([FromQuery]string organizationId, [FromBody]ImportOrganizationCiphersRequestModel model)
{ {
if(model.Ciphers.Count() > 5000 || model.CollectionRelationships.Count() > 5000 || model.Collections.Count() > 200)
{
throw new BadRequestException("You cannot import this much data at once.");
}
var orgId = new Guid(organizationId); var orgId = new Guid(organizationId);
if(!_currentContext.OrganizationAdmin(orgId)) if(!_currentContext.OrganizationAdmin(orgId))
{ {
@ -320,6 +330,11 @@ namespace Bit.Api.Controllers
[HttpPost("delete")] [HttpPost("delete")]
public async Task DeleteMany([FromBody]CipherBulkDeleteRequestModel model) public async Task DeleteMany([FromBody]CipherBulkDeleteRequestModel model)
{ {
if(model.Ids.Count() > 200)
{
throw new BadRequestException("You can only delete up to 200 items at a time.");
}
var userId = _userService.GetProperUserId(User).Value; var userId = _userService.GetProperUserId(User).Value;
await _cipherService.DeleteManyAsync(model.Ids.Select(i => new Guid(i)), userId); await _cipherService.DeleteManyAsync(model.Ids.Select(i => new Guid(i)), userId);
} }
@ -328,6 +343,11 @@ namespace Bit.Api.Controllers
[HttpPost("move")] [HttpPost("move")]
public async Task MoveMany([FromBody]CipherBulkMoveRequestModel model) public async Task MoveMany([FromBody]CipherBulkMoveRequestModel model)
{ {
if(model.Ids.Count() > 200)
{
throw new BadRequestException("You can only move up to 200 items at a time.");
}
var userId = _userService.GetProperUserId(User).Value; var userId = _userService.GetProperUserId(User).Value;
await _cipherService.MoveManyAsync(model.Ids.Select(i => new Guid(i)), await _cipherService.MoveManyAsync(model.Ids.Select(i => new Guid(i)),
string.IsNullOrWhiteSpace(model.FolderId) ? (Guid?)null : new Guid(model.FolderId), userId); string.IsNullOrWhiteSpace(model.FolderId) ? (Guid?)null : new Guid(model.FolderId), userId);

5
src/Api/Controllers/OrganizationsController.cs
View File

@ -347,6 +347,11 @@ namespace Bit.Api.Controllers
[HttpPost("{id}/import")] [HttpPost("{id}/import")]
public async Task Import(string id, [FromBody]ImportOrganizationUsersRequestModel model) public async Task Import(string id, [FromBody]ImportOrganizationUsersRequestModel model)
{ {
if(model.Groups.Count() > 200 || model.Users.Count() > 1000)
{
throw new BadRequestException("You cannot import this much data at once.");
}
var orgIdGuid = new Guid(id); var orgIdGuid = new Guid(id);
if(!_currentContext.OrganizationAdmin(orgIdGuid)) if(!_currentContext.OrganizationAdmin(orgIdGuid))
{ {