validate custom limits provided via config at launch

2020-10-08 16:10:42 +05:30 · 2020-10-08 16:10:42 +05:30 · 964aa2bb79
commit 964aa2bb79
parent f4f803ccd9
1 changed files with 40 additions and 6 deletions
--- a/lib/historyKeeper.js
+++ b/lib/historyKeeper.js
@ -8,6 +8,10 @@ const RPC = require("./rpc");
 const HK = require("./hk-util.js");
 const Core = require("./commands/core");

+const Keys = require("./keys");
+const Quota = require("./commands/quota");
+const Util = require("./common-util");
+
 const Store = require("./storage/file");
 const BlobStore = require("./storage/blob");
 const Workers = require("./workers/index");
@ -73,19 +77,49 @@ module.exports.create = function (config, cb) {

        myDomain: config.myDomain,
        mySubdomain: config.mySubdomain, // only exists for the accounts integration
-        customLimits: config.customLimits || {},
+        customLimits: {},
        // FIXME this attribute isn't in the default conf
        // but it is referenced in Quota
        domain: config.domain
    };

    (function () {
-        var custom = Env.customLimits;
-        for (var k in custom) {
-            if (k.length === 44 && custom[k]) {
-                custom.origin = 'config';
+        var custom = config.customLimits;
+        var stored = Env.customLimits;
+
+        Object.keys(custom).forEach(function (k) {
+            var unsafeKey = Keys.canonicalize(k);
+
+            if (!unsafeKey) {
+                Log.warn("INVALID_CUSTOM_LIMIT_ID", {
+                    message: "A custom quota upgrade was provided via your config with an invalid identifier. It will be ignored.",
+                    key: k,
+                    value: custom[k],
+                });
+                return;
            }
-        }
+
+            if (stored[unsafeKey]) {
+                Log.warn("INVALID_CUSTOM_LIMIT_DUPLICATED", {
+                    message: "A duplicated custom quota upgrade was provided via your config which would have overridden an existing value. It will be ignored.",
+                    key: k,
+                    value: custom[k],
+                });
+                return;
+            }
+
+            if (!Quota.isValidLimit(custom[k])) {
+                Log.warn("INVALID_CUSTOM_LIMIT_VALUE", {
+                    message: "A custom quota upgrade was provided via your config with an invalid value. It will be ignored.",
+                    key: k,
+                    value: custom[k],
+                });
+                return;
+            }
+
+            var limit = stored[unsafeKey] = Util.clone(custom[k]);
+            limit.origin = 'config';
+        });
    }());

    (function () {