diff --git a/libraries/app/api.cpp b/libraries/app/api.cpp index e1baf30f..c76fa940 100644 --- a/libraries/app/api.cpp +++ b/libraries/app/api.cpp @@ -579,7 +579,10 @@ namespace graphene { namespace app { { FC_ASSERT( _app.chain_database() ); const auto& db = *_app.chain_database(); - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_get_account_history, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_account_history) ); + vector result; account_id_type account; try { @@ -627,7 +630,10 @@ namespace graphene { namespace app { { FC_ASSERT( _app.chain_database() ); const auto& db = *_app.chain_database(); - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_get_account_history_operations, + "Number of querying history accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_account_history_operations) ); + vector result; account_id_type account; try { @@ -667,7 +673,10 @@ namespace graphene { namespace app { { FC_ASSERT( _app.chain_database() ); const auto& db = *_app.chain_database(); - FC_ASSERT(limit <= 100); + FC_ASSERT( limit <= api_limit_get_relative_account_history, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_relative_account_history) ); + vector result; account_id_type account; try { @@ -804,7 +813,9 @@ namespace graphene { namespace app { asset_api::~asset_api() { } vector asset_api::get_asset_holders( std::string asset, uint32_t start, uint32_t limit ) const { - FC_ASSERT(limit <= 100); + FC_ASSERT( limit <= api_limit_get_asset_holders, + "Number of querying asset holder accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_asset_holders) ); asset_id_type asset_id = database_api.get_asset_id_from_string( asset ); const auto& bal_idx = _db.get_index_type< account_balance_index >().indices().get< by_asset_balance >(); diff --git a/libraries/app/database_api.cpp b/libraries/app/database_api.cpp index fbc98aa4..61b11475 100644 --- a/libraries/app/database_api.cpp +++ b/libraries/app/database_api.cpp @@ -234,6 +234,18 @@ class database_api_impl : public std::enable_shared_from_this vector get_offer_history_by_item(const offer_history_id_type lower_id, const nft_id_type item, uint32_t limit) const; vector get_offer_history_by_bidder(const offer_history_id_type lower_id, const account_id_type bidder_account_id, uint32_t limit) const; + + uint32_t api_limit_get_lower_bound_symbol = 100; + uint32_t api_limit_get_limit_orders = 300; + uint32_t api_limit_get_limit_orders_by_account = 101; + uint32_t api_limit_get_order_book = 50; + uint32_t api_limit_all_offers_count = 100; + uint32_t api_limit_lookup_accounts = 1000; + uint32_t api_limit_lookup_witness_accounts = 1000; + uint32_t api_limit_lookup_committee_member_accounts = 1000; + uint32_t api_limit_get_trade_history = 100; + uint32_t api_limit_get_trade_history_by_sequence = 100; + // Account Role vector get_account_roles_by_owner(account_id_type owner) const; @@ -877,7 +889,9 @@ map database_api::lookup_accounts(const string& lower_bo map database_api_impl::lookup_accounts(const string& lower_bound_name, uint32_t limit)const { - FC_ASSERT( limit <= 1000 ); + FC_ASSERT( limit <= api_limit_lookup_accounts, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_lookup_accounts) ); const auto& accounts_by_name = _db.get_index_type().indices().get(); map result; @@ -1085,7 +1099,9 @@ vector database_api::list_assets(const string& lower_bound_symbol, vector database_api_impl::list_assets(const string& lower_bound_symbol, uint32_t limit)const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_get_lower_bound_symbol, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_lower_bound_symbol) ); const auto& assets_by_symbol = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -1535,7 +1551,9 @@ order_book database_api::get_order_book( const string& base, const string& quote order_book database_api_impl::get_order_book( const string& base, const string& quote, unsigned limit )const { using boost::multiprecision::uint128_t; - FC_ASSERT( limit <= 50 ); + FC_ASSERT( limit <= api_limit_get_order_book, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_order_book) ); order_book result; result.base = base; @@ -1597,7 +1615,9 @@ vector database_api_impl::get_trade_history( const string& base, fc::time_point_sec stop, unsigned limit )const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_get_trade_history, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_trade_history) ); auto assets = lookup_asset_symbols( {base, quote} ); FC_ASSERT( assets[0], "Invalid base asset symbol: ${s}", ("s",base) ); @@ -1716,7 +1736,9 @@ map database_api::lookup_witness_accounts(const string& map database_api_impl::lookup_witness_accounts(const string& lower_bound_name, uint32_t limit)const { - FC_ASSERT( limit <= 1000 ); + FC_ASSERT( limit <= api_limit_lookup_witness_accounts, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_lookup_witness_accounts) ); const auto& witnesses_by_id = _db.get_index_type().indices().get(); // we want to order witnesses by account name, but that name is in the account object @@ -1792,7 +1814,9 @@ map database_api::lookup_committee_member_acco map database_api_impl::lookup_committee_member_accounts(const string& lower_bound_name, uint32_t limit)const { - FC_ASSERT( limit <= 1000 ); + FC_ASSERT( limit <= api_limit_lookup_committee_member_accounts, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_lookup_committee_member_accounts) ); const auto& committee_members_by_id = _db.get_index_type().indices().get(); // we want to order committee_members by account name, but that name is in the account object @@ -2912,7 +2936,9 @@ vector database_api::list_offers(const offer_id_type lower_id, uin vector database_api_impl::list_offers(const offer_id_type lower_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& offers_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -2932,7 +2958,9 @@ vector database_api::list_sell_offers(const offer_id_type lower_id vector database_api_impl::list_sell_offers(const offer_id_type lower_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& offers_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -2958,7 +2986,9 @@ vector database_api::list_buy_offers(const offer_id_type lower_id, vector database_api_impl::list_buy_offers(const offer_id_type lower_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& offers_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -2985,7 +3015,9 @@ vector database_api::list_offer_history(const offer_histor vector database_api_impl::list_offer_history(const offer_history_id_type lower_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& oh_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -3005,7 +3037,9 @@ vector database_api::get_offers_by_issuer(const offer_id_type lowe vector database_api_impl::get_offers_by_issuer(const offer_id_type lower_id, const account_id_type issuer_account_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& offers_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -3029,7 +3063,9 @@ vector database_api::get_offers_by_item(const offer_id_type lower_ vector database_api_impl::get_offers_by_item(const offer_id_type lower_id, const nft_id_type item, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& offers_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -3064,7 +3100,9 @@ vector database_api::get_offer_history_by_bidder(const off vector database_api_impl::get_offer_history_by_issuer(const offer_history_id_type lower_id, const account_id_type issuer_account_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& oh_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -3085,7 +3123,9 @@ vector database_api_impl::get_offer_history_by_issuer(cons vector database_api_impl::get_offer_history_by_item(const offer_history_id_type lower_id, const nft_id_type item, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& oh_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -3107,7 +3147,9 @@ vector database_api_impl::get_offer_history_by_item(const vector database_api_impl::get_offer_history_by_bidder(const offer_history_id_type lower_id, const account_id_type bidder_account_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& oh_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); diff --git a/libraries/app/include/graphene/app/api.hpp b/libraries/app/include/graphene/app/api.hpp index 4adf73a3..e4329141 100644 --- a/libraries/app/include/graphene/app/api.hpp +++ b/libraries/app/include/graphene/app/api.hpp @@ -150,6 +150,9 @@ namespace graphene { namespace app { fc::time_point_sec start, fc::time_point_sec end )const; vector list_core_accounts()const; flat_set get_market_history_buckets()const; + uint32_t api_limit_get_account_history_operations = 100; + uint32_t api_limit_get_account_history = 100; + uint32_t api_limit_get_relative_account_history = 100; private: application& _app; graphene::app::database_api database_api; @@ -354,6 +357,7 @@ namespace graphene { namespace app { */ vector get_all_asset_holders() const; + uint32_t api_limit_get_asset_holders = 100; private: graphene::app::application& _app; graphene::chain::database& _db;