diff --git a/libraries/app/api.cpp b/libraries/app/api.cpp index 11d39f69..4c1ac752 100644 --- a/libraries/app/api.cpp +++ b/libraries/app/api.cpp @@ -580,7 +580,10 @@ namespace graphene { namespace app { { FC_ASSERT( _app.chain_database() ); const auto& db = *_app.chain_database(); - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_get_account_history, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_account_history) ); + vector result; account_id_type account; try { @@ -628,7 +631,10 @@ namespace graphene { namespace app { { FC_ASSERT( _app.chain_database() ); const auto& db = *_app.chain_database(); - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_get_account_history_operations, + "Number of querying history accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_account_history_operations) ); + vector result; account_id_type account; try { @@ -668,7 +674,10 @@ namespace graphene { namespace app { { FC_ASSERT( _app.chain_database() ); const auto& db = *_app.chain_database(); - FC_ASSERT(limit <= 100); + FC_ASSERT( limit <= api_limit_get_relative_account_history, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_relative_account_history) ); + vector result; account_id_type account; try { @@ -805,7 +814,9 @@ namespace graphene { namespace app { asset_api::~asset_api() { } vector asset_api::get_asset_holders( std::string asset, uint32_t start, uint32_t limit ) const { - FC_ASSERT(limit <= 100); + FC_ASSERT( limit <= api_limit_get_asset_holders, + "Number of querying asset holder accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_asset_holders) ); asset_id_type asset_id = database_api.get_asset_id_from_string( asset ); const auto& bal_idx = _db.get_index_type< account_balance_index >().indices().get< by_asset_balance >(); diff --git a/libraries/app/database_api.cpp b/libraries/app/database_api.cpp index a2c56c59..f2a6c260 100644 --- a/libraries/app/database_api.cpp +++ b/libraries/app/database_api.cpp @@ -235,6 +235,18 @@ class database_api_impl : public std::enable_shared_from_this vector get_offer_history_by_item(const offer_history_id_type lower_id, const nft_id_type item, uint32_t limit) const; vector get_offer_history_by_bidder(const offer_history_id_type lower_id, const account_id_type bidder_account_id, uint32_t limit) const; + + uint32_t api_limit_get_lower_bound_symbol = 100; + uint32_t api_limit_get_limit_orders = 300; + uint32_t api_limit_get_limit_orders_by_account = 101; + uint32_t api_limit_get_order_book = 50; + uint32_t api_limit_all_offers_count = 100; + uint32_t api_limit_lookup_accounts = 1000; + uint32_t api_limit_lookup_witness_accounts = 1000; + uint32_t api_limit_lookup_committee_member_accounts = 1000; + uint32_t api_limit_get_trade_history = 100; + uint32_t api_limit_get_trade_history_by_sequence = 100; + // Account Role vector get_account_roles_by_owner(account_id_type owner) const; @@ -878,7 +890,9 @@ map database_api::lookup_accounts(const string& lower_bo map database_api_impl::lookup_accounts(const string& lower_bound_name, uint32_t limit)const { - FC_ASSERT( limit <= 1000 ); + FC_ASSERT( limit <= api_limit_lookup_accounts, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_lookup_accounts) ); const auto& accounts_by_name = _db.get_index_type().indices().get(); map result; @@ -1086,7 +1100,9 @@ vector database_api::list_assets(const string& lower_bound_symbol, vector database_api_impl::list_assets(const string& lower_bound_symbol, uint32_t limit)const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_get_lower_bound_symbol, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_lower_bound_symbol) ); const auto& assets_by_symbol = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -1536,7 +1552,9 @@ order_book database_api::get_order_book( const string& base, const string& quote order_book database_api_impl::get_order_book( const string& base, const string& quote, unsigned limit )const { using boost::multiprecision::uint128_t; - FC_ASSERT( limit <= 50 ); + FC_ASSERT( limit <= api_limit_get_order_book, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_order_book) ); order_book result; result.base = base; @@ -1598,7 +1616,9 @@ vector database_api_impl::get_trade_history( const string& base, fc::time_point_sec stop, unsigned limit )const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_get_trade_history, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_get_trade_history) ); auto assets = lookup_asset_symbols( {base, quote} ); FC_ASSERT( assets[0], "Invalid base asset symbol: ${s}", ("s",base) ); @@ -1717,7 +1737,9 @@ map database_api::lookup_witness_accounts(const string& map database_api_impl::lookup_witness_accounts(const string& lower_bound_name, uint32_t limit)const { - FC_ASSERT( limit <= 1000 ); + FC_ASSERT( limit <= api_limit_lookup_witness_accounts, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_lookup_witness_accounts) ); const auto& witnesses_by_id = _db.get_index_type().indices().get(); // we want to order witnesses by account name, but that name is in the account object @@ -1793,7 +1815,9 @@ map database_api::lookup_committee_member_acco map database_api_impl::lookup_committee_member_accounts(const string& lower_bound_name, uint32_t limit)const { - FC_ASSERT( limit <= 1000 ); + FC_ASSERT( limit <= api_limit_lookup_committee_member_accounts, + "Number of querying accounts can not be greater than ${configured_limit}", + ("configured_limit", api_limit_lookup_committee_member_accounts) ); const auto& committee_members_by_id = _db.get_index_type().indices().get(); // we want to order committee_members by account name, but that name is in the account object @@ -2913,7 +2937,9 @@ vector database_api::list_offers(const offer_id_type lower_id, uin vector database_api_impl::list_offers(const offer_id_type lower_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& offers_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -2933,7 +2959,9 @@ vector database_api::list_sell_offers(const offer_id_type lower_id vector database_api_impl::list_sell_offers(const offer_id_type lower_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& offers_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -2959,7 +2987,9 @@ vector database_api::list_buy_offers(const offer_id_type lower_id, vector database_api_impl::list_buy_offers(const offer_id_type lower_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& offers_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -2986,7 +3016,9 @@ vector database_api::list_offer_history(const offer_histor vector database_api_impl::list_offer_history(const offer_history_id_type lower_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& oh_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -3006,7 +3038,9 @@ vector database_api::get_offers_by_issuer(const offer_id_type lowe vector database_api_impl::get_offers_by_issuer(const offer_id_type lower_id, const account_id_type issuer_account_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& offers_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -3030,7 +3064,9 @@ vector database_api::get_offers_by_item(const offer_id_type lower_ vector database_api_impl::get_offers_by_item(const offer_id_type lower_id, const nft_id_type item, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& offers_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -3065,7 +3101,9 @@ vector database_api::get_offer_history_by_bidder(const off vector database_api_impl::get_offer_history_by_issuer(const offer_history_id_type lower_id, const account_id_type issuer_account_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& oh_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -3086,7 +3124,9 @@ vector database_api_impl::get_offer_history_by_issuer(cons vector database_api_impl::get_offer_history_by_item(const offer_history_id_type lower_id, const nft_id_type item, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& oh_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); @@ -3108,7 +3148,9 @@ vector database_api_impl::get_offer_history_by_item(const vector database_api_impl::get_offer_history_by_bidder(const offer_history_id_type lower_id, const account_id_type bidder_account_id, uint32_t limit) const { - FC_ASSERT( limit <= 100 ); + FC_ASSERT( limit <= api_limit_all_offers_count, + "Number of querying offers can not be greater than ${configured_limit}", + ("configured_limit", api_limit_all_offers_count) ); const auto& oh_idx = _db.get_index_type().indices().get(); vector result; result.reserve(limit); diff --git a/libraries/app/include/graphene/app/api.hpp b/libraries/app/include/graphene/app/api.hpp index 4adf73a3..e4329141 100644 --- a/libraries/app/include/graphene/app/api.hpp +++ b/libraries/app/include/graphene/app/api.hpp @@ -150,6 +150,9 @@ namespace graphene { namespace app { fc::time_point_sec start, fc::time_point_sec end )const; vector list_core_accounts()const; flat_set get_market_history_buckets()const; + uint32_t api_limit_get_account_history_operations = 100; + uint32_t api_limit_get_account_history = 100; + uint32_t api_limit_get_relative_account_history = 100; private: application& _app; graphene::app::database_api database_api; @@ -354,6 +357,7 @@ namespace graphene { namespace app { */ vector get_all_asset_holders() const; + uint32_t api_limit_get_asset_holders = 100; private: graphene::app::application& _app; graphene::chain::database& _db;