this repo has no description
enforce commit and sync hard data limits
+14
+14
cmd/relay/relay/verify.go
+14
cmd/relay/relay/verify.go
···
20
20
)
21
21
22
22
const futureRevTolerance = time.Minute * 5
23
+
const MaxMessageBlocksBytes = 2_000_000
24
+
const MaxCommitOps = 200
23
25
24
26
// High-level entrypoint for verifying #commit messages.
25
27
//
···
35
37
// returns an AccountRepo with empty UID, containing metadata about *this* commit
36
38
func (r *Relay) VerifyRepoCommit(ctx context.Context, evt *comatproto.SyncSubscribeRepos_Commit, ident *identity.Identity, prevRepo *models.AccountRepo, hostname string) (*models.AccountRepo, error) {
37
39
logger := r.Logger.With("host", hostname, "did", evt.Repo, "rev", evt.Rev)
40
+
41
+
if len(evt.Blocks) > MaxMessageBlocksBytes {
42
+
return nil, fmt.Errorf("blocks size (%d bytes) exceeds protocol limit", len(evt.Blocks))
43
+
}
44
+
45
+
if len(evt.Ops) > MaxCommitOps {
46
+
return nil, fmt.Errorf("too many ops in commit: %d", len(evt.Ops))
47
+
}
38
48
39
49
// even in lenient/legacy mode (eg, tooBig), we need to verify commit
40
50
commit, commitCID, err := repo.LoadCommitFromCAR(ctx, bytes.NewReader(evt.Blocks))
···
166
176
// returns an AccountRepo with empty UID, containing metadata about *this* commit
167
177
func (r *Relay) VerifyRepoSync(ctx context.Context, evt *comatproto.SyncSubscribeRepos_Sync, ident *identity.Identity, hostname string) (*models.AccountRepo, error) {
168
178
//logger := r.Logger.With("host", hostname, "did", evt.Did, "rev", evt.Rev)
179
+
180
+
if len(evt.Blocks) > MaxMessageBlocksBytes {
181
+
return nil, fmt.Errorf("blocks size (%d bytes) exeeds protocol limit", len(evt.Blocks))
182
+
}
169
183
170
184
// even in lenient/legacy mode (eg, tooBig), we need to verify commit
171
185
commit, commitCID, err := repo.LoadCommitFromCAR(ctx, bytes.NewReader(evt.Blocks))