add indx uid format guard on create ops

This commit is contained in:
mpostma 2021-02-24 11:00:15 +01:00
parent 402203aa2a
commit 3987d17e40
No known key found for this signature in database
GPG Key ID: CBC8A7C1D7A28C3A
2 changed files with 19 additions and 3 deletions

View File

@ -8,6 +8,7 @@ use std::ops::Deref;
use std::sync::Arc; use std::sync::Arc;
use sha2::Digest; use sha2::Digest;
use anyhow::bail;
use crate::index_controller::{IndexController, LocalIndexController, IndexMetadata, Settings, IndexSettings}; use crate::index_controller::{IndexController, LocalIndexController, IndexMetadata, Settings, IndexSettings};
use crate::option::Opt; use crate::option::Opt;
@ -126,6 +127,9 @@ impl Data {
} }
pub fn create_index(&self, name: impl AsRef<str>, primary_key: Option<impl AsRef<str>>) -> anyhow::Result<IndexMetadata> { pub fn create_index(&self, name: impl AsRef<str>, primary_key: Option<impl AsRef<str>>) -> anyhow::Result<IndexMetadata> {
if !is_index_uid_valid(name.as_ref()) {
bail!("invalid index uid: {:?}", name.as_ref())
}
let settings = IndexSettings { let settings = IndexSettings {
name: Some(name.as_ref().to_string()), name: Some(name.as_ref().to_string()),
primary_key: primary_key.map(|s| s.as_ref().to_string()), primary_key: primary_key.map(|s| s.as_ref().to_string()),
@ -145,3 +149,8 @@ impl Data {
&self.api_keys &self.api_keys
} }
} }
fn is_index_uid_valid(uid: &str) -> bool {
uid.chars().all(|x| x.is_ascii_alphanumeric() || x == '-' || x == '_')
}

View File

@ -1,13 +1,13 @@
use std::ops::Deref; use std::ops::Deref;
use anyhow::bail;
use async_compression::tokio_02::write::GzipEncoder; use async_compression::tokio_02::write::GzipEncoder;
use futures_util::stream::StreamExt; use futures_util::stream::StreamExt;
use milli::update::{IndexDocumentsMethod, UpdateFormat}; use milli::update::{IndexDocumentsMethod, UpdateFormat};
use tokio::io::AsyncWriteExt; use tokio::io::AsyncWriteExt;
use crate::index_controller::UpdateStatus; use super::{Data, is_index_uid_valid};
use crate::index_controller::{IndexController, Settings, IndexSettings, IndexMetadata}; use crate::index_controller::{UpdateStatus, IndexController, Settings, IndexSettings, IndexMetadata};
use super::Data;
impl Data { impl Data {
pub async fn add_documents<B, E>( pub async fn add_documents<B, E>(
@ -22,6 +22,10 @@ impl Data {
B: Deref<Target = [u8]>, B: Deref<Target = [u8]>,
E: std::error::Error + Send + Sync + 'static, E: std::error::Error + Send + Sync + 'static,
{ {
if !is_index_uid_valid(index.as_ref()) {
bail!("invalid index uid: {:?}", index.as_ref())
}
let file = tokio::task::spawn_blocking(tempfile::tempfile).await?; let file = tokio::task::spawn_blocking(tempfile::tempfile).await?;
let file = tokio::fs::File::from_std(file?); let file = tokio::fs::File::from_std(file?);
let mut encoder = GzipEncoder::new(file); let mut encoder = GzipEncoder::new(file);
@ -57,6 +61,9 @@ impl Data {
index: impl AsRef<str> + Send + Sync + 'static, index: impl AsRef<str> + Send + Sync + 'static,
settings: Settings settings: Settings
) -> anyhow::Result<UpdateStatus> { ) -> anyhow::Result<UpdateStatus> {
if !is_index_uid_valid(index.as_ref()) {
bail!("invalid index uid: {:?}", index.as_ref())
}
let index_controller = self.index_controller.clone(); let index_controller = self.index_controller.clone();
let update = tokio::task::spawn_blocking(move || index_controller.update_settings(index, settings)).await??; let update = tokio::task::spawn_blocking(move || index_controller.update_settings(index, settings)).await??;
Ok(update.into()) Ok(update.into())