Skip to content

Commit 95185e7

Browse files
EmyrkEmyrk
committed
chore: implement sane default pagination limit for audit logs
1 parent 30c4b4d commit 95185e7

File tree

5 files changed

+45
-17
lines changed

5 files changed

+45
-17
lines changed

coderd/audit.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,8 +53,8 @@ func (api *API) auditLogs(rw http.ResponseWriter, r *http.Request) {
5353
})
5454
return
5555
}
56-
filter.Offset = int32(page.Offset)
57-
filter.Limit = int32(page.Limit)
56+
filter.OffsetOpt = int32(page.Offset)
57+
filter.LimitOpt = int32(page.Limit)
5858

5959
if filter.Username == "me" {
6060
filter.UserID = apiKey.UserID

coderd/audit_test.go

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -343,9 +343,6 @@ func TestAuditLogsFilter(t *testing.T) {
343343
t.Parallel()
344344
auditLogs, err := client.AuditLogs(ctx, codersdk.AuditLogsRequest{
345345
SearchQuery: testCase.SearchQuery,
346-
Pagination: codersdk.Pagination{
347-
Limit: 25,
348-
},
349346
})
350347
if testCase.ExpectedError {
351348
require.Error(t, err, "expected error")

coderd/database/dbmem/dbmem.go

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1920,12 +1920,17 @@ func (q *FakeQuerier) GetAuditLogsOffset(_ context.Context, arg database.GetAudi
19201920
q.mutex.RLock()
19211921
defer q.mutex.RUnlock()
19221922

1923-
logs := make([]database.GetAuditLogsOffsetRow, 0, arg.Limit)
1923+
if arg.LimitOpt == 0 {
1924+
// Default to 100 is set in the SQL query.
1925+
arg.LimitOpt = 100
1926+
}
1927+
1928+
logs := make([]database.GetAuditLogsOffsetRow, 0, arg.LimitOpt)
19241929

19251930
// q.auditLogs are already sorted by time DESC, so no need to sort after the fact.
19261931
for _, alog := range q.auditLogs {
1927-
if arg.Offset > 0 {
1928-
arg.Offset--
1932+
if arg.OffsetOpt > 0 {
1933+
arg.OffsetOpt--
19291934
continue
19301935
}
19311936
if arg.OrganizationID != uuid.Nil && arg.OrganizationID != alog.OrganizationID {
@@ -2002,7 +2007,7 @@ func (q *FakeQuerier) GetAuditLogsOffset(_ context.Context, arg database.GetAudi
20022007
Count: 0,
20032008
})
20042009

2005-
if len(logs) >= int(arg.Limit) {
2010+
if len(logs) >= int(arg.LimitOpt) {
20062011
break
20072012
}
20082013
}

coderd/database/queries.sql.go

Lines changed: 29 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/auditlogs.sql

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -116,9 +116,12 @@ WHERE
116116
ORDER BY
117117
"time" DESC
118118
LIMIT
119-
$1
119+
-- a limit of 0 means "no limit". The audit log table is unbounded
120+
-- in size, and is expected to be quite large. Implement a default
121+
-- limit of 100 to prevent accidental excessively large queries.
122+
COALESCE(NULLIF(@limit_opt :: int, 0), 100)
120123
OFFSET
121-
$2;
124+
@offset_opt;
122125

123126
-- name: InsertAuditLog :one
124127
INSERT INTO

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy