Skip to content

Commit ebea5ba

Browse files
EmyrkEmyrk
committed
chore: implement sane default pagination limit for audit logs
1 parent d5d8b91 commit ebea5ba

File tree

5 files changed

+45
-37
lines changed

5 files changed

+45
-37
lines changed

coderd/audit.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,8 +52,8 @@ func (api *API) auditLogs(rw http.ResponseWriter, r *http.Request) {
5252
})
5353
return
5454
}
55-
filter.Offset = int32(page.Offset)
56-
filter.Limit = int32(page.Limit)
55+
filter.OffsetOpt = int32(page.Offset)
56+
filter.LimitOpt = int32(page.Limit)
5757

5858
if filter.Username == "me" {
5959
filter.UserID = apiKey.UserID

coderd/audit_test.go

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -293,9 +293,6 @@ func TestAuditLogsFilter(t *testing.T) {
293293
t.Parallel()
294294
auditLogs, err := client.AuditLogs(ctx, codersdk.AuditLogsRequest{
295295
SearchQuery: testCase.SearchQuery,
296-
Pagination: codersdk.Pagination{
297-
Limit: 25,
298-
},
299296
})
300297
if testCase.ExpectedError {
301298
require.Error(t, err, "expected error")

coderd/database/dbmem/dbmem.go

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1920,12 +1920,17 @@ func (q *FakeQuerier) GetAuditLogsOffset(_ context.Context, arg database.GetAudi
19201920
q.mutex.RLock()
19211921
defer q.mutex.RUnlock()
19221922

1923-
logs := make([]database.GetAuditLogsOffsetRow, 0, arg.Limit)
1923+
if arg.LimitOpt == 0 {
1924+
// Default to 100 is set in the SQL query.
1925+
arg.LimitOpt = 100
1926+
}
1927+
1928+
logs := make([]database.GetAuditLogsOffsetRow, 0, arg.LimitOpt)
19241929

19251930
// q.auditLogs are already sorted by time DESC, so no need to sort after the fact.
19261931
for _, alog := range q.auditLogs {
1927-
if arg.Offset > 0 {
1928-
arg.Offset--
1932+
if arg.OffsetOpt > 0 {
1933+
arg.OffsetOpt--
19291934
continue
19301935
}
19311936
if arg.Action != "" && !strings.Contains(string(alog.Action), arg.Action) {
@@ -1999,7 +2004,7 @@ func (q *FakeQuerier) GetAuditLogsOffset(_ context.Context, arg database.GetAudi
19992004
Count: 0,
20002005
})
20012006

2002-
if len(logs) >= int(arg.Limit) {
2007+
if len(logs) >= int(arg.LimitOpt) {
20032008
break
20042009
}
20052010
}

coderd/database/queries.sql.go

Lines changed: 29 additions & 26 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/auditlogs.sql

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -110,9 +110,12 @@ WHERE
110110
ORDER BY
111111
"time" DESC
112112
LIMIT
113-
$1
113+
-- a limit of 0 means "no limit". The audit log table is unbounded
114+
-- in size, and is expected to be quite large. Implement a default
115+
-- limit of 100 to prevent accidental excessively large queries.
116+
COALESCE(NULLIF(@limit_opt :: int, 0), 100)
114117
OFFSET
115-
$2;
118+
@offset_opt;
116119

117120
-- name: InsertAuditLog :one
118121
INSERT INTO

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy