From 873740c5ad000f280c21186a1118bd46271d1084 Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Tue, 2 Jul 2019 21:50:22 -0500 Subject: [PATCH] reject large requests --- onionr/api.py | 1 + onionr/httpapi/miscpublicapi/endpoints.py | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/onionr/api.py b/onionr/api.py index 18036263..51f103f3 100755 --- a/onionr/api.py +++ b/onionr/api.py @@ -39,6 +39,7 @@ class PublicAPI: def __init__(self, clientAPI): assert isinstance(clientAPI, API) app = flask.Flask('PublicAPI') + app.config['MAX_CONTENT_LENGTH'] = 5 * 1024 * 1024 self.i2pEnabled = config.get('i2p.host', False) self.hideBlocks = [] # Blocks to be denied sharing self.host = apiutils.setbindip.set_bind_IP(clientAPI._core.publicApiHostFile, clientAPI._core) diff --git a/onionr/httpapi/miscpublicapi/endpoints.py b/onionr/httpapi/miscpublicapi/endpoints.py index 393a00da..d76b2949 100644 --- a/onionr/httpapi/miscpublicapi/endpoints.py +++ b/onionr/httpapi/miscpublicapi/endpoints.py @@ -26,6 +26,7 @@ class PublicEndpoints: public_endpoints_bp = Blueprint('publicendpoints', __name__) self.public_endpoints_bp = public_endpoints_bp + @public_endpoints_bp.route('/') def banner(): # Display a bit of information to people who visit a node address in their browser @@ -38,11 +39,12 @@ class PublicEndpoints: @public_endpoints_bp.route('/getblocklist') def get_block_list(): + '''Get a list of blocks, optionally filtered by epoch time stamp, excluding those hidden''' return getblocks.get_public_block_list(client_API, public_api, request) @public_endpoints_bp.route('/getdata/') def get_block_data(name): - # Share data for a block if we have it + # Share data for a block if we have it and it isn't hidden return getblocks.get_block_data(client_API, public_api, name) @public_endpoints_bp.route('/www/')