From f6aac373251a68db89d62e66cf8fb1117480c640 Mon Sep 17 00:00:00 2001 From: colin Date: Sat, 17 Aug 2024 08:37:53 -0700 Subject: Add support for weekend check-request-compliance method --- pastiche.lisp | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/pastiche.lisp b/pastiche.lisp index 1da7e18..90aafdb 100644 --- a/pastiche.lisp +++ b/pastiche.lisp @@ -254,9 +254,12 @@ from make-paste-filename.")) (key :type string :initform (error "key is required")) :documentation "Mixin for endpoint classes that require a known key") - (defmethod http:authorize ((ep has-known-key)) + (defmethod http:authenticate ((ep has-known-key)) (member (key ep) (known-keys*) :test #'equal))) +(def:const +paste-length-limit+ (* 1024 1024) + "Limited to 1mb") + (http:defendpoint create-paste :using has-known-key :post :to "create" "paste" @@ -265,8 +268,9 @@ from make-paste-filename.")) (title string) (content string) :documentation "Create a new paste and return a URL to its content." - :authenticate - (< (length title) +paste-title-limit+) + :authorize + (or (<= (length title) +paste-title-limit+) + (http:err :content "Paste title must be shorter than 80 characters.")) :handle (do> location := (make-paste-filename content title) @@ -286,6 +290,11 @@ from make-paste-filename.")) (fully-qualified-route-to instance))) +(defmethod http:check-request-compliance ((class (eql (find-class 'create-paste)))) + (unless (< (parse-integer (http:get-header :content-length)) + +paste-length-limit+) + (http:err :content (format nil "Paste bodies limited to 1MB")))) + (http:defendpoint new-paste-form :using has-known-key :get :route "" -- cgit v1.2.3