crowetic/qortal
1
0
Fork 0
forked from Qortal/qortal
Code Pull Requests Activity

Restrict API call POST /chat to prevent CPU abuse

Browse Source
This commit is contained in:
catbref 2020-05-04 08:17:05 +01:00
parent 55e99062ca
commit 3ac1b36549
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/org/qortal/api/resource/ChatResource.java
View File

@ -22,6 +22,7 @@ import javax.ws.rs.core.MediaType;
import org.qortal.api.ApiError; import org.qortal.api.ApiError;
import org.qortal.api.ApiErrors; import org.qortal.api.ApiErrors;
import org.qortal.api.ApiExceptionFactory; import org.qortal.api.ApiExceptionFactory;
import org.qortal.api.Security;
import org.qortal.crypto.Crypto; import org.qortal.crypto.Crypto;
import org.qortal.data.transaction.ChatTransactionData; import org.qortal.data.transaction.ChatTransactionData;
import org.qortal.repository.DataException; import org.qortal.repository.DataException;
@ -119,6 +120,8 @@ public class ChatResource {
) )
@ApiErrors({ApiError.TRANSACTION_INVALID, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE}) @ApiErrors({ApiError.TRANSACTION_INVALID, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE})
public String buildChat(ChatTransactionData transactionData) { public String buildChat(ChatTransactionData transactionData) {
Security.checkApiCallAllowed(request);
try (final Repository repository = RepositoryManager.getRepository()) { try (final Repository repository = RepositoryManager.getRepository()) {
ChatTransaction chatTransaction = (ChatTransaction) Transaction.fromData(repository, transactionData); ChatTransaction chatTransaction = (ChatTransaction) Transaction.fromData(repository, transactionData);