snowykami/meilisearch
1
0
Fork 0
mirror of https://github.com/meilisearch/meilisearch.git synced 2024-11-27 04:25:06 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Make the compute_document_id validate the id

Browse Source
This commit is contained in:
Kerollmops 2020-05-18 15:18:23 +02:00
parent 2828b5fa19
commit d300d788c7
No known key found for this signature in database
GPG Key ID: 92ADA4E935E71FA4
3 changed files with 17 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
meilisearch-core/src/update/helpers.rs
View File

@ -88,17 +88,16 @@ pub fn value_to_number(value: &Value) -> Option<Number> {
} }
} }
/// Compute the hash of the given type, this is the way we produce documents ids. /// Validates a string representation to be a correct document id and
pub fn compute_document_id<H: Hash>(t: H) -> DocumentId { /// returns the hash of the given type, this is the way we produce documents ids.
let mut s = SipHasher::new(); pub fn compute_document_id(string: &str) -> Result<DocumentId, SerializerError> {
t.hash(&mut s); if string.chars().all(|x| x.is_ascii_alphanumeric() || x == '-' || x == '_') {
let hash = s.finish(); let mut s = SipHasher::new();
DocumentId(hash) string.hash(&mut s);
} Ok(DocumentId(s.finish()))
} else {
/// Validates a string representation to be a correct document id. Err(SerializerError::InvalidDocumentIdFormat)
pub fn validate_document_id(string: &str) -> bool { }
string.chars().all(|x| x.is_ascii_alphanumeric() || x == '-' || x == '_')
} }
/// Extracts and validates the document id of a document. /// Extracts and validates the document id of a document.
@ -110,12 +109,7 @@ pub fn extract_document_id(primary_key: &str, document: &IndexMap<String, Value>
Value::String(string) => string.clone(), Value::String(string) => string.clone(),
_ => return Err(SerializerError::InvalidDocumentIdFormat), _ => return Err(SerializerError::InvalidDocumentIdFormat),
}; };
compute_document_id(&string)
if validate_document_id(&string) {
Ok(compute_document_id(string))
} else {
Err(SerializerError::InvalidDocumentIdFormat)
}
} }
None => Err(SerializerError::DocumentIdNotFound), None => Err(SerializerError::DocumentIdNotFound),
} }

2
meilisearch-core/src/update/mod.rs
View File

@ -9,7 +9,7 @@ pub use self::clear_all::{apply_clear_all, push_clear_all};
pub use self::customs_update::{apply_customs_update, push_customs_update}; pub use self::customs_update::{apply_customs_update, push_customs_update};
pub use self::documents_addition::{apply_documents_addition, apply_documents_partial_addition, DocumentsAddition}; pub use self::documents_addition::{apply_documents_addition, apply_documents_partial_addition, DocumentsAddition};
pub use self::documents_deletion::{apply_documents_deletion, DocumentsDeletion}; pub use self::documents_deletion::{apply_documents_deletion, DocumentsDeletion};
pub use self::helpers::{index_value, value_to_string, value_to_number, compute_document_id, extract_document_id, validate_document_id}; pub use self::helpers::{index_value, value_to_string, value_to_number, compute_document_id, extract_document_id};
pub use self::settings_update::{apply_settings_update, push_settings_update}; pub use self::settings_update::{apply_settings_update, push_settings_update};
use std::cmp; use std::cmp;

23
meilisearch-http/src/routes/document.rs
View File

@ -3,12 +3,10 @@ use std::collections::{BTreeSet, HashSet};
use actix_web::{web, HttpResponse}; use actix_web::{web, HttpResponse};
use actix_web_macros::{delete, get, post, put}; use actix_web_macros::{delete, get, post, put};
use indexmap::IndexMap; use indexmap::IndexMap;
use meilisearch_core::{update, Error};
use serde::Deserialize; use serde::Deserialize;
use serde_json::Value; use serde_json::Value;
use meilisearch_core::{Error, serde::SerializerError};
use meilisearch_core::update;
use crate::error::ResponseError; use crate::error::ResponseError;
use crate::helpers::Authentication; use crate::helpers::Authentication;
use crate::routes::{IndexParam, IndexUpdateResponse}; use crate::routes::{IndexParam, IndexUpdateResponse};
@ -45,11 +43,7 @@ async fn get_document(
.open_index(&path.index_uid) .open_index(&path.index_uid)
.ok_or(ResponseError::index_not_found(&path.index_uid))?; .ok_or(ResponseError::index_not_found(&path.index_uid))?;
if !update::validate_document_id(&path.document_id) { let document_id = update::compute_document_id(&path.document_id).map_err(Error::Serializer)?;
return Err(Error::Serializer(SerializerError::InvalidDocumentIdFormat).into())
}
let document_id = update::compute_document_id(&path.document_id);
let reader = data.db.main_read_txn()?; let reader = data.db.main_read_txn()?;
let response: Document = index let response: Document = index
@ -72,11 +66,7 @@ async fn delete_document(
.open_index(&path.index_uid) .open_index(&path.index_uid)
.ok_or(ResponseError::index_not_found(&path.index_uid))?; .ok_or(ResponseError::index_not_found(&path.index_uid))?;
if !update::validate_document_id(&path.document_id) { let document_id = update::compute_document_id(&path.document_id).map_err(Error::Serializer)?;
return Err(Error::Serializer(SerializerError::InvalidDocumentIdFormat).into())
}
let document_id = update::compute_document_id(&path.document_id);
let mut update_writer = data.db.update_write_txn()?; let mut update_writer = data.db.update_write_txn()?;
@ -248,11 +238,8 @@ async fn delete_documents(
let mut documents_deletion = index.documents_deletion(); let mut documents_deletion = index.documents_deletion();
for document_id in body.into_inner() { for document_id in body.into_inner() {
let document_id_string = update::value_to_string(&document_id); let document_id = update::value_to_string(&document_id);
if !update::validate_document_id(&document_id_string) { let document_id = update::compute_document_id(&document_id).map_err(Error::Serializer)?;
return Err(Error::Serializer(SerializerError::InvalidDocumentIdFormat).into())
}
let document_id = update::compute_document_id(document_id_string);
documents_deletion.delete_document_by_id(document_id); documents_deletion.delete_document_by_id(document_id);
} }