Validate job size

m10-payments · May 2, 2016 · 772cc18 · 772cc18
1 parent e668856
commit 772cc18
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 2 deletions.
diff --git a/dkron/api.go b/dkron/api.go
@@ -2,6 +2,7 @@ package dkron
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -13,9 +14,14 @@ import (
 	"github.com/carbocation/interpose"
 	"github.com/docker/libkv/store"
 	"github.com/gorilla/mux"
+	"github.com/hashicorp/serf/serf"
 	"github.com/imdario/mergo"
 )
 
+var (
+	ErrOversizedJob = errors.New(fmt.Sprintf("Due to serf limitations in message size, the job has a maximum size of %d", serf.UserEventSizeLimit))
+)
+
 func (a *AgentCommand) ServeHTTP() {
 	r := mux.NewRouter().StrictSlash(true)
 
@@ -152,6 +158,14 @@ func (a *AgentCommand) jobCreateOrUpdateHandler(w http.ResponseWriter, r *http.R
 		log.Fatal(err)
 	}
 
+	if len(body) >= serf.UserEventSizeLimit {
+		w.WriteHeader(422) // unprocessable entity
+		if err := json.NewEncoder(w).Encode(ErrOversizedJob.Error()); err != nil {
+			log.Fatal(err)
+		}
+		return
+	}
+
 	if err := json.Unmarshal(body, &job); err != nil {
 		w.WriteHeader(422) // unprocessable entity
 		if err := json.NewEncoder(w).Encode(err); err != nil {

diff --git a/dkron/api_test.go b/dkron/api_test.go
@@ -2,8 +2,11 @@ package dkron
 
 import (
 	"bytes"
+	"encoding/base64"
 	"encoding/json"
+	"fmt"
 	"io/ioutil"
+	"math/rand"
 	"net/http"
 	"testing"
 	"time"
@@ -52,7 +55,7 @@ func TestAPIJobCreateUpdate(t *testing.T) {
 	}
 	body, _ := ioutil.ReadAll(resp.Body)
 	resp.Body.Close()
-	assert.Equal(t, resp.StatusCode, http.StatusOK)
+	assert.Equal(t, http.StatusOK, resp.StatusCode)
 
 	var origJob Job
 	if err := json.Unmarshal(body, &origJob); err != nil {
@@ -66,7 +69,7 @@ func TestAPIJobCreateUpdate(t *testing.T) {
 	}
 	defer resp.Body.Close()
 	body, _ = ioutil.ReadAll(resp.Body)
-	assert.Equal(t, resp.StatusCode, http.StatusOK)
+	assert.Equal(t, http.StatusOK, resp.StatusCode)
 
 	var overwriteJob Job
 	if err := json.Unmarshal(body, &overwriteJob); err != nil {
@@ -81,3 +84,27 @@ func TestAPIJobCreateUpdate(t *testing.T) {
 	// Send a shutdown request
 	shutdownCh <- struct{}{}
 }
+
+func TestAPIJobCreateUpdateLength(t *testing.T) {
+	shutdownCh, _ := setupAPITest(t)
+
+	rb := make([]byte, 1024)
+	rand.Read(rb)
+	rs := base64.URLEncoding.EncodeToString(rb)
+
+	jsonStr := []byte(fmt.Sprintf("{\"name\": \"test_job\", \"command\": \"%s\"}", rs))
+
+	resp, err := http.Post("http://localhost:8090/v1/jobs", "encoding/json", bytes.NewBuffer(jsonStr))
+	if err != nil {
+		t.Fatal(err)
+	}
+	body, _ := ioutil.ReadAll(resp.Body)
+	resp.Body.Close()
+
+	assert.Equal(t, 422, resp.StatusCode)
+	errJson, err := json.Marshal(ErrOversizedJob.Error())
+	assert.Equal(t, string(errJson)+"\n", string(body))
+
+	// Send a shutdown request
+	shutdownCh <- struct{}{}
+}