From 64256351d86773b97aec4688853a6cc7feb040d4 Mon Sep 17 00:00:00 2001 From: snipe Date: Sun, 16 Apr 2023 08:46:39 -0700 Subject: [PATCH] Used a singleton to filter API limit value Signed-off-by: snipe --- .../Controllers/Api/AccessoriesController.php | 2 +- .../Api/AssetMaintenancesController.php | 2 +- .../Controllers/Api/AssetModelsController.php | 2 +- app/Http/Controllers/Api/AssetsController.php | 2 +- .../Controllers/Api/CategoriesController.php | 2 +- .../Controllers/Api/CompaniesController.php | 2 +- .../Controllers/Api/ComponentsController.php | 2 +- .../Controllers/Api/ConsumablesController.php | 3 +-- .../Controllers/Api/DepartmentsController.php | 3 +-- .../Controllers/Api/DepreciationsController.php | 3 +-- app/Http/Controllers/Api/GroupsController.php | 2 +- .../Controllers/Api/LicenseSeatsController.php | 2 +- app/Http/Controllers/Api/LicensesController.php | 2 +- .../Controllers/Api/LocationsController.php | 11 +---------- .../Controllers/Api/ManufacturersController.php | 2 +- .../Api/PredefinedKitsController.php | 2 +- app/Http/Controllers/Api/ReportsController.php | 3 +-- .../Controllers/Api/StatuslabelsController.php | 2 +- .../Controllers/Api/SuppliersController.php | 3 +-- app/Http/Controllers/Api/UsersController.php | 3 +-- app/Providers/SettingsServiceProvider.php | 17 +++++++++++++++++ 21 files changed, 37 insertions(+), 35 deletions(-) diff --git a/app/Http/Controllers/Api/AccessoriesController.php b/app/Http/Controllers/Api/AccessoriesController.php index 2ca8fcd9e8..91a6c5596b 100644 --- a/app/Http/Controllers/Api/AccessoriesController.php +++ b/app/Http/Controllers/Api/AccessoriesController.php @@ -82,7 +82,7 @@ class AccessoriesController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $accessories->count()) ? $accessories->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; $sort_override = $request->input('sort'); diff --git a/app/Http/Controllers/Api/AssetMaintenancesController.php b/app/Http/Controllers/Api/AssetMaintenancesController.php index 3896d26d8d..7e8ecdb114 100644 --- a/app/Http/Controllers/Api/AssetMaintenancesController.php +++ b/app/Http/Controllers/Api/AssetMaintenancesController.php @@ -57,7 +57,7 @@ class AssetMaintenancesController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $maintenances->count()) ? $maintenances->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $allowed_columns = [ 'id', diff --git a/app/Http/Controllers/Api/AssetModelsController.php b/app/Http/Controllers/Api/AssetModelsController.php index 39e7b3d13e..a9ef48adc0 100644 --- a/app/Http/Controllers/Api/AssetModelsController.php +++ b/app/Http/Controllers/Api/AssetModelsController.php @@ -80,7 +80,7 @@ class AssetModelsController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $assetmodels->count()) ? $assetmodels->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'models.created_at'; diff --git a/app/Http/Controllers/Api/AssetsController.php b/app/Http/Controllers/Api/AssetsController.php index 2754902944..343593a038 100644 --- a/app/Http/Controllers/Api/AssetsController.php +++ b/app/Http/Controllers/Api/AssetsController.php @@ -201,7 +201,7 @@ class AssetsController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $assets->count()) ? $assets->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; diff --git a/app/Http/Controllers/Api/CategoriesController.php b/app/Http/Controllers/Api/CategoriesController.php index d00138ee3c..2781fa101f 100644 --- a/app/Http/Controllers/Api/CategoriesController.php +++ b/app/Http/Controllers/Api/CategoriesController.php @@ -93,7 +93,7 @@ class CategoriesController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $categories->count()) ? $categories->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'assets_count'; diff --git a/app/Http/Controllers/Api/CompaniesController.php b/app/Http/Controllers/Api/CompaniesController.php index efb4450291..d6c8f6e76e 100644 --- a/app/Http/Controllers/Api/CompaniesController.php +++ b/app/Http/Controllers/Api/CompaniesController.php @@ -50,7 +50,7 @@ class CompaniesController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $companies->count()) ? $companies->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; diff --git a/app/Http/Controllers/Api/ComponentsController.php b/app/Http/Controllers/Api/ComponentsController.php index 9306cefb86..24eb1044b8 100644 --- a/app/Http/Controllers/Api/ComponentsController.php +++ b/app/Http/Controllers/Api/ComponentsController.php @@ -78,7 +78,7 @@ class ComponentsController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $components->count()) ? $components->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; $sort_override = $request->input('sort'); diff --git a/app/Http/Controllers/Api/ConsumablesController.php b/app/Http/Controllers/Api/ConsumablesController.php index 927c9d29f7..bac9440dca 100644 --- a/app/Http/Controllers/Api/ConsumablesController.php +++ b/app/Http/Controllers/Api/ConsumablesController.php @@ -90,8 +90,7 @@ class ConsumablesController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $consumables->count()) ? $consumables->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); - + $limit = app('api_limit_value'); $allowed_columns = ['id', 'name', 'order_number', 'min_amt', 'purchase_date', 'purchase_cost', 'company', 'category', 'model_number', 'item_no', 'manufacturer', 'location', 'qty', 'image']; $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; diff --git a/app/Http/Controllers/Api/DepartmentsController.php b/app/Http/Controllers/Api/DepartmentsController.php index e804aa42c4..cab3991baa 100644 --- a/app/Http/Controllers/Api/DepartmentsController.php +++ b/app/Http/Controllers/Api/DepartmentsController.php @@ -60,8 +60,7 @@ class DepartmentsController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $departments->count()) ? $departments->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); - + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at'; diff --git a/app/Http/Controllers/Api/DepreciationsController.php b/app/Http/Controllers/Api/DepreciationsController.php index 90bf26ac42..3d86c1b096 100644 --- a/app/Http/Controllers/Api/DepreciationsController.php +++ b/app/Http/Controllers/Api/DepreciationsController.php @@ -30,8 +30,7 @@ class DepreciationsController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $depreciations->count()) ? $depreciations->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); - + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at'; diff --git a/app/Http/Controllers/Api/GroupsController.php b/app/Http/Controllers/Api/GroupsController.php index 4a00a78c77..7cc5d2d756 100644 --- a/app/Http/Controllers/Api/GroupsController.php +++ b/app/Http/Controllers/Api/GroupsController.php @@ -37,7 +37,7 @@ class GroupsController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $groups->count()) ? $groups->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at'; diff --git a/app/Http/Controllers/Api/LicenseSeatsController.php b/app/Http/Controllers/Api/LicenseSeatsController.php index 0afc643377..884c9c59c4 100644 --- a/app/Http/Controllers/Api/LicenseSeatsController.php +++ b/app/Http/Controllers/Api/LicenseSeatsController.php @@ -42,7 +42,7 @@ class LicenseSeatsController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $seats->count()) ? $seats->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $seats = $seats->skip($offset)->take($limit)->get(); diff --git a/app/Http/Controllers/Api/LicensesController.php b/app/Http/Controllers/Api/LicensesController.php index 9320aa27b2..df74b60895 100644 --- a/app/Http/Controllers/Api/LicensesController.php +++ b/app/Http/Controllers/Api/LicensesController.php @@ -96,7 +96,7 @@ class LicensesController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $licenses->count()) ? $licenses->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; diff --git a/app/Http/Controllers/Api/LocationsController.php b/app/Http/Controllers/Api/LocationsController.php index 14e97a9848..4b1feee117 100644 --- a/app/Http/Controllers/Api/LocationsController.php +++ b/app/Http/Controllers/Api/LocationsController.php @@ -80,20 +80,11 @@ class LocationsController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $locations->count()) ? $locations->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at'; - \Log::debug('Max in env: '.config('app.max_results')); - \Log::debug('Original requested offset: '.$request->input('offset')); - \Log::debug('Intval offset: '.intval($request->input('offset'))); - \Log::debug('Modified offset: '.$offset); - \Log::debug('Original requested limit: '.$request->input('limit')); - \Log::debug('Intval limit: '.intval($request->input('limit'))); - \Log::debug('Modified limit: '.$limit); - \Log::debug('Total results: '.$locations->count()); - \Log::debug('------------------------------'); switch ($request->input('sort')) { diff --git a/app/Http/Controllers/Api/ManufacturersController.php b/app/Http/Controllers/Api/ManufacturersController.php index f0a02484ed..f3183238bf 100644 --- a/app/Http/Controllers/Api/ManufacturersController.php +++ b/app/Http/Controllers/Api/ManufacturersController.php @@ -59,7 +59,7 @@ class ManufacturersController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $manufacturers->count()) ? $manufacturers->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at'; diff --git a/app/Http/Controllers/Api/PredefinedKitsController.php b/app/Http/Controllers/Api/PredefinedKitsController.php index fc55de4d69..85d05c422e 100644 --- a/app/Http/Controllers/Api/PredefinedKitsController.php +++ b/app/Http/Controllers/Api/PredefinedKitsController.php @@ -31,7 +31,7 @@ class PredefinedKitsController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $kits->count()) ? $kits->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $order = $request->input('order') === 'desc' ? 'desc' : 'asc'; $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'name'; diff --git a/app/Http/Controllers/Api/ReportsController.php b/app/Http/Controllers/Api/ReportsController.php index 18772b55ea..21294c5779 100644 --- a/app/Http/Controllers/Api/ReportsController.php +++ b/app/Http/Controllers/Api/ReportsController.php @@ -57,8 +57,7 @@ class ReportsController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $actionlogs->count()) ? $actionlogs->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); - + $limit = app('api_limit_value'); $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at'; $order = ($request->input('order') == 'asc') ? 'asc' : 'desc'; diff --git a/app/Http/Controllers/Api/StatuslabelsController.php b/app/Http/Controllers/Api/StatuslabelsController.php index d37204ac9d..a9e44d91b4 100644 --- a/app/Http/Controllers/Api/StatuslabelsController.php +++ b/app/Http/Controllers/Api/StatuslabelsController.php @@ -52,7 +52,7 @@ class StatuslabelsController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $statuslabels->count()) ? $statuslabels->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at'; diff --git a/app/Http/Controllers/Api/SuppliersController.php b/app/Http/Controllers/Api/SuppliersController.php index a342e55837..a26c33b1f8 100644 --- a/app/Http/Controllers/Api/SuppliersController.php +++ b/app/Http/Controllers/Api/SuppliersController.php @@ -95,8 +95,7 @@ class SuppliersController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $suppliers->count()) ? $suppliers->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); - + $limit = app('api_limit_value'); $order = $request->input('order') === 'asc' ? 'asc' : 'desc'; $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at'; diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index 060858128b..7c63bb925c 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -195,8 +195,7 @@ class UsersController extends Controller // Make sure the offset and limit are actually integers and do not exceed system limits $offset = ($request->input('offset') > $users->count()) ? $users->count() : abs($request->input('offset')); - $limit = (abs($request->input('limit')) > config('app.max_results')) ? config('app.max_results') : abs($request->input('limit')); - + $limit = app('api_limit_value'); switch ($request->input('sort')) { diff --git a/app/Providers/SettingsServiceProvider.php b/app/Providers/SettingsServiceProvider.php index ed5bd48dd2..3f60fd8e6f 100644 --- a/app/Providers/SettingsServiceProvider.php +++ b/app/Providers/SettingsServiceProvider.php @@ -29,6 +29,23 @@ class SettingsServiceProvider extends ServiceProvider $view->with('snipeSettings', Setting::getSettings()); }); + + // Make sure the limit is actually set, is an integer and does not exceed system limits + \App::singleton('api_limit_value', function () { + $limit = config('app.max_results'); + + if ((abs(request('limit')) > 0) && (abs(request('limit')) <= config('app.max_results'))) { + $limit = abs(request('limit')); + } + \Log::debug('Max in env: '.config('app.max_results')); + \Log::debug('Original requested limit: '.request('limit')); + \Log::debug('Modified limit: '.$limit); + \Log::debug('------------------------------'); + + return $limit; + }); + + /** * Set some common variables so that they're globally available. * The paths should always be public (versus private uploads)