summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Gleason <alex@alexgleason.me>2021-12-12 22:50:07 -0600
committerAlex Gleason <alex@alexgleason.me>2021-12-12 22:50:07 -0600
commit108dfd1f87087e9bb61bffa310ddb67a58d5336a (patch)
treee16b7f853da6fb66e9d9012e2aa3c16d01e2811a
parent0b2119d4a791b3623b304b0bab683609d23271d4 (diff)
Search: limit number of resultsfix-search-dos
-rw-r--r--lib/pleroma/web/mastodon_api/controllers/search_controller.ex4
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/pleroma/web/mastodon_api/controllers/search_controller.ex b/lib/pleroma/web/mastodon_api/controllers/search_controller.ex
index 64b177eb3..1459fc492 100644
--- a/lib/pleroma/web/mastodon_api/controllers/search_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/search_controller.ex
@@ -17,6 +17,8 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
require Logger
+ @search_limit 40
+
plug(Pleroma.Web.ApiSpec.CastAndValidate)
# Note: Mastodon doesn't allow unauthenticated access (requires read:accounts / read:search)
@@ -77,7 +79,7 @@ defmodule Pleroma.Web.MastodonAPI.SearchController do
[
resolve: params[:resolve],
following: params[:following],
- limit: params[:limit],
+ limit: min(params[:limit], @search_limit),
offset: params[:offset],
type: params[:type],
author: get_author(params),