From eb2f07c10526e1de5ceacdd20d9a4acfc0f90c17 Mon Sep 17 00:00:00 2001 From: Brian Cao Date: Thu, 29 Dec 2022 14:51:51 -0800 Subject: [PATCH] Event Data maximum size. --- pages/api/collect.ts | 5 +++++ pages/api/websites/[id]/events.ts | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/pages/api/collect.ts b/pages/api/collect.ts index ab817ef1..68c4afb2 100644 --- a/pages/api/collect.ts +++ b/pages/api/collect.ts @@ -39,6 +39,11 @@ export default async (req: NextApiRequestCollect, res: NextApiResponse) => { return badRequest(res, 'Event Data must be in the form of a JSON Object.'); } + // Validate eventData is less than 100kB + if (eventData && new TextEncoder().encode(eventData).length / 1024 > 100) { + return badRequest(res, 'Event Data exceeds maximum size of 100 kB.'); + } + const ignoreIps = process.env.IGNORE_IP; const ignoreHostnames = process.env.IGNORE_HOSTNAME; diff --git a/pages/api/websites/[id]/events.ts b/pages/api/websites/[id]/events.ts index 918a9542..12473da0 100644 --- a/pages/api/websites/[id]/events.ts +++ b/pages/api/websites/[id]/events.ts @@ -13,7 +13,7 @@ export interface WebsiteEventsRequestQuery { startAt: string; endAt: string; unit: string; - tz: string; + timezone: string; url: string; eventName: string; } @@ -25,14 +25,14 @@ export default async ( await useCors(req, res); await useAuth(req, res); - const { id: websiteId, startAt, endAt, unit, tz, url, eventName } = req.query; + const { id: websiteId, startAt, endAt, unit, timezone, url, eventName } = req.query; if (req.method === 'GET') { if (!(await canViewWebsite(req.auth, websiteId))) { return unauthorized(res); } - if (!moment.tz.zone(tz) || !unitTypes.includes(unit)) { + if (!moment.tz.zone(timezone) || !unitTypes.includes(unit)) { return badRequest(res); } const startDate = new Date(+startAt); @@ -41,7 +41,7 @@ export default async ( const events = await getEventMetrics(websiteId, { startDate, endDate, - timezone: tz, + timezone, unit, filters: { url,