From 22b0c0402ead75dc7d2716c38e40011e5e835845 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Fri, 1 Aug 2025 11:49:34 +1200 Subject: [PATCH 01/30] WIP some potential changes to enforce page limits on the API --- .../supplejack_application_controller.rb | 2 +- app/models/supplejack_api/user.rb | 15 ++++++++++----- app/params/supplejack_api/mlt_params.rb | 2 +- app/params/supplejack_api/search_params.rb | 2 +- 4 files changed, 13 insertions(+), 8 deletions(-) diff --git a/app/controllers/supplejack_api/supplejack_application_controller.rb b/app/controllers/supplejack_api/supplejack_application_controller.rb index 9c536ba40..73701fcb7 100644 --- a/app/controllers/supplejack_api/supplejack_application_controller.rb +++ b/app/controllers/supplejack_api/supplejack_application_controller.rb @@ -26,7 +26,7 @@ def authenticate_user! error_message = nil if current_user - if current_user.over_limit? + if current_user.over_limit?(current_user) error_message = if RecordSchema.roles[current_user.role.to_sym].try(:anonymous) I18n.t('users.anonymous_reached_limit') else diff --git a/app/models/supplejack_api/user.rb b/app/models/supplejack_api/user.rb index 930ea8b79..4a3d7004d 100644 --- a/app/models/supplejack_api/user.rb +++ b/app/models/supplejack_api/user.rb @@ -31,10 +31,11 @@ class User # Token authenticatable field :authentication_token, type: String - field :daily_requests, type: Integer, default: 0 - field :monthly_requests, type: Integer, default: 0 - field :max_requests, type: Integer, default: 10_000 - field :role, type: String, default: 'developer' + field :daily_requests, type: Integer, default: 0 + field :monthly_requests, type: Integer, default: 0 + field :max_requests, type: Integer, default: 10_000 + field :anonymous_max_requests, type: Integer, default: 100 + field :role, type: String, default: 'developer' field :daily_activity, type: Hash field :daily_activity_stored, type: Mongoid::Boolean, default: true @@ -122,7 +123,11 @@ def reset_daily_activity self.daily_activity_stored = true end - def over_limit? + def over_limit?(current_user = null) + if (current_user.present? && RecordSchema.roles[current_user.role.to_sym].try(:anonymous)) { + return updated_today? && daily_requests > anonymous_max_requests + } + updated_today? && daily_requests > max_requests end diff --git a/app/params/supplejack_api/mlt_params.rb b/app/params/supplejack_api/mlt_params.rb index 5d0680f30..fc51b3557 100644 --- a/app/params/supplejack_api/mlt_params.rb +++ b/app/params/supplejack_api/mlt_params.rb @@ -16,7 +16,7 @@ class MltParams < BaseParams class_attribute :max_values self.max_values = { - page: 100_000, + page: 10_000, per_page: 100 } diff --git a/app/params/supplejack_api/search_params.rb b/app/params/supplejack_api/search_params.rb index d650d79e0..84480c821 100644 --- a/app/params/supplejack_api/search_params.rb +++ b/app/params/supplejack_api/search_params.rb @@ -27,7 +27,7 @@ class SearchParams < BaseParams class_attribute :max_values self.max_values = { - page: 100_000, + page: 10_000, per_page: 100, facets_per_page: 350, facets_page: 5000 From fa6ffc11c09639a8aba045fb3d100a5207fc3491 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Fri, 1 Aug 2025 14:28:55 +1200 Subject: [PATCH 02/30] remove gem breaking bundle --- Gemfile.lock | 5 +---- supplejack_api.gemspec | 1 - 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 516b4e88d..e8ba2e4d1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -39,7 +39,6 @@ PATH kaminari kaminari-mongoid lazy_high_charts - mimemagic mongoid (>= 7.4.0) mongoid_auto_increment progressbar @@ -285,9 +284,6 @@ GEM logger mime-types-data (~> 3.2015) mime-types-data (3.2024.1001) - mimemagic (0.4.3) - nokogiri (~> 1) - rake mini_mime (1.1.5) minitest (5.25.4) mongo (2.20.0) @@ -507,6 +503,7 @@ GEM PLATFORMS arm64-darwin-22 arm64-darwin-23 + arm64-darwin-24 x86_64-darwin-22 x86_64-darwin-23 x86_64-darwin-24 diff --git a/supplejack_api.gemspec b/supplejack_api.gemspec index a569cf1dc..39a9f32d9 100644 --- a/supplejack_api.gemspec +++ b/supplejack_api.gemspec @@ -28,7 +28,6 @@ Gem::Specification.new do |s| s.add_dependency 'kaminari' s.add_dependency 'kaminari-mongoid' s.add_dependency 'lazy_high_charts' - s.add_dependency 'mimemagic' s.add_dependency 'mongoid', '>= 7.4.0' s.add_dependency 'mongoid_auto_increment' s.add_dependency 'progressbar' From 4d8ccbb168bb68473af0505ee90a016d708c1ee6 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Fri, 1 Aug 2025 14:30:26 +1200 Subject: [PATCH 03/30] rubocop fix --- app/models/supplejack_api/user.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/models/supplejack_api/user.rb b/app/models/supplejack_api/user.rb index 4a3d7004d..d02f783e7 100644 --- a/app/models/supplejack_api/user.rb +++ b/app/models/supplejack_api/user.rb @@ -124,9 +124,9 @@ def reset_daily_activity end def over_limit?(current_user = null) - if (current_user.present? && RecordSchema.roles[current_user.role.to_sym].try(:anonymous)) { + if current_user.present? && RecordSchema.roles[current_user.role.to_sym].try(:anonymous) return updated_today? && daily_requests > anonymous_max_requests - } + end updated_today? && daily_requests > max_requests end From 0beafc54e88bc9cefb2b9e9ff71af3fe23fb2214 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Fri, 1 Aug 2025 14:31:39 +1200 Subject: [PATCH 04/30] update gems --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e8ba2e4d1..e99fb6f48 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -309,11 +309,11 @@ GEM net-protocol netrc (0.11.0) nio4r (2.7.4) - nokogiri (1.18.8-arm64-darwin) + nokogiri (1.18.9-arm64-darwin) racc (~> 1.4) - nokogiri (1.18.8-x86_64-darwin) + nokogiri (1.18.9-x86_64-darwin) racc (~> 1.4) - nokogiri (1.18.8-x86_64-linux-gnu) + nokogiri (1.18.9-x86_64-linux-gnu) racc (~> 1.4) optparse (0.5.0) orm_adapter (0.5.0) @@ -476,7 +476,7 @@ GEM sunspot_test (0.4.2) sunspot_rails (>= 2.1.1) sunspot_solr - thor (1.3.2) + thor (1.4.0) timecop (0.9.10) timeout (0.4.3) tzinfo (2.0.6) From 2dc6fbb6407c1ac6cab546a64580fc23414b4be9 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 08:23:01 +1200 Subject: [PATCH 05/30] revert a few changes --- .../supplejack_application_controller.rb | 2 +- app/models/supplejack_api/user.rb | 15 +++++---------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/app/controllers/supplejack_api/supplejack_application_controller.rb b/app/controllers/supplejack_api/supplejack_application_controller.rb index 73701fcb7..9c536ba40 100644 --- a/app/controllers/supplejack_api/supplejack_application_controller.rb +++ b/app/controllers/supplejack_api/supplejack_application_controller.rb @@ -26,7 +26,7 @@ def authenticate_user! error_message = nil if current_user - if current_user.over_limit?(current_user) + if current_user.over_limit? error_message = if RecordSchema.roles[current_user.role.to_sym].try(:anonymous) I18n.t('users.anonymous_reached_limit') else diff --git a/app/models/supplejack_api/user.rb b/app/models/supplejack_api/user.rb index d02f783e7..930ea8b79 100644 --- a/app/models/supplejack_api/user.rb +++ b/app/models/supplejack_api/user.rb @@ -31,11 +31,10 @@ class User # Token authenticatable field :authentication_token, type: String - field :daily_requests, type: Integer, default: 0 - field :monthly_requests, type: Integer, default: 0 - field :max_requests, type: Integer, default: 10_000 - field :anonymous_max_requests, type: Integer, default: 100 - field :role, type: String, default: 'developer' + field :daily_requests, type: Integer, default: 0 + field :monthly_requests, type: Integer, default: 0 + field :max_requests, type: Integer, default: 10_000 + field :role, type: String, default: 'developer' field :daily_activity, type: Hash field :daily_activity_stored, type: Mongoid::Boolean, default: true @@ -123,11 +122,7 @@ def reset_daily_activity self.daily_activity_stored = true end - def over_limit?(current_user = null) - if current_user.present? && RecordSchema.roles[current_user.role.to_sym].try(:anonymous) - return updated_today? && daily_requests > anonymous_max_requests - end - + def over_limit? updated_today? && daily_requests > max_requests end From c45bbd9848185fbca10ad60fc77a77ece2977a39 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 11:23:57 +1200 Subject: [PATCH 06/30] tidy up and update specs --- app/params/supplejack_api/concerns/helpers_params.rb | 8 +++++++- app/params/supplejack_api/mlt_params.rb | 3 ++- app/params/supplejack_api/search_params.rb | 3 ++- spec/models/supplejack_api/search_spec.rb | 6 +++--- .../supplejack_api/more_like_this_search_spec.rb | 6 +++--- 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/app/params/supplejack_api/concerns/helpers_params.rb b/app/params/supplejack_api/concerns/helpers_params.rb index 62c9acd43..1aa2a0940 100644 --- a/app/params/supplejack_api/concerns/helpers_params.rb +++ b/app/params/supplejack_api/concerns/helpers_params.rb @@ -22,8 +22,14 @@ def cast_param(_name, value) # - the corresponding max value if it is exceeding it # - the value otherwise def integer_param(param, value) + @user = User.find_by_auth_token(request.headers['Authentication-Token'] || params[:api_key]) + if self.class.max_values[param] < value - errors << "The #{param} parameter can not exceed #{self.class.max_values[param]}" + if @user.nil? || @user&.role == 'anonymous' + errors << "The #{param} parameter for anonymous users (without an API key) can not exceed #{self.class.max_values[param]}" + else + errors << "The #{param} parameter can not exceed #{self.class.max_values[param]}" + end end value = value.to_i diff --git a/app/params/supplejack_api/mlt_params.rb b/app/params/supplejack_api/mlt_params.rb index fc51b3557..8a3b97930 100644 --- a/app/params/supplejack_api/mlt_params.rb +++ b/app/params/supplejack_api/mlt_params.rb @@ -16,7 +16,7 @@ class MltParams < BaseParams class_attribute :max_values self.max_values = { - page: 10_000, + page: @user.nil? || @user&.role == 'anonymous' ? 100 : 50_000, per_page: 100 } @@ -37,6 +37,7 @@ def initialize(**kwargs) @record_type = @params[:record_type] @debug = kwargs[:debug] == 'true' + @user = User.find_by_auth_token(request.headers['Authentication-Token'] || params[:api_key]) end def valid? diff --git a/app/params/supplejack_api/search_params.rb b/app/params/supplejack_api/search_params.rb index 84480c821..80a57f2eb 100644 --- a/app/params/supplejack_api/search_params.rb +++ b/app/params/supplejack_api/search_params.rb @@ -27,7 +27,7 @@ class SearchParams < BaseParams class_attribute :max_values self.max_values = { - page: 10_000, + page: @user.nil? || @user&.role == 'anonymous' ? 100 : 50_000, per_page: 100, facets_per_page: 350, facets_page: 5000 @@ -55,6 +55,7 @@ def initialize(**kwargs) @solr_query = @params[:solr_query] @debug = @params[:debug] == 'true' + @user = User.find_by_auth_token(request.headers['Authentication-Token'] || params[:api_key]) end private diff --git a/spec/models/supplejack_api/search_spec.rb b/spec/models/supplejack_api/search_spec.rb index e51ebbd26..4f1272c6c 100644 --- a/spec/models/supplejack_api/search_spec.rb +++ b/spec/models/supplejack_api/search_spec.rb @@ -178,11 +178,11 @@ module SupplejackApi expect(@search.valid?).to be false end - it 'sets warning if page vale is greater than 10000' do - search = RecordSearch.new(page: 100_001) + it 'sets warning if page vale is greater than 50000' do + search = RecordSearch.new(page: 50_001) search.valid? - expect(search.errors).to include 'The page parameter can not exceed 100000' + expect(search.errors).to include 'The page parameter can not exceed 50000' end it 'sets warning if per_page vale is greater than 100' do diff --git a/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb b/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb index abc0d5b82..e0e9dc482 100644 --- a/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb +++ b/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb @@ -97,9 +97,9 @@ module SupplejackApi expect(MoreLikeThisSearch.new(record, :anonymous, {}).valid?).to be true end - it 'sets error if page value is greater than 100_000' do - search = MoreLikeThisSearch.new(record, :anonymous, page: 100_001) - expect(search.errors).to include 'The page parameter can not exceed 100000' + it 'sets error if page value is greater than 100' do + search = MoreLikeThisSearch.new(record, :anonymous, page: 101) + expect(search.errors).to include 'The page parameter can not exceed 100' end it 'sets warning if per_page vale is greater than 100' do From 60c25ec8f35a6bd41fdc22b581134b23a42245aa Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 11:29:32 +1200 Subject: [PATCH 07/30] rubocop fix --- app/params/supplejack_api/concerns/helpers_params.rb | 2 ++ app/params/supplejack_api/mlt_params.rb | 2 +- app/params/supplejack_api/search_params.rb | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/params/supplejack_api/concerns/helpers_params.rb b/app/params/supplejack_api/concerns/helpers_params.rb index 1aa2a0940..bf917ed40 100644 --- a/app/params/supplejack_api/concerns/helpers_params.rb +++ b/app/params/supplejack_api/concerns/helpers_params.rb @@ -26,7 +26,9 @@ def integer_param(param, value) if self.class.max_values[param] < value if @user.nil? || @user&.role == 'anonymous' + # rubocop:disable Layout/LineLength errors << "The #{param} parameter for anonymous users (without an API key) can not exceed #{self.class.max_values[param]}" + # rubocop:enable Layout/LineLength else errors << "The #{param} parameter can not exceed #{self.class.max_values[param]}" end diff --git a/app/params/supplejack_api/mlt_params.rb b/app/params/supplejack_api/mlt_params.rb index 8a3b97930..cd30f0106 100644 --- a/app/params/supplejack_api/mlt_params.rb +++ b/app/params/supplejack_api/mlt_params.rb @@ -37,7 +37,7 @@ def initialize(**kwargs) @record_type = @params[:record_type] @debug = kwargs[:debug] == 'true' - @user = User.find_by_auth_token(request.headers['Authentication-Token'] || params[:api_key]) + @user = User.find_by_auth_token(@params[:api_key]) end def valid? diff --git a/app/params/supplejack_api/search_params.rb b/app/params/supplejack_api/search_params.rb index 80a57f2eb..c214bdc92 100644 --- a/app/params/supplejack_api/search_params.rb +++ b/app/params/supplejack_api/search_params.rb @@ -55,7 +55,7 @@ def initialize(**kwargs) @solr_query = @params[:solr_query] @debug = @params[:debug] == 'true' - @user = User.find_by_auth_token(request.headers['Authentication-Token'] || params[:api_key]) + @user = User.find_by_auth_token(@params[:api_key]) end private From b5903514a82b8068d7ad82db9f2610707b165ad5 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 11:32:07 +1200 Subject: [PATCH 08/30] tidy up --- app/params/supplejack_api/concerns/helpers_params.rb | 2 +- app/params/supplejack_api/mlt_params.rb | 2 +- app/params/supplejack_api/search_params.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/params/supplejack_api/concerns/helpers_params.rb b/app/params/supplejack_api/concerns/helpers_params.rb index bf917ed40..60cc362d6 100644 --- a/app/params/supplejack_api/concerns/helpers_params.rb +++ b/app/params/supplejack_api/concerns/helpers_params.rb @@ -22,7 +22,7 @@ def cast_param(_name, value) # - the corresponding max value if it is exceeding it # - the value otherwise def integer_param(param, value) - @user = User.find_by_auth_token(request.headers['Authentication-Token'] || params[:api_key]) + @user = User.find_by_auth_token(params[:api_key]) if self.class.max_values[param] < value if @user.nil? || @user&.role == 'anonymous' diff --git a/app/params/supplejack_api/mlt_params.rb b/app/params/supplejack_api/mlt_params.rb index cd30f0106..fceab77e9 100644 --- a/app/params/supplejack_api/mlt_params.rb +++ b/app/params/supplejack_api/mlt_params.rb @@ -37,7 +37,7 @@ def initialize(**kwargs) @record_type = @params[:record_type] @debug = kwargs[:debug] == 'true' - @user = User.find_by_auth_token(@params[:api_key]) + @user = User.find_by_auth_token(params[:api_key]) end def valid? diff --git a/app/params/supplejack_api/search_params.rb b/app/params/supplejack_api/search_params.rb index c214bdc92..fba494e63 100644 --- a/app/params/supplejack_api/search_params.rb +++ b/app/params/supplejack_api/search_params.rb @@ -55,7 +55,7 @@ def initialize(**kwargs) @solr_query = @params[:solr_query] @debug = @params[:debug] == 'true' - @user = User.find_by_auth_token(@params[:api_key]) + @user = User.find_by_auth_token(params[:api_key]) end private From c83fe80e7dc1cc5335bcc6cee74032a4096c258b Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 11:36:05 +1200 Subject: [PATCH 09/30] tidy ups --- app/params/supplejack_api/concerns/helpers_params.rb | 10 +++++----- app/params/supplejack_api/mlt_params.rb | 3 +-- app/params/supplejack_api/search_params.rb | 3 +-- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/app/params/supplejack_api/concerns/helpers_params.rb b/app/params/supplejack_api/concerns/helpers_params.rb index 60cc362d6..aef7fa803 100644 --- a/app/params/supplejack_api/concerns/helpers_params.rb +++ b/app/params/supplejack_api/concerns/helpers_params.rb @@ -24,14 +24,14 @@ def cast_param(_name, value) def integer_param(param, value) @user = User.find_by_auth_token(params[:api_key]) - if self.class.max_values[param] < value - if @user.nil? || @user&.role == 'anonymous' + if param == 'page' && (@user.nil? || @user&.role == 'anonymous') && 100 < value # rubocop:disable Layout/LineLength errors << "The #{param} parameter for anonymous users (without an API key) can not exceed #{self.class.max_values[param]}" # rubocop:enable Layout/LineLength - else - errors << "The #{param} parameter can not exceed #{self.class.max_values[param]}" - end + end + + if self.class.max_values[param] < value + errors << "The #{param} parameter can not exceed #{self.class.max_values[param]}" end value = value.to_i diff --git a/app/params/supplejack_api/mlt_params.rb b/app/params/supplejack_api/mlt_params.rb index fceab77e9..7cbd790d4 100644 --- a/app/params/supplejack_api/mlt_params.rb +++ b/app/params/supplejack_api/mlt_params.rb @@ -16,7 +16,7 @@ class MltParams < BaseParams class_attribute :max_values self.max_values = { - page: @user.nil? || @user&.role == 'anonymous' ? 100 : 50_000, + page: 50_000, per_page: 100 } @@ -37,7 +37,6 @@ def initialize(**kwargs) @record_type = @params[:record_type] @debug = kwargs[:debug] == 'true' - @user = User.find_by_auth_token(params[:api_key]) end def valid? diff --git a/app/params/supplejack_api/search_params.rb b/app/params/supplejack_api/search_params.rb index fba494e63..12674aa9a 100644 --- a/app/params/supplejack_api/search_params.rb +++ b/app/params/supplejack_api/search_params.rb @@ -27,7 +27,7 @@ class SearchParams < BaseParams class_attribute :max_values self.max_values = { - page: @user.nil? || @user&.role == 'anonymous' ? 100 : 50_000, + page: 50_000, per_page: 100, facets_per_page: 350, facets_page: 5000 @@ -55,7 +55,6 @@ def initialize(**kwargs) @solr_query = @params[:solr_query] @debug = @params[:debug] == 'true' - @user = User.find_by_auth_token(params[:api_key]) end private From 0dd84bccf6b9f8d5d2b5a95504fab9b4a0ecf736 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 11:44:56 +1200 Subject: [PATCH 10/30] rework fix --- .../supplejack_api/supplejack_application_controller.rb | 6 ++++++ app/params/supplejack_api/concerns/helpers_params.rb | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/app/controllers/supplejack_api/supplejack_application_controller.rb b/app/controllers/supplejack_api/supplejack_application_controller.rb index 9c536ba40..134892a43 100644 --- a/app/controllers/supplejack_api/supplejack_application_controller.rb +++ b/app/controllers/supplejack_api/supplejack_application_controller.rb @@ -26,6 +26,12 @@ def authenticate_user! error_message = nil if current_user + # limit for anonymous users is reduced to 100 pages + if RecordSchema.roles[current_user.role.to_sym].try(:anonymous) + SupplejackApi::SearchParams.max_values.page = 100 + SupplejackApi::MltParams.max_values.page = 100 + end + if current_user.over_limit? error_message = if RecordSchema.roles[current_user.role.to_sym].try(:anonymous) I18n.t('users.anonymous_reached_limit') diff --git a/app/params/supplejack_api/concerns/helpers_params.rb b/app/params/supplejack_api/concerns/helpers_params.rb index aef7fa803..350ab63aa 100644 --- a/app/params/supplejack_api/concerns/helpers_params.rb +++ b/app/params/supplejack_api/concerns/helpers_params.rb @@ -24,7 +24,7 @@ def cast_param(_name, value) def integer_param(param, value) @user = User.find_by_auth_token(params[:api_key]) - if param == 'page' && (@user.nil? || @user&.role == 'anonymous') && 100 < value + if param == 'page' && self.class.max_values[param] == 100 && self.class.max_values[param] < value # rubocop:disable Layout/LineLength errors << "The #{param} parameter for anonymous users (without an API key) can not exceed #{self.class.max_values[param]}" # rubocop:enable Layout/LineLength From 75b1004f372e39b936641f8f6d6dd4651c4e9615 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 11:46:28 +1200 Subject: [PATCH 11/30] Remove outdated code --- app/params/supplejack_api/concerns/helpers_params.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/app/params/supplejack_api/concerns/helpers_params.rb b/app/params/supplejack_api/concerns/helpers_params.rb index 350ab63aa..4a200da7d 100644 --- a/app/params/supplejack_api/concerns/helpers_params.rb +++ b/app/params/supplejack_api/concerns/helpers_params.rb @@ -22,8 +22,6 @@ def cast_param(_name, value) # - the corresponding max value if it is exceeding it # - the value otherwise def integer_param(param, value) - @user = User.find_by_auth_token(params[:api_key]) - if param == 'page' && self.class.max_values[param] == 100 && self.class.max_values[param] < value # rubocop:disable Layout/LineLength errors << "The #{param} parameter for anonymous users (without an API key) can not exceed #{self.class.max_values[param]}" From e810c7a062ed50acd632269a049547ec7fb3cbaa Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 13:48:37 +1200 Subject: [PATCH 12/30] changes in progress --- .../supplejack_application_controller.rb | 6 ------ app/models/supplejack_api/search.rb | 14 ++++++++++--- .../supplejack_api/anonymous_mlt_params.rb | 10 ++++++++++ .../supplejack_api/anonymous_search_params.rb | 10 ++++++++++ .../supplejack_api/concerns/helpers_params.rb | 2 +- .../supplejack_api/more_like_this_search.rb | 20 ++++++++++++++----- 6 files changed, 47 insertions(+), 15 deletions(-) create mode 100644 app/params/supplejack_api/anonymous_mlt_params.rb create mode 100644 app/params/supplejack_api/anonymous_search_params.rb diff --git a/app/controllers/supplejack_api/supplejack_application_controller.rb b/app/controllers/supplejack_api/supplejack_application_controller.rb index 134892a43..9c536ba40 100644 --- a/app/controllers/supplejack_api/supplejack_application_controller.rb +++ b/app/controllers/supplejack_api/supplejack_application_controller.rb @@ -26,12 +26,6 @@ def authenticate_user! error_message = nil if current_user - # limit for anonymous users is reduced to 100 pages - if RecordSchema.roles[current_user.role.to_sym].try(:anonymous) - SupplejackApi::SearchParams.max_values.page = 100 - SupplejackApi::MltParams.max_values.page = 100 - end - if current_user.over_limit? error_message = if RecordSchema.roles[current_user.role.to_sym].try(:anonymous) I18n.t('users.anonymous_reached_limit') diff --git a/app/models/supplejack_api/search.rb b/app/models/supplejack_api/search.rb index 12973bac4..7e2f0ca21 100644 --- a/app/models/supplejack_api/search.rb +++ b/app/models/supplejack_api/search.rb @@ -9,9 +9,17 @@ class Search def initialize(options = {}) @original_options = options.dup klass = self.class - @options = SearchParams.new( - **options.merge(model_class: klass.model_class, schema_class: klass.schema_class) - ) + + role = scope&.role&.to_sym + @options = if role.nil? || role == :anonymous + AnonymousSearchParams.new( + **options.merge(model_class: klass.model_class, schema_class: klass.schema_class) + ) + else + SearchParams.new( + **options.merge(model_class: klass.model_class, schema_class: klass.schema_class) + ) + end end def self.model_class diff --git a/app/params/supplejack_api/anonymous_mlt_params.rb b/app/params/supplejack_api/anonymous_mlt_params.rb new file mode 100644 index 000000000..5445db506 --- /dev/null +++ b/app/params/supplejack_api/anonymous_mlt_params.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +module SupplejackApi + class AnonymousMltParams < MltParams + self.max_values = { + page: 100, + per_page: 100 + } + end +end diff --git a/app/params/supplejack_api/anonymous_search_params.rb b/app/params/supplejack_api/anonymous_search_params.rb new file mode 100644 index 000000000..6df8324c6 --- /dev/null +++ b/app/params/supplejack_api/anonymous_search_params.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +module SupplejackApi + class AnonymousSearchParams < SearchParams + self.max_values = { + page: 100, + per_page: 100 + } + end +end diff --git a/app/params/supplejack_api/concerns/helpers_params.rb b/app/params/supplejack_api/concerns/helpers_params.rb index 4a200da7d..561ddc76a 100644 --- a/app/params/supplejack_api/concerns/helpers_params.rb +++ b/app/params/supplejack_api/concerns/helpers_params.rb @@ -22,7 +22,7 @@ def cast_param(_name, value) # - the corresponding max value if it is exceeding it # - the value otherwise def integer_param(param, value) - if param == 'page' && self.class.max_values[param] == 100 && self.class.max_values[param] < value + if param == :page && self.class.max_values[param] == 100 && self.class.max_values[param] < value # rubocop:disable Layout/LineLength errors << "The #{param} parameter for anonymous users (without an API key) can not exceed #{self.class.max_values[param]}" # rubocop:enable Layout/LineLength diff --git a/app/solr_queries/supplejack_api/more_like_this_search.rb b/app/solr_queries/supplejack_api/more_like_this_search.rb index 2d9b983c9..ab42e7417 100644 --- a/app/solr_queries/supplejack_api/more_like_this_search.rb +++ b/app/solr_queries/supplejack_api/more_like_this_search.rb @@ -5,11 +5,21 @@ class MoreLikeThisSearch < BaseSearch attr_reader :role, :record def initialize(record, role, params) - super(SupplejackApi::MltParams.new( - **params.merge( - schema_class: RecordSchema, model_class: SupplejackApi::Record - ) - )) + mlt_params = if @role == :anonymous || @role.nil? + SupplejackApi::AnonymousMltParams.new( + **params.merge( + schema_class: RecordSchema, model_class: SupplejackApi::Record + ) + ) + else + SupplejackApi::MltParams.new( + **params.merge( + schema_class: RecordSchema, model_class: SupplejackApi::Record + ) + ) + end + + super(mlt_params) @record = record @role = role end From 202a1acc47450cfee5e64a77f99db6b0afd67836 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 13:54:10 +1200 Subject: [PATCH 13/30] Added missing params --- app/params/supplejack_api/anonymous_search_params.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/params/supplejack_api/anonymous_search_params.rb b/app/params/supplejack_api/anonymous_search_params.rb index 6df8324c6..7c4cc469b 100644 --- a/app/params/supplejack_api/anonymous_search_params.rb +++ b/app/params/supplejack_api/anonymous_search_params.rb @@ -4,7 +4,9 @@ module SupplejackApi class AnonymousSearchParams < SearchParams self.max_values = { page: 100, - per_page: 100 + per_page: 100, + facets_per_page: 350, + facets_page: 5000 } end end From 8f1920ac572e0ea4befa5da3e5101b1dfe80268a Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 13:59:13 +1200 Subject: [PATCH 14/30] updated specs --- spec/models/supplejack_api/search_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/models/supplejack_api/search_spec.rb b/spec/models/supplejack_api/search_spec.rb index 4f1272c6c..d732739ae 100644 --- a/spec/models/supplejack_api/search_spec.rb +++ b/spec/models/supplejack_api/search_spec.rb @@ -178,11 +178,11 @@ module SupplejackApi expect(@search.valid?).to be false end - it 'sets warning if page vale is greater than 50000' do - search = RecordSearch.new(page: 50_001) + it 'sets warning if page vale is greater than 100' do + search = RecordSearch.new(page: 101) search.valid? - expect(search.errors).to include 'The page parameter can not exceed 50000' + expect(search.errors).to include 'The page parameter for anonymous users (without an API key) can not exceed 100' end it 'sets warning if per_page vale is greater than 100' do From 20c0e4cd93079af608c4a446e936fd7e6f578f3f Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 14:04:18 +1200 Subject: [PATCH 15/30] rubocop formatting --- spec/models/supplejack_api/search_spec.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/spec/models/supplejack_api/search_spec.rb b/spec/models/supplejack_api/search_spec.rb index d732739ae..26ca331de 100644 --- a/spec/models/supplejack_api/search_spec.rb +++ b/spec/models/supplejack_api/search_spec.rb @@ -182,7 +182,8 @@ module SupplejackApi search = RecordSearch.new(page: 101) search.valid? - expect(search.errors).to include 'The page parameter for anonymous users (without an API key) can not exceed 100' + expect(search.errors).to + include 'The page parameter for anonymous users (without an API key) can not exceed 100' end it 'sets warning if per_page vale is greater than 100' do From 9d2013c98dd2d48ac90b5a180fe68bd16ba3ff4a Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 14:20:59 +1200 Subject: [PATCH 16/30] rubocop fixes --- app/params/supplejack_api/concerns/helpers_params.rb | 6 +++--- spec/models/supplejack_api/search_spec.rb | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/app/params/supplejack_api/concerns/helpers_params.rb b/app/params/supplejack_api/concerns/helpers_params.rb index 561ddc76a..c067afaab 100644 --- a/app/params/supplejack_api/concerns/helpers_params.rb +++ b/app/params/supplejack_api/concerns/helpers_params.rb @@ -23,9 +23,9 @@ def cast_param(_name, value) # - the value otherwise def integer_param(param, value) if param == :page && self.class.max_values[param] == 100 && self.class.max_values[param] < value - # rubocop:disable Layout/LineLength - errors << "The #{param} parameter for anonymous users (without an API key) can not exceed #{self.class.max_values[param]}" - # rubocop:enable Layout/LineLength + # rubocop:disable Layout/LineLength + errors << "The #{param} parameter for anonymous users (without an API key) can not exceed #{self.class.max_values[param]}" + # rubocop:enable Layout/LineLength end if self.class.max_values[param] < value diff --git a/spec/models/supplejack_api/search_spec.rb b/spec/models/supplejack_api/search_spec.rb index 26ca331de..abde1c12d 100644 --- a/spec/models/supplejack_api/search_spec.rb +++ b/spec/models/supplejack_api/search_spec.rb @@ -182,8 +182,9 @@ module SupplejackApi search = RecordSearch.new(page: 101) search.valid? - expect(search.errors).to - include 'The page parameter for anonymous users (without an API key) can not exceed 100' + # rubocop:disable Layout/LineLength + expect(search.errors).to include 'The page parameter for anonymous users (without an API key) can not exceed 100' + # rubocop:enable Layout/LineLength end it 'sets warning if per_page vale is greater than 100' do From 875bf58ee7dbbc63214c5f2d39a1639083305aa3 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 14:37:31 +1200 Subject: [PATCH 17/30] Added mirror to gitlab step --- .github/workflows/mirror_to_gitlab.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/mirror_to_gitlab.yml diff --git a/.github/workflows/mirror_to_gitlab.yml b/.github/workflows/mirror_to_gitlab.yml new file mode 100644 index 000000000..faf8ac95b --- /dev/null +++ b/.github/workflows/mirror_to_gitlab.yml @@ -0,0 +1,18 @@ +name: Mirror to GitLab + +on: [push] + +jobs: + mirror-repository: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: mirror-repository + uses: yesolutions/mirror-action@master + with: + REMOTE: ${{ secrets.GITLAB_REPO_SSH }} + GIT_SSH_PRIVATE_KEY: ${{ secrets.GIT_SSH_PRIVATE_KEY }} + GIT_SSH_NO_VERIFY_HOST: ${{ secrets.GIT_SSH_NO_VERIFY_HOST }} + PUSH_ALL_REFS: "false" \ No newline at end of file From 18e1195859484094612360730b25985853dbc7d6 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 14:47:00 +1200 Subject: [PATCH 18/30] remove mirror --- .github/workflows/mirror_to_gitlab.yml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 .github/workflows/mirror_to_gitlab.yml diff --git a/.github/workflows/mirror_to_gitlab.yml b/.github/workflows/mirror_to_gitlab.yml deleted file mode 100644 index faf8ac95b..000000000 --- a/.github/workflows/mirror_to_gitlab.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: Mirror to GitLab - -on: [push] - -jobs: - mirror-repository: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: mirror-repository - uses: yesolutions/mirror-action@master - with: - REMOTE: ${{ secrets.GITLAB_REPO_SSH }} - GIT_SSH_PRIVATE_KEY: ${{ secrets.GIT_SSH_PRIVATE_KEY }} - GIT_SSH_NO_VERIFY_HOST: ${{ secrets.GIT_SSH_NO_VERIFY_HOST }} - PUSH_ALL_REFS: "false" \ No newline at end of file From 9e31bf347ff210d3e7b21f0f00cc521bc9461ab3 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 15:12:12 +1200 Subject: [PATCH 19/30] tidy up --- app/params/supplejack_api/concerns/helpers_params.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/app/params/supplejack_api/concerns/helpers_params.rb b/app/params/supplejack_api/concerns/helpers_params.rb index c067afaab..78d75fc13 100644 --- a/app/params/supplejack_api/concerns/helpers_params.rb +++ b/app/params/supplejack_api/concerns/helpers_params.rb @@ -26,9 +26,7 @@ def integer_param(param, value) # rubocop:disable Layout/LineLength errors << "The #{param} parameter for anonymous users (without an API key) can not exceed #{self.class.max_values[param]}" # rubocop:enable Layout/LineLength - end - - if self.class.max_values[param] < value + elsif self.class.max_values[param] < value errors << "The #{param} parameter can not exceed #{self.class.max_values[param]}" end From a0fea4a1e515ceccd9fa7bd40e28777104bcd782 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 17:18:37 +1200 Subject: [PATCH 20/30] fixes and refactor --- app/models/supplejack_api/search.rb | 17 ++++++++--------- .../supplejack_api/more_like_this_search.rb | 14 +++++++------- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/app/models/supplejack_api/search.rb b/app/models/supplejack_api/search.rb index 7e2f0ca21..e688ab768 100644 --- a/app/models/supplejack_api/search.rb +++ b/app/models/supplejack_api/search.rb @@ -10,15 +10,14 @@ def initialize(options = {}) @original_options = options.dup klass = self.class - role = scope&.role&.to_sym - @options = if role.nil? || role == :anonymous - AnonymousSearchParams.new( - **options.merge(model_class: klass.model_class, schema_class: klass.schema_class) - ) - else - SearchParams.new( - **options.merge(model_class: klass.model_class, schema_class: klass.schema_class) - ) + @options = if options['api_key'] + SearchParams.new( + **options.merge(model_class: klass.model_class, schema_class: klass.schema_class) + ) + else + AnonymousSearchParams.new( + **options.merge(model_class: klass.model_class, schema_class: klass.schema_class) + ) end end diff --git a/app/solr_queries/supplejack_api/more_like_this_search.rb b/app/solr_queries/supplejack_api/more_like_this_search.rb index ab42e7417..1619108ce 100644 --- a/app/solr_queries/supplejack_api/more_like_this_search.rb +++ b/app/solr_queries/supplejack_api/more_like_this_search.rb @@ -5,14 +5,14 @@ class MoreLikeThisSearch < BaseSearch attr_reader :role, :record def initialize(record, role, params) - mlt_params = if @role == :anonymous || @role.nil? - SupplejackApi::AnonymousMltParams.new( - **params.merge( - schema_class: RecordSchema, model_class: SupplejackApi::Record - ) - ) - else + mlt_params = if options['api_key'] SupplejackApi::MltParams.new( + **params.merge( + schema_class: RecordSchema, model_class: SupplejackApi::Record + ) + ) + else + SupplejackApi::AnonymousMltParams.new( **params.merge( schema_class: RecordSchema, model_class: SupplejackApi::Record ) From 2dc8d66ba67031133c09845199de6fb4ec8ad1fe Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 17:27:57 +1200 Subject: [PATCH 21/30] tidy up and rubocop fixes --- app/models/supplejack_api/search.rb | 16 ++++++++-------- .../supplejack_api/more_like_this_search.rb | 10 +++++----- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/app/models/supplejack_api/search.rb b/app/models/supplejack_api/search.rb index e688ab768..25c71d3ba 100644 --- a/app/models/supplejack_api/search.rb +++ b/app/models/supplejack_api/search.rb @@ -10,14 +10,14 @@ def initialize(options = {}) @original_options = options.dup klass = self.class - @options = if options['api_key'] - SearchParams.new( - **options.merge(model_class: klass.model_class, schema_class: klass.schema_class) - ) - else - AnonymousSearchParams.new( - **options.merge(model_class: klass.model_class, schema_class: klass.schema_class) - ) + @options = if options.present? && options['api_key'].present? + SearchParams.new( + **options.merge(model_class: klass.model_class, schema_class: klass.schema_class) + ) + else + AnonymousSearchParams.new( + **options.merge(model_class: klass.model_class, schema_class: klass.schema_class) + ) end end diff --git a/app/solr_queries/supplejack_api/more_like_this_search.rb b/app/solr_queries/supplejack_api/more_like_this_search.rb index 1619108ce..8cf82fc10 100644 --- a/app/solr_queries/supplejack_api/more_like_this_search.rb +++ b/app/solr_queries/supplejack_api/more_like_this_search.rb @@ -5,12 +5,12 @@ class MoreLikeThisSearch < BaseSearch attr_reader :role, :record def initialize(record, role, params) - mlt_params = if options['api_key'] + mlt_params = if params.present? && params['api_key'].present? SupplejackApi::MltParams.new( - **params.merge( - schema_class: RecordSchema, model_class: SupplejackApi::Record - ) - ) + **params.merge( + schema_class: RecordSchema, model_class: SupplejackApi::Record + ) + ) else SupplejackApi::AnonymousMltParams.new( **params.merge( From 09f4917de1b42743825017371da3f8691201a3d9 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 17:32:12 +1200 Subject: [PATCH 22/30] fix spec --- spec/solr_queries/supplejack_api/more_like_this_search_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb b/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb index e0e9dc482..c9a06dac9 100644 --- a/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb +++ b/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb @@ -99,7 +99,7 @@ module SupplejackApi it 'sets error if page value is greater than 100' do search = MoreLikeThisSearch.new(record, :anonymous, page: 101) - expect(search.errors).to include 'The page parameter can not exceed 100' + expect(search.errors).to include 'The page parameter for anonymous users (without an API key) can not exceed 100' end it 'sets warning if per_page vale is greater than 100' do From 6f10d302bad09090235b04f85fb3e66def87a9d9 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 17:32:54 +1200 Subject: [PATCH 23/30] fix rubocop --- spec/solr_queries/supplejack_api/more_like_this_search_spec.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb b/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb index c9a06dac9..c8ae42dab 100644 --- a/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb +++ b/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb @@ -99,7 +99,9 @@ module SupplejackApi it 'sets error if page value is greater than 100' do search = MoreLikeThisSearch.new(record, :anonymous, page: 101) + # rubocop:disable Layout/LineLength expect(search.errors).to include 'The page parameter for anonymous users (without an API key) can not exceed 100' + # rubocop:enable Layout/LineLength end it 'sets warning if per_page vale is greater than 100' do From 39f90bbf0f2d79ccbb740864a35cd2c2bd5427f1 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Tue, 5 Aug 2025 18:09:58 +1200 Subject: [PATCH 24/30] added specs --- spec/models/supplejack_api/search_spec.rb | 15 +++++++++++---- .../supplejack_api/more_like_this_search_spec.rb | 9 ++++++++- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/spec/models/supplejack_api/search_spec.rb b/spec/models/supplejack_api/search_spec.rb index abde1c12d..23e283ecf 100644 --- a/spec/models/supplejack_api/search_spec.rb +++ b/spec/models/supplejack_api/search_spec.rb @@ -178,7 +178,7 @@ module SupplejackApi expect(@search.valid?).to be false end - it 'sets warning if page vale is greater than 100' do + it 'sets warning if page value is greater than 100' do search = RecordSearch.new(page: 101) search.valid? @@ -187,26 +187,33 @@ module SupplejackApi # rubocop:enable Layout/LineLength end - it 'sets warning if per_page vale is greater than 100' do + it 'sets warning if per_page value is greater than 100' do search = RecordSearch.new(per_page: 101) search.valid? expect(search.errors).to include 'The per_page parameter can not exceed 100' end - it 'sets warning if facets_per_page vale is greater than 350' do + it 'sets warning if facets_per_page value is greater than 350' do search = RecordSearch.new(facets_per_page: 351) search.valid? expect(search.errors).to include 'The facets_per_page parameter can not exceed 350' end - it 'sets warning if facets_page vale is greater than 5000' do + it 'sets warning if facets_page value is greater than 5000' do search = RecordSearch.new(facets_page: 5001) search.valid? expect(search.errors).to include 'The facets_page parameter can not exceed 5000' end + + it 'sets warning if page is greater than 50000 with api key' do + search = RecordSearch.new('page' => '50_001', 'api_key' => 'testapikey') + search.valid? + + expect(search.errors).to include 'The page parameter can not exceed 50000' + end end describe '#solr_search_object' do diff --git a/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb b/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb index c8ae42dab..1353baf8f 100644 --- a/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb +++ b/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb @@ -104,10 +104,17 @@ module SupplejackApi # rubocop:enable Layout/LineLength end - it 'sets warning if per_page vale is greater than 100' do + it 'sets warning if per_page value is greater than 100' do search = MoreLikeThisSearch.new(record, :anonymous, per_page: 101) expect(search.errors).to include 'The per_page parameter can not exceed 100' end + + it 'sets warning if page is greater than 50000 with api key' do + search = MoreLikeThisSearch.new(record, :anonymous, { 'page' => 50_001, 'api_key' => 'testapikey' }) + search.valid? + + expect(search.errors).to include 'The page parameter can not exceed 50000' + end end end end From fce83215a6edcca69e8da07c36900b116199108d Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Wed, 6 Aug 2025 08:27:34 +1200 Subject: [PATCH 25/30] tidy up code --- app/params/supplejack_api/concerns/helpers_params.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/params/supplejack_api/concerns/helpers_params.rb b/app/params/supplejack_api/concerns/helpers_params.rb index 78d75fc13..2d2465ef6 100644 --- a/app/params/supplejack_api/concerns/helpers_params.rb +++ b/app/params/supplejack_api/concerns/helpers_params.rb @@ -22,7 +22,7 @@ def cast_param(_name, value) # - the corresponding max value if it is exceeding it # - the value otherwise def integer_param(param, value) - if param == :page && self.class.max_values[param] == 100 && self.class.max_values[param] < value + if param == :page && (instance_of?(AnonymousSearchParams) || instance_of?(AnonymousMltParams)) && self.class.max_values[param] < value # rubocop:disable Layout/LineLength errors << "The #{param} parameter for anonymous users (without an API key) can not exceed #{self.class.max_values[param]}" # rubocop:enable Layout/LineLength From 13f6dbe34b5366d5410d3bedd919a4c37e3f1255 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Wed, 6 Aug 2025 08:28:22 +1200 Subject: [PATCH 26/30] rubocop fixes --- app/params/supplejack_api/concerns/helpers_params.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/params/supplejack_api/concerns/helpers_params.rb b/app/params/supplejack_api/concerns/helpers_params.rb index 2d2465ef6..3e6aa622f 100644 --- a/app/params/supplejack_api/concerns/helpers_params.rb +++ b/app/params/supplejack_api/concerns/helpers_params.rb @@ -22,13 +22,13 @@ def cast_param(_name, value) # - the corresponding max value if it is exceeding it # - the value otherwise def integer_param(param, value) + # rubocop:disable Layout/LineLength if param == :page && (instance_of?(AnonymousSearchParams) || instance_of?(AnonymousMltParams)) && self.class.max_values[param] < value - # rubocop:disable Layout/LineLength errors << "The #{param} parameter for anonymous users (without an API key) can not exceed #{self.class.max_values[param]}" - # rubocop:enable Layout/LineLength elsif self.class.max_values[param] < value errors << "The #{param} parameter can not exceed #{self.class.max_values[param]}" end + # rubocop:enable Layout/LineLength value = value.to_i value = [value, self.class.max_values[param]].min if self.class.max_values[param] From 8654749a84169f064af415bd0f4445b6783e9a33 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Wed, 6 Aug 2025 19:08:57 +1200 Subject: [PATCH 27/30] tidy up and updated tests and rubocop --- app/controllers/supplejack_api/records_controller.rb | 4 +++- app/models/supplejack_api/search.rb | 6 +++--- app/solr_queries/supplejack_api/more_like_this_search.rb | 6 +++--- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/app/controllers/supplejack_api/records_controller.rb b/app/controllers/supplejack_api/records_controller.rb index 928587317..99cad422e 100644 --- a/app/controllers/supplejack_api/records_controller.rb +++ b/app/controllers/supplejack_api/records_controller.rb @@ -14,7 +14,9 @@ class RecordsController < SupplejackApplicationController respond_to :json, :xml, :rss def index - @search = SupplejackApi::RecordSearch.new(all_params) + options = all_params.dup + options['role'] = current_user&.role + @search = SupplejackApi::RecordSearch.new(options) @search.scope = current_user if @search.valid? diff --git a/app/models/supplejack_api/search.rb b/app/models/supplejack_api/search.rb index 25c71d3ba..ba1e1b7a7 100644 --- a/app/models/supplejack_api/search.rb +++ b/app/models/supplejack_api/search.rb @@ -10,12 +10,12 @@ def initialize(options = {}) @original_options = options.dup klass = self.class - @options = if options.present? && options['api_key'].present? - SearchParams.new( + @options = if options[:role].present? && options[:role].include?('anonymous') + AnonymousSearchParams.new( **options.merge(model_class: klass.model_class, schema_class: klass.schema_class) ) else - AnonymousSearchParams.new( + SearchParams.new( **options.merge(model_class: klass.model_class, schema_class: klass.schema_class) ) end diff --git a/app/solr_queries/supplejack_api/more_like_this_search.rb b/app/solr_queries/supplejack_api/more_like_this_search.rb index 8cf82fc10..356b410a1 100644 --- a/app/solr_queries/supplejack_api/more_like_this_search.rb +++ b/app/solr_queries/supplejack_api/more_like_this_search.rb @@ -5,14 +5,14 @@ class MoreLikeThisSearch < BaseSearch attr_reader :role, :record def initialize(record, role, params) - mlt_params = if params.present? && params['api_key'].present? - SupplejackApi::MltParams.new( + mlt_params = if role.present? && role.include?('anonymous') + SupplejackApi::AnonymousMltParams.new( **params.merge( schema_class: RecordSchema, model_class: SupplejackApi::Record ) ) else - SupplejackApi::AnonymousMltParams.new( + SupplejackApi::MltParams.new( **params.merge( schema_class: RecordSchema, model_class: SupplejackApi::Record ) From 6b4967cbd548827e8df3c73dc7bd96a9f3a8c9ec Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Wed, 6 Aug 2025 19:11:12 +1200 Subject: [PATCH 28/30] minor fixes --- app/solr_queries/supplejack_api/more_like_this_search.rb | 2 +- spec/models/supplejack_api/search_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/solr_queries/supplejack_api/more_like_this_search.rb b/app/solr_queries/supplejack_api/more_like_this_search.rb index 356b410a1..ababfadeb 100644 --- a/app/solr_queries/supplejack_api/more_like_this_search.rb +++ b/app/solr_queries/supplejack_api/more_like_this_search.rb @@ -5,7 +5,7 @@ class MoreLikeThisSearch < BaseSearch attr_reader :role, :record def initialize(record, role, params) - mlt_params = if role.present? && role.include?('anonymous') + mlt_params = if role.present? && role == :anonymous SupplejackApi::AnonymousMltParams.new( **params.merge( schema_class: RecordSchema, model_class: SupplejackApi::Record diff --git a/spec/models/supplejack_api/search_spec.rb b/spec/models/supplejack_api/search_spec.rb index 23e283ecf..d17efc780 100644 --- a/spec/models/supplejack_api/search_spec.rb +++ b/spec/models/supplejack_api/search_spec.rb @@ -179,7 +179,7 @@ module SupplejackApi end it 'sets warning if page value is greater than 100' do - search = RecordSearch.new(page: 101) + search = RecordSearch.new(page: 101, role: 'anonymous') search.valid? # rubocop:disable Layout/LineLength From b2af788d041b2419f788f7dfbba7a74fd020ed7a Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Wed, 6 Aug 2025 19:13:49 +1200 Subject: [PATCH 29/30] Fixed spec --- spec/solr_queries/supplejack_api/more_like_this_search_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb b/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb index 1353baf8f..a3a9833ef 100644 --- a/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb +++ b/spec/solr_queries/supplejack_api/more_like_this_search_spec.rb @@ -110,7 +110,7 @@ module SupplejackApi end it 'sets warning if page is greater than 50000 with api key' do - search = MoreLikeThisSearch.new(record, :anonymous, { 'page' => 50_001, 'api_key' => 'testapikey' }) + search = MoreLikeThisSearch.new(record, :admin, { 'page' => 50_001, 'api_key' => 'testapikey' }) search.valid? expect(search.errors).to include 'The page parameter can not exceed 50000' From 3fd122b73f5f6a5816974d3449b24a1c402563b7 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Thu, 7 Aug 2025 11:05:07 +1200 Subject: [PATCH 30/30] add EOL rails to brakeman warning --- config/brakeman.ignore | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 config/brakeman.ignore diff --git a/config/brakeman.ignore b/config/brakeman.ignore new file mode 100644 index 000000000..d7e6f5e06 --- /dev/null +++ b/config/brakeman.ignore @@ -0,0 +1,24 @@ +{ + "ignored_warnings": [ + { + "warning_type": "Unmaintained Dependency", + "warning_code": 122, + "fingerprint": "21ab0fe00fdd5899ffc405cff75aadb91b805ee996a614f7e27b08a287e9062d", + "check_name": "EOLRails", + "message": "Support for Rails 7.1.5.1 ends on 2025-10-01", + "file": "Gemfile.lock", + "line": 353, + "link": "https://brakemanscanner.org/docs/warning_types/unmaintained_dependency/", + "code": null, + "render_path": null, + "location": null, + "user_input": null, + "confidence": "Weak", + "cwe_id": [ + 1104 + ], + "note": "" + } + ], + "brakeman_version": "7.1.0" +}