Add page size restrictions

DefectDojo · Jan 23, 2025 · 2f15cc0 · 2f15cc0
1 parent 9d773a0
commit 2f15cc0
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 1 deletion.
diff --git a/dojo/api_v2/mixins.py b/dojo/api_v2/mixins.py
@@ -6,6 +6,8 @@
 from rest_framework import status
 from rest_framework.authtoken.models import Token
 from rest_framework.decorators import action
+from rest_framework.pagination import LimitOffsetPagination
+from rest_framework.response import Response
 
 from dojo.api_v2 import serializers
 from dojo.models import Answer, Question
@@ -56,3 +58,45 @@ def get_queryset(self):
 class AnswerSubClassFieldsMixin:
     def get_queryset(self):
         return Answer.objects.select_subclasses()
+
+
+class DeprecationWarningLimitOffsetPagination(LimitOffsetPagination):
+    # Newly introduced max limit
+    max_limit = 250
+    # Represents no limit previously
+    default_max_limit = None
+
+    def get_paginated_response(self, data):
+        # Determine the limit from the request
+        limit = self.request.query_params.get("limit", None)
+        limit = int(limit) if limit and limit.isdigit() else None
+        # Base response
+        response_data = {
+            "count": self.count,
+            "next": self.get_next_link(),
+            "previous": self.get_previous_link(),
+            "results": data,
+        }
+        # Add a deprecation warning if the limit exceeds the new max_limit
+        if limit > self.max_limit:
+            response_data["meta"] = {
+                "warning": (
+                    f"The requested limit of {limit} exceeds the newly introduced maximum limit of {self.max_limit}. "
+                    f"Starting in version 2.45.0, requests exceeding this limit will be truncated to {self.max_limit} results. "
+                    "Please adjust your requests to ensure compatibility."
+                ),
+            }
+
+        return Response(response_data)
+
+    # This entire function can be removed during the cut over
+    def get_limit(self, request):
+        limit = super().get_limit(request)
+        # If no max limit was previously set, allow any requested limit
+        if self.default_max_limit is None:
+            return limit
+        # Clamp the limit to the new max_limit if it exceeds the maximum
+        if limit and limit > self.max_limit:
+            return self.max_limit
+
+        return limit
diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py
@@ -765,7 +765,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
     "DEFAULT_RENDERER_CLASSES": (
         "rest_framework.renderers.JSONRenderer",
     ),
-    "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.LimitOffsetPagination",
+    "DEFAULT_PAGINATION_CLASS": "dojo.api_v2.mixins.DeprecationWarningLimitOffsetPagination",
     "PAGE_SIZE": 25,
     "EXCEPTION_HANDLER": "dojo.api_v2.exception_handler.custom_exception_handler",
 }