Add backend size limits on query area/execution time

2026-06-07 19:18:32 +03:00 · 2023-01-20 16:10:39 +01:00
parent 689e2662d0
commit 69800fbc89
3 changed files with 36 additions and 7 deletions
--- a/api/api.py
+++ b/api/api.py
@@ -10,6 +10,7 @@ from functools import wraps
 import os
 from loguru import logger
 from datetime import datetime
+import math

 GOOGLE_CLIENT_ID = os.environ.get("GOOGLE_CLIENT_ID", None)

@@ -28,8 +29,15 @@ def json_query(query, conn=None):

    cur = conn.cursor(cursor_factory=RealDictCursor)

+    cur.execute("SET SESSION statement_timeout = '120s';")
+
    t1 = datetime.now()
-    cur.execute(query)
+    try:
+        cur.execute(query)
+    except psycopg2.errors.QueryCanceled:
+        logger.warning("Request timed out")
+        return Response(status=400)
+
    data = cur.fetchall()
    cur.close()
    conn.close()
@@ -98,7 +106,13 @@ def get_intersection():
    t = float(args.get("t"))

    bbox = [l, b, r, t]
+
+    area = math.pow(6371,2) * math.pi * abs(math.sin(math.radians(t)) - math.sin(math.radians(b))) * abs(r - l) / 180
    
+    # reject queries that are too large
+    if area > 4e6:
+        return Response(status=400)
+
    bbox_filter = sql.SQL("AND way && ST_Transform(ST_MakeEnvelope({left}, {bottom}, {right}, {top}, 4326), 3857)").format(left=sql.Literal(bbox[0]), bottom=sql.Literal(bbox[1]), right=sql.Literal(bbox[2]), top=sql.Literal(bbox[3]))

    first = filters[0]
--- a/frontend/public/index.html
+++ b/frontend/public/index.html
@@ -8,6 +8,7 @@
    <title>Bellingcat OpenStreetMap search</title>
    <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900">
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@mdi/font@latest/css/materialdesignicons.min.css">
+    <script defer data-domain="osm.baarle-hertog.xyz" src="https://plausible.io/js/script.js"></script>
  </head>
  <body>
    <noscript>
--- a/frontend/src/store/index.js
+++ b/frontend/src/store/index.js
@@ -101,7 +101,12 @@ export default new Vuex.Store({
          },
        }
      )
-        .then((d) => d.json())
+        .then((d) => {
+          if (d.status != 200) {
+            return Promise.reject(Error(d.status));
+          }
+          return d.json();
+        })
        .then((data) => {
          let time2 = performance.now();
          commit("setResponseTime", time2 - time1);
@@ -109,12 +114,21 @@ export default new Vuex.Store({
          commit("setLoading", false);
          commit("setError", false);
        })
-        .catch(() => {
+        .catch((e) => {
          commit("setLoading", false);
-          commit(
-            "setError",
-            "Search error. Check your custom features or email logan@bellingcat.com."
-          );
+          if (e.message == 400) {
+            commit("setLoading", false);
+            commit(
+              "setError",
+              "Your search area is too large, or your search timed out. Zoom in on a smaller area or change your search parameters. Adding a point feature (green) will increase speed."
+            );
+          } else {
+            commit("setLoading", false);
+            commit(
+              "setError",
+              "Search error. Check your custom features or email logan@bellingcat.com."
+            );
+          }
        });
    },
  },