Enforce changeset size limit for API calls which make changes

diff --git a/app/models/changeset.rb b/app/models/changeset.rb
index abb494de64af3333a761431d2191d9b92afa9759..e6bde19a50d8562f63e12e44be146a72e5905ac9 100644 (file)
--- a/app/models/changeset.rb
+++ b/app/models/changeset.rb
@@ -130,6 +130,8 @@ class Changeset < ApplicationRecord
   def update_bbox!(bbox_update)
     bbox.expand!(bbox_update)
 
+    raise OSM::APISizeLimitExceeded if bbox.linear_size > size_limit
+
     # update active record. rails 2.1's dirty handling should take care of
     # whether this object needs saving or not.
     self.min_lon, self.min_lat, self.max_lon, self.max_lat = @bbox.to_a.collect(&:round) if bbox.complete?
@@ -225,4 +227,10 @@ class Changeset < ApplicationRecord
   def subscribed?(user)
     subscribers.exists?(user.id)
   end
+
+  def size_limit
+    @size_limit ||= ActiveRecord::Base.connection.select_value(
+      "SELECT api_size_limit($1)", "api_size_limit", [user_id]
+    )
+  end
 end

diff --git a/lib/bounding_box.rb b/lib/bounding_box.rb
index 0cc4c5fd432e3ceae3d388aa5687d927e8773d33..462f45a9f1ca329ecd7c0096557876e9f06ea724 100644 (file)
--- a/lib/bounding_box.rb
+++ b/lib/bounding_box.rb
@@ -88,6 +88,14 @@ class BoundingBox
     end
   end
 
+  def linear_size
+    if complete?
+      (max_lon - min_lon) + (max_lat - min_lat)
+    else
+      0
+    end
+  end
+
   def complete?
     to_a.exclude?(nil)
   end

diff --git a/lib/osm.rb b/lib/osm.rb
index a0fcef8b9f2cf86a238844b0b5170f8dd0552fde..dd273418e52cc562c95f94b67ef1bba47218f1c3 100644 (file)
--- a/lib/osm.rb
+++ b/lib/osm.rb
@@ -364,6 +364,17 @@ module OSM
     end
   end
 
+  # Raised when a size limit is exceeded
+  class APISizeLimitExceeded < APIError
+    def initialize
+      super("Size limit exceeded")
+    end
+
+    def status
+      :payload_too_large
+    end
+  end
+
   # Helper methods for going to/from mercator and lat/lng.
   class Mercator
     include Math