Merge pull request #176 from BraunRudolf/Restrict_posted_data

Restrict amount of data beiging posted Issue #172
openclimatefix · Jul 2, 2024 · 31593f1 · 31593f1
2 parents 689bb3f + fc672fa
commit 31593f1
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/pv_site_api/main.py b/pv_site_api/main.py
@@ -223,6 +223,7 @@ def get_sites(
 # post_pv_actual: sends data to us, and we save to database
 @app.post("/sites/{site_uuid}/pv_actual", tags=["Generation"])
 def post_pv_actual(
+    request: Request,
     site_uuid: str,
     pv_actual: MultiplePVActual,
     session: Session = Depends(get_session),
@@ -247,6 +248,13 @@ def post_pv_actual(
 
     """
 
+    # limit payload size to 1 MB, raise 413 if exceeded
+    content_length = int(request.headers.get("Content-Length", 0))
+    max_payload_size = 1024 * 1024
+
+    if content_length > max_payload_size:
+        raise HTTPException(status_code=413, detail="Payload too large")
+
     if is_fake():
         print(f"Got {pv_actual.model_dump()} for site {site_uuid}")
         print("Not doing anything with it (yet!)")

diff --git a/tests/test_main.py b/tests/test_main.py
@@ -48,6 +48,27 @@ def test_post_pv_actual(client, fake):
     assert response.status_code == 200
 
 
+def test_post_too_large_pv_actual(client, fake):
+    pv_actual_value = PVActualValue(
+        datetime_utc=datetime.now(timezone.utc), actual_generation_kw=73.3
+    )
+
+    # make fake iteration of pv values that is bigger than 1 MB
+    fake_pv_actual_iteration = MultiplePVActual(
+        # 30000 {key:value} pairs ~ 1 MB
+        site_uuid="fff-fff",
+        pv_actual_values=[pv_actual_value] * 30000,
+    )
+
+    # this makes sure the datetimes are iso strings
+    obj = json.loads(fake_pv_actual_iteration.json())
+
+    response = client.post("/sites/fff-fff-fff/pv_actual", json=obj)
+
+    assert response.status_code == 413
+    assert response.json() == {"detail": "Payload too large"}
+
+
 def test_delete_site(client, fake):
     response = client.delete("/sites/delete/fff-fff-fff")