fixed unrestricted queries in cluster dashboard

2014-05-13 18:15:34 +02:00 · 2014-05-13 18:15:34 +02:00 · 299e05c0b2
parent 5aba18ebdc
commit 299e05c0b2
3 changed files with 17 additions and 23 deletions
--- a/js/actions/api-cluster.js
+++ b/js/actions/api-cluster.js
@ -645,24 +645,22 @@ actions.defineHttp({
    var DBserver = req.parameters.DBserver;

    //build query
-    var startDate = body.startDate;
-    var endDate = body.endDate;
    var figures = body.figures;
-    var filterString = "";
-    if (startDate) {
-      filterString += " filter u.time > " + startDate;
-    } else {
-      endDate = startDate;
-    }
-    if (endDate) {
-      filterString += " filter u.time < " + endDate;
-    }
+    var filterString = " filter u.time > @startDate";
+    var bind = {
+      startDate: (new Date().getTime() / 1000) - 20 * 60
+    };
+
    if (cluster.isCoordinator() && !req.parameters.hasOwnProperty("DBserver")) {
-      filterString += " filter u.clusterId == '" + cluster.coordinatorId() +"'";
+      filterString += " filter u.clusterId == @serverId";
+      bind["serverId"] = cluster.coordinatorId();
    }
+
    var returnValue = " return u";
    if (figures) {
-      returnValue = " return {time : u.time, server : {uptime : u.server.uptime} ";
+      returnValue = " return {name: @name, time : u.time, server : {uptime : u.server.uptime} ";
+      bind["name"] = DBserver || "";
+
      var groups = {};
      figures.forEach(function(f) {
          var g = f.split(".")[0];
@ -676,13 +674,11 @@ actions.defineHttp({
      });
      returnValue += "}";
    }
-    var myQueryVal = "FOR u in _statistics "+ filterString + " sort u.time" + returnValue;
+    // allow at most ((60 / 10) * 20) * 2 documents to prevent total chaos
+    var myQueryVal = "FOR u in _statistics " + filterString + " LIMIT 240 SORT u.time" + returnValue;

    if (!req.parameters.hasOwnProperty("DBserver")) {
-        var cursor = internal.AQL_QUERY(myQueryVal,
-            {},
-            {batchSize: 100000}
-        );
+        var cursor = internal.AQL_QUERY(myQueryVal, bind);
        res.contentType = "application/json; charset=utf-8";
        if (cursor instanceof Error) {
            res.responseCode = actions.HTTP_BAD;
@ -695,7 +691,7 @@ actions.defineHttp({
        var coord = { coordTransactionID: ArangoClusterInfo.uniqid() };
        var options = { coordTransactionID: coord.coordTransactionID, timeout:10 };
        var op = ArangoClusterComm.asyncRequest("POST","server:"+DBserver,"_system",
-            "/_api/cursor",JSON.stringify({query: myQueryVal, batchSize: 100000}),{},options);
+            "/_api/cursor",JSON.stringify({query: myQueryVal, bindVars: bind}),{},options);
        var r = ArangoClusterComm.wait(op);
        res.contentType = "application/json; charset=utf-8";
        if (r.status === "RECEIVED") {
--- a/js/apps/system/aardvark/frontend/js/collections/arangoDocuments.js
+++ b/js/apps/system/aardvark/frontend/js/collections/arangoDocuments.js
@ -121,9 +121,7 @@
    getStatisticsHistory: function(params) {
      var self = this,
      body = {
-        startDate : params.startDate,
-        endDate   : params.endDate,
-        figures   : params.figures
+        figures: params.figures
      },
      server = params.server,
      addAuth = function(){},
--- a/js/server/version-check.js
+++ b/js/server/version-check.js
@ -661,7 +661,7 @@
        var collection = getCollection(name);

        collection.ensureSkiplist("time");
-        collection.ensureCapConstraint(6 * 60 * 24 * 365); // 1 year (every 10 secs);
+        collection.ensureCapConstraint(6 * 60 * 24 * 30); // approx. 30 days of data
      }

      return result;