fixed unrestricted queries in cluster dashboard

js/actions/api-cluster.js

@@ -645,24 +645,22 @@ actions.defineHttp({
     var DBserver = req.parameters.DBserver;
 
     //build query
-    var startDate = body.startDate;
-    var endDate = body.endDate;
     var figures = body.figures;
-    var filterString = "";
+    var filterString = " filter u.time > @startDate";
-    if (startDate) {
+    var bind = {
-      filterString += " filter u.time > " + startDate;
+      startDate: (new Date().getTime() / 1000) - 20 * 60
-    } else {
+    };
-      endDate = startDate;
+
-    }
-    if (endDate) {
-      filterString += " filter u.time < " + endDate;
-    }
     if (cluster.isCoordinator() && !req.parameters.hasOwnProperty("DBserver")) {
-      filterString += " filter u.clusterId == '" + cluster.coordinatorId() +"'";
+      filterString += " filter u.clusterId == @serverId";
+      bind["serverId"] = cluster.coordinatorId();
     }
+
     var returnValue = " return u";
     if (figures) {
-      returnValue = " return {time : u.time, server : {uptime : u.server.uptime} ";
+      returnValue = " return {name: @name, time : u.time, server : {uptime : u.server.uptime} ";
+      bind["name"] = DBserver || "";
+
       var groups = {};
       figures.forEach(function(f) {
           var g = f.split(".")[0];
@@ -676,13 +674,11 @@ actions.defineHttp({
       });
       returnValue += "}";
     }
-    var myQueryVal = "FOR u in _statistics "+ filterString + " sort u.time" + returnValue;
+    // allow at most ((60 / 10) * 20) * 2 documents to prevent total chaos
+    var myQueryVal = "FOR u in _statistics " + filterString + " LIMIT 240 SORT u.time" + returnValue;
 
     if (!req.parameters.hasOwnProperty("DBserver")) {
-        var cursor = internal.AQL_QUERY(myQueryVal,
+        var cursor = internal.AQL_QUERY(myQueryVal, bind);
-            {},
-            {batchSize: 100000}
-        );
         res.contentType = "application/json; charset=utf-8";
         if (cursor instanceof Error) {
             res.responseCode = actions.HTTP_BAD;
@@ -695,7 +691,7 @@ actions.defineHttp({
         var coord = { coordTransactionID: ArangoClusterInfo.uniqid() };
         var options = { coordTransactionID: coord.coordTransactionID, timeout:10 };
         var op = ArangoClusterComm.asyncRequest("POST","server:"+DBserver,"_system",
-            "/_api/cursor",JSON.stringify({query: myQueryVal, batchSize: 100000}),{},options);
+            "/_api/cursor",JSON.stringify({query: myQueryVal, bindVars: bind}),{},options);
         var r = ArangoClusterComm.wait(op);
         res.contentType = "application/json; charset=utf-8";
         if (r.status === "RECEIVED") {

js/apps/system/aardvark/frontend/js/collections/arangoDocuments.js

@@ -121,9 +121,7 @@
     getStatisticsHistory: function(params) {
       var self = this,
       body = {
-        startDate : params.startDate,
+        figures: params.figures
-        endDate   : params.endDate,
-        figures   : params.figures
       },
       server = params.server,
       addAuth = function(){},

js/server/version-check.js

@@ -661,7 +661,7 @@
         var collection = getCollection(name);
 
         collection.ensureSkiplist("time");
-        collection.ensureCapConstraint(6 * 60 * 24 * 365); // 1 year (every 10 secs);
+        collection.ensureCapConstraint(6 * 60 * 24 * 30); // approx. 30 days of data
       }
 
       return result;