feat: Added hard limits to API endpoints (#1078)

jcpitre · web-flow · commit df37dfb5f702 · 2025-04-03T09:25:50.000-04:00
diff --git a/api/tests/integration/test_feeds_api.py b/api/tests/integration/test_feeds_api.py
@@ -815,3 +815,26 @@ def test_gtfs_redirect(client):
     assert feed["redirects"][0]["comment"] == ""
     # spreadsheet contains '10'
     assert feed["redirects"][0]["target_id"] == "mdb-10"
+
+
+@pytest.mark.parametrize(
+    "values",
+    [
+        {"endpoint": "/v1/feeds", "hard_limit": 3500},
+        {"endpoint": "/v1/gtfs_feeds", "hard_limit": 2500},
+        {"endpoint": "/v1/gtfs_rt_feeds", "hard_limit": 1000},
+        {"endpoint": "/v1/gtfs_feeds/mdb-1/datasets", "hard_limit": 500},
+        {"endpoint": "/v1/search", "hard_limit": 3500},
+    ],
+)
+def test_hard_limits(client, monkeypatch, values):
+    """Test that an error is returned if we request more than the hard limit for each endpoint"""
+    hard_limit = values["hard_limit"]
+
+    response = client.request(
+        "GET",
+        values["endpoint"],
+        headers=authHeaders,
+        params={"limit": hard_limit + 1},
+    )
+    assert response.status_code != 200
diff --git a/api/tests/unittest/test_feeds.py b/api/tests/unittest/test_feeds.py
@@ -87,13 +87,16 @@ def test_feeds_get(client: TestClient, mocker):
     """
     Unit test for get_feeds
     """
+    # Build the chain of calls to mimic what is done in impl.feeds_api_impl.FeedsApiImpl.get_feeds
     mock_filter = mocker.patch.object(FeedFilter, "filter")
+    mock_filter_limit = Mock()
     mock_filter_offset = Mock()
     mock_filter_order_by = Mock()
     mock_options = Mock()
     mock_filter.return_value.filter.return_value.filter.return_value.order_by.return_value = mock_filter_order_by
     mock_filter_order_by.options.return_value = mock_options
-    mock_options.offset.return_value = mock_filter_offset
+    mock_options.limit.return_value = mock_filter_limit
+    mock_filter_limit.offset.return_value = mock_filter_offset
     # Target is set to None as deep copy is failing for unknown reasons
     # At the end of the test, the target is set back to the original value
     mock_feed.redirectingids[0].target = None
diff --git a/docs/DatabaseCatalogAPI.yaml b/docs/DatabaseCatalogAPI.yaml
@@ -42,7 +42,7 @@ paths:
         - "feeds"
       operationId: getFeeds
       parameters:
-        - $ref: "#/components/parameters/limit_query_param"
+        - $ref: "#/components/parameters/limit_query_param_feeds_endpoint"
         - $ref: "#/components/parameters/offset"
         - $ref: "#/components/parameters/status"
         - $ref: "#/components/parameters/provider"
@@ -88,7 +88,7 @@ paths:
         - "feeds"
       operationId: getGtfsFeeds
       parameters:
-        - $ref: "#/components/parameters/limit_query_param"
+        - $ref: "#/components/parameters/limit_query_param_gtfs_feeds_endpoint"
         - $ref: "#/components/parameters/offset"
         - $ref: "#/components/parameters/provider"
         - $ref: "#/components/parameters/producer_url"
@@ -117,7 +117,7 @@ paths:
         - "feeds"
       operationId: getGtfsRtFeeds
       parameters:
-        - $ref: "#/components/parameters/limit_query_param"
+        - $ref: "#/components/parameters/limit_query_param_gtfs_rt_feeds_endpoint"
         - $ref: "#/components/parameters/offset"
         - $ref: "#/components/parameters/provider"
         - $ref: "#/components/parameters/producer_url"
@@ -184,7 +184,7 @@ paths:
       operationId: getGtfsFeedDatasets
       parameters:
         - $ref: "#/components/parameters/latest_query_param"
-        - $ref: "#/components/parameters/limit_query_param"
+        - $ref: "#/components/parameters/limit_query_param_datasets_endpoint"
         - $ref: "#/components/parameters/offset"
         - $ref: "#/components/parameters/downloaded_after"
         - $ref: "#/components/parameters/downloaded_before"
@@ -277,7 +277,7 @@ paths:
       tags:
         - "search"
       parameters:
-        - $ref: "#/components/parameters/limit_query_param"
+        - $ref: "#/components/parameters/limit_query_param_search_endpoint"
         - $ref: "#/components/parameters/offset"
         - $ref: "#/components/parameters/statuses"
         - $ref: "#/components/parameters/feed_id_query_param"
@@ -1060,14 +1060,64 @@ components:
         type: boolean
         default: null
 
-    limit_query_param:
+    limit_query_param_feeds_endpoint:
       name: limit
       in: query
       description: The number of items to be returned.
       required: False
       schema:
         type: integer
         minimum: 0
+        maximum: 3500
+        default: 3500
+        example: 10
+
+    limit_query_param_gtfs_feeds_endpoint:
+      name: limit
+      in: query
+      description: The number of items to be returned.
+      required: False
+      schema:
+        type: integer
+        minimum: 0
+        maximum: 2500
+        default: 2500
+        example: 10
+
+    limit_query_param_gtfs_rt_feeds_endpoint:
+      name: limit
+      in: query
+      description: The number of items to be returned.
+      required: False
+      schema:
+        type: integer
+        minimum: 0
+        maximum: 1000
+        default: 1000
+        example: 10
+
+    limit_query_param_datasets_endpoint:
+      name: limit
+      in: query
+      description: The number of items to be returned.
+      required: False
+      schema:
+        type: integer
+        minimum: 0
+        maximum: 500
+        default: 500
+        example: 10
+
+    limit_query_param_search_endpoint:
+      name: limit
+      in: query
+      description: The number of items to be returned.
+      required: False
+      schema:
+        type: integer
+        minimum: 0
+        maximum: 3500
+        default: 3500
         example: 10
         
     offset:
diff --git a/web-app/src/app/services/feeds/types.ts b/web-app/src/app/services/feeds/types.ts
@@ -555,7 +555,15 @@ export interface components {
     /** @description If true, only return official feeds. */
     is_official_query_param?: boolean;
     /** @description The number of items to be returned. */
-    limit_query_param?: number;
+    limit_query_param_feeds_endpoint?: number;
+    /** @description The number of items to be returned. */
+    limit_query_param_gtfs_feeds_endpoint?: number;
+    /** @description The number of items to be returned. */
+    limit_query_param_gtfs_rt_feeds_endpoint?: number;
+    /** @description The number of items to be returned. */
+    limit_query_param_datasets_endpoint?: number;
+    /** @description The number of items to be returned. */
+    limit_query_param_search_endpoint?: number;
     /** @description Offset of the first item to return. */
     offset?: number;
     /** @description General search query to match against transit provider, location, and feed name. */
@@ -599,7 +607,7 @@ export interface operations {
   getFeeds: {
     parameters: {
       query?: {
-        limit?: components['parameters']['limit_query_param'];
+        limit?: components['parameters']['limit_query_param_feeds_endpoint'];
         offset?: components['parameters']['offset'];
         status?: components['parameters']['status'];
         provider?: components['parameters']['provider'];
@@ -636,7 +644,7 @@ export interface operations {
   getGtfsFeeds: {
     parameters: {
       query?: {
-        limit?: components['parameters']['limit_query_param'];
+        limit?: components['parameters']['limit_query_param_gtfs_feeds_endpoint'];
         offset?: components['parameters']['offset'];
         provider?: components['parameters']['provider'];
         producer_url?: components['parameters']['producer_url'];
@@ -662,7 +670,7 @@ export interface operations {
   getGtfsRtFeeds: {
     parameters: {
       query?: {
-        limit?: components['parameters']['limit_query_param'];
+        limit?: components['parameters']['limit_query_param_gtfs_rt_feeds_endpoint'];
         offset?: components['parameters']['offset'];
         provider?: components['parameters']['provider'];
         producer_url?: components['parameters']['producer_url'];
@@ -719,7 +727,7 @@ export interface operations {
     parameters: {
       query?: {
         latest?: components['parameters']['latest_query_param'];
-        limit?: components['parameters']['limit_query_param'];
+        limit?: components['parameters']['limit_query_param_datasets_endpoint'];
         offset?: components['parameters']['offset'];
         downloaded_after?: components['parameters']['downloaded_after'];
         downloaded_before?: components['parameters']['downloaded_before'];
@@ -803,7 +811,7 @@ export interface operations {
   searchFeeds: {
     parameters: {
       query?: {
-        limit?: components['parameters']['limit_query_param'];
+        limit?: components['parameters']['limit_query_param_search_endpoint'];
         offset?: components['parameters']['offset'];
         status?: components['parameters']['statuses'];
         feed_id?: components['parameters']['feed_id_query_param'];
