paginate me pastes and enforce paste size limit for hastebin endpoint

Author: IAmTomahawkx

mystbin/backend/routers/pastes.py

@@ -317,6 +317,7 @@ async def get_paste(request: MystbinRequest, paste_id: str, password: Optional[s
     response_model=List[responses.PasteGetAllResponse],
     responses={
         200: {"model": Optional[List[responses.PasteGetAllResponse]]},
+        400: {"content": {"application/json": {"example": {"error": "You have provided an invalid query argument"}}}},
         401: {"model": errors.Unauthorized},
     },
     name="Get user pastes",
@@ -325,13 +326,17 @@ async def get_paste(request: MystbinRequest, paste_id: str, password: Optional[s
 @limit("getpaste")
 async def get_all_pastes(
     request: MystbinRequest,
-    limit: Optional[int] = None,
+    limit: int = 50,
+    page: int = 1
 ) -> Union[UJSONResponse, Dict[str, List[Dict[str, str]]]]:
     user = request.state.user
     if not user:
         return UJSONResponse({"error": "Unathorized", "notice": "You must be signed in to use this route"}, status_code=401)
+    
+    if limit < 1 or page < 1:
+        return UJSONResponse({"error": "limit and page must be greater than 1"}, status_code=400)
 
-    pastes = await request.app.state.db.get_all_user_pastes(user["id"], limit)
+    pastes = await request.app.state.db.get_all_user_pastes(user["id"], limit, page)
     pastes = [dict(entry) for entry in pastes]
 
     return UJSONResponse({"pastes": jsonable_encoder(pastes)})
@@ -450,7 +455,7 @@ async def delete_paste(request: MystbinRequest, paste_id: str) -> Union[UJSONRes
         403: {"model": errors.Forbidden},
     },
     status_code=200,
-    name="Delete multiple pastes",
+    name="Bulk delete pastes",
     description=desc,
 )
 @limit("deletepaste")
@@ -490,13 +495,20 @@ async def delete_pastes(
     "/documents",
     tags=["pastes"],
     deprecated=True,
-    response_description='{"key": "string"}',
+    responses={
+        200: {"application/json": {"example": {"key": "string"}, "description": "A key containing the slug for your paste"}},
+        400: {"application/json": {"example": {"error": "You have provided an invalid paste body"}}}
+    },
     name="Hastebin create paste",
     description=desc,
 )
 @limit("postpastes")
 async def compat_create_paste(request: MystbinRequest):
     content = await request.body()
+    limit = request.app.config["paste"]["character_limit"]
+    if len(content) > limit:
+        return UJSONResponse({"error": f"body: file size exceeds character limit of {limit}"}, status_code=400)
+    
     paste: Record = await request.app.state.db.put_paste(
         paste_id=generate_paste_id(),
         pages=[payloads.PasteFile(filename="file.txt", content=content.decode("utf8"))],

mystbin/backend/utils/db.py

@@ -118,11 +118,11 @@ async def _do_query(
         except asyncio.TimeoutError:
             return None
         else:
+            return response
+        finally:
             if not conn:
                 await self.pool.release(_conn)
 
-            return response
-
     @wrapped_hook_callback
     async def get_all_pastes(self, page: int, count: int, reverse=False) -> List[Dict[str, Any]]:
         """
@@ -388,7 +388,7 @@ async def set_paste_password(self, paste_id: str, password: str | None) -> Optio
         return None
 
     @wrapped_hook_callback
-    async def get_all_user_pastes(self, author_id: Optional[int], limit: Optional[int] = None) -> List[asyncpg.Record]:
+    async def get_all_user_pastes(self, author_id: Optional[int], limit: int, page: int) -> List[asyncpg.Record]:
         """Get all pastes for an author and/or with a limit.
         Parameters
         ------------
@@ -409,9 +409,13 @@ async def get_all_user_pastes(self, author_id: Optional[int], limit: Optional[in
                 WHERE author_id = $1
                 ORDER BY created_at DESC
                 LIMIT $2
+                OFFSET $3
                 """
 
-        response = await self._do_query(query, author_id, limit)
+        assert page > 1 and limit > 1, ValueError("limit and page cannot be smaller than 1")
+        response = await self._do_query(query, author_id, limit, page - 1)
+        if not response:
+            return []
 
         return response