Merge pull request #387 from algolia/fix/large-api-key

Fix the case when header is bigger than 8KB

Author: spinach

algoliasearch/src/main/java/com/algolia/search/saas/AbstractClient.java

@@ -107,6 +107,9 @@ private static class HostStatus {
     /** This library's version. */
     private final static String version = "3.12.0";
 
+    /** Maximum size for an API key to be sent in the HTTP headers. Bigger keys will go inside the body. */
+    private final static int MAX_API_KEY_LENGTH = 500;
+
     // ----------------------------------------------------------------------
     // Fields
     // ----------------------------------------------------------------------
@@ -545,7 +548,18 @@ private byte[] _requestRaw(Method m, String url, String json, List<String> hosts
 
                 // set auth headers
                 hostConnection.setRequestProperty("X-Algolia-Application-Id", this.applicationID);
-                hostConnection.setRequestProperty("X-Algolia-API-Key", this.apiKey);
+                // If API key is too big, send it in the request's body (if applicable).
+                if (this.apiKey != null && this.apiKey.length() > MAX_API_KEY_LENGTH && json != null) {
+                    try {
+                        final JSONObject body = new JSONObject(json);
+                        body.put("apiKey", this.apiKey);
+                        json = body.toString();
+                    } catch (JSONException e) {
+                        throw new AlgoliaException("Failed to patch JSON body");
+                    }
+                } else {
+                    hostConnection.setRequestProperty("X-Algolia-API-Key", this.apiKey);
+                }
                 for (Map.Entry<String, String> entry : this.headers.entrySet()) {
                     hostConnection.setRequestProperty(entry.getKey(), entry.getValue());
                 }

algoliasearch/src/test/java/com/algolia/search/saas/Helpers.java

@@ -24,6 +24,7 @@
 package com.algolia.search.saas;
 
 import android.support.annotation.NonNull;
+import java.util.Arrays;
 
 public class Helpers {
     public static String app_id = "%ALGOLIA_APPLICATION_ID%";
@@ -34,6 +35,13 @@ public class Helpers {
 
     public static int wait = 30;
 
+    static String getLongApiKey() {
+        int n = 65000;
+        char[] chars = new char[n];
+        Arrays.fill(chars, 'c');
+        return new String(chars);
+    }
+
     static String safeIndexName(String name) {
         if (job_number.matches("\\d+\\.\\d+")) {
             name = String.format("%s_travis-%s", name, job_number);

algoliasearch/src/test/java/com/algolia/search/saas/IndexTest.java

@@ -47,6 +47,7 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
@@ -74,7 +75,9 @@ public class IndexTest extends RobolectricTestCase {
     private static boolean didInitIndices = false;
 
     Client client;
+    Client clientWithLongApiKey;
     Index index;
+    Index indexWithLongApiKey;
     String indexName;
 
     List<JSONObject> objects;
@@ -84,9 +87,11 @@ public class IndexTest extends RobolectricTestCase {
     public void setUp() throws Exception {
         super.setUp();
         client = new Client(Helpers.app_id, Helpers.api_key);
+        clientWithLongApiKey = new Client(Helpers.app_id, Helpers.getLongApiKey());
         // WARNING: Robolectric cannot work with custom executors in `AsyncTask`, so we substitute the client's
         // executor with a Robolectric-compliant one.
         Whitebox.setInternalState(client, "searchExecutorService", new RoboExecutorService());
+        Whitebox.setInternalState(clientWithLongApiKey, "searchExecutorService", new RoboExecutorService());
 
         if (!didInitIndices) {
             Index originalIndex = client.getIndex(originalIndexName);
@@ -119,6 +124,7 @@ public void setUp() throws Exception {
         objects = new ArrayList<>(originalObjects);
         indexName = originalIndexName + countIndices++;
         index = client.getIndex(indexName);
+        indexWithLongApiKey = clientWithLongApiKey.getIndex("some_index_name");
     }
 
     @Override
@@ -141,7 +147,8 @@ public void searchAsync(int waitTimeoutSeconds) throws Exception {
         final long begin = System.nanoTime();
         // Search with query.
         index.searchAsync(new Query("Francisco"), new AssertCompletionHandler() {
-            @Override public void doRequestCompleted(JSONObject content, AlgoliaException error) {
+            @Override
+            public void doRequestCompleted(JSONObject content, AlgoliaException error) {
                 if (error == null) {
                     assertEquals(1, content.optInt("nbHits"));
                 } else {
@@ -155,6 +162,22 @@ public void searchAsync(int waitTimeoutSeconds) throws Exception {
         assertTrue("The test took longer than given timeout (" + elapsedMillis + " > " + waitTimeoutMillis + ").", elapsedMillis <= waitTimeoutMillis);
     }
 
+    @Test
+    public void searchAsyncWithVeryLongApiKey() throws Exception {
+        final long begin = System.nanoTime();
+        // Search with query.
+        indexWithLongApiKey.searchAsync(new Query("Francisco"), new AssertCompletionHandler() {
+            @Override
+            public void doRequestCompleted(JSONObject content, AlgoliaException error) {
+                assertNotEquals(494, error.getStatusCode());
+            }
+        });
+
+        final long elapsedMillis = (System.nanoTime() - begin) / 1000000;
+        final int waitTimeoutMillis = Helpers.wait * 1000;
+        assertTrue("The test took longer than given timeout (" + elapsedMillis + " > " + waitTimeoutMillis + ").", elapsedMillis <= waitTimeoutMillis);
+    }
+
     @Test
     public void searchDisjunctiveFacetingAsync() throws Exception {
         // Set index settings.
@@ -508,8 +531,7 @@ public void DNSTimeout() throws Exception {
         // Expect failed search after timeout
         final long startTime = System.nanoTime();
         index.searchAsync(new Query(), new AssertCompletionHandler() {
-            @Override
-            public void doRequestCompleted(JSONObject content, AlgoliaException error) {
+            @Override public void doRequestCompleted(JSONObject content, AlgoliaException error) {
                 if (error != null) {
                     final long duration = (System.nanoTime() - startTime) / 1000000;
                     assertTrue("We should hit 4 times the timeout before failing, but test took only " + duration + " ms.", duration > timeout * 4);