search

bcgov / aries-vcr

Hyperledger Aries Verifiable Credential Registry (VCR) is a set of application level software components designed to accelerate the adoption of trustworthy entity to entity communications.
Apache License 2.0
78 stars 70 forks source link

Don't allow unbounded search queries #762

Open WadeBarnes opened 11 months ago

WadeBarnes commented 11 months ago

Unbounded queries are end up querying/fetching millions of records, and overwhelming the search-engine.

Examples of some unbounded queries can be found in the orgbook-configurations ./manage script; https://github.com/bcgov/orgbook-configurations/pull/137/files#diff-63baa3a336ec0b711e0cbe2e1015954578737523843dd17f6ddaed70d50f027f

swcurran commented 11 months ago

Can you define what unbounded means in this context? Is there a valid use case for the UI to use these queries?

WadeBarnes commented 11 months ago

Here is an example from the script:

https://orgbook.gov.bc.ca/api/v4/search/credential?format=json&ordering=-score&page=248818

Unbounded in this context means the search does not contain a query parameter that narrows the scope of the search. On the search engine side such a search can return >1 million hits, and then the API filters the results into a subset and limits the number of records returned to the user.

These types of queries do not come from the UI, they are coming from outside sources querying the API directly.

Though the UI does allow wild card queries that have similar results like this one:

https://orgbook.gov.bc.ca/api/v4/search/topic/facets?q=*&inactive=&category:entity_type=&credential_type_id=&page=1&revoked=false

Which basically returns everything: image