Add limit to prevent abuse

Resources/paths.conf

@@ -1 +1,2 @@
 /data/logs/festival/server.log
+150

Sources/App/Log.swift

@@ -34,6 +34,7 @@ enum Log {
 
     static func write(_ message: String) {
         guard let f = file else {
+            print(message)
             return
         }
         f.write(message.data(using: .utf8)!)

Sources/App/configure.swift

@@ -10,6 +10,8 @@ private var guestListPath: URL!
 
 private var declinedListPath: URL!
 
+private var maximumGuestCount = 100
+
 private let df: DateFormatter = {
     let df = DateFormatter()
     df.dateFormat = "dd.MM. HH:mm"
@@ -19,8 +21,9 @@ private let df: DateFormatter = {
 func guestCount() -> Int {
     registeredGuests
         .reduce([]) { $0 + $1.components(separatedBy: "+") }
-        .reduce([]) { $0 + $1.components(separatedBy: "-") }
+        .reduce([]) { $0 + $1.components(separatedBy: " - ") }
-        .reduce([]) { $0 + $1.components(separatedBy: "und ") }
+        .reduce([]) { $0 + $1.components(separatedBy: ",") }
+        .reduce([]) { $0 + $1.components(separatedBy: " und ") }
         .reduce([]) { $0 + $1.components(separatedBy: "&") }
         //.map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
         .count
@@ -28,6 +31,9 @@ func guestCount() -> Int {
 
 
 func add(guest: String) -> String {
+    guard registeredGuests.count < maximumGuestCount else {
+        return "Too many requests"
+    }
     registeredGuests.insert(guest)
     declinedGuests.remove(guest)
     defer { saveLists() }
@@ -35,6 +41,9 @@ func add(guest: String) -> String {
 }
 
 func remove(guest: String) -> String {
+    guard declinedGuests.count < maximumGuestCount else {
+        return "Too many requests"
+    }
     registeredGuests.remove(guest)
     declinedGuests.insert(guest)
     defer { saveLists() }
@@ -98,31 +107,43 @@ private func createFileIfNeeded(at path: URL) throws {
     try Data().write(to: path)
 }
 
-private func readConfig(at path: URL) throws -> URL {
+private func readConfig(at path: URL) throws -> String {
     do {
-        let logPath = try String(contentsOf: path)
+        let content = try String(contentsOf: path)
             .trimmingCharacters(in: .whitespacesAndNewlines)
-        return URL(fileURLWithPath: logPath)
+        return content
     } catch {
         log("Failed to read configuration file at \(path.path): \(error)")
         throw error
     }
 }
 
-// configures your application
+private func configureFromFile(at configPath: URL) throws {
+    let config = try readConfig(at: configPath)
+        .components(separatedBy: "\n")
+        .map { $0.trimmingCharacters(in: .whitespaces) }
+        .filter { !$0.isEmpty }
+    guard config.count == 2 else {
+        log("Invalid configuration file at \(configPath.path)")
+        throw FestivalError.invalidConfiguration
+    }
+    try Log.set(logFile: config[0])
+    guard let count = Int(config[1]) else {
+        log("Invalid maximum guest count '\(config[1])', using default")
+        return
+    }
+    maximumGuestCount = count
+}
+
 public func configure(_ app: Application) throws {
-    // uncomment to serve files from /Public folder
-    // app.middleware.use(FileMiddleware(publicDirectory: app.directory.publicDirectory))
     app.http.server.configuration.port = 9001
 
     let configPath = URL(fileURLWithPath: app.directory.resourcesDirectory)
         .appendingPathComponent("paths.conf")
-    let logFile = try readConfig(at: configPath)
+    try configureFromFile(at: configPath)
+    
     let listDirectory = URL(fileURLWithPath: app.directory.publicDirectory)
         .appendingPathComponent("lists")
-
-    try Log.set(logFile: logFile.path)
-
     let eventLog = listDirectory.appendingPathComponent("events.txt")
     guestListPath = listDirectory.appendingPathComponent("registered.txt")
     declinedListPath = listDirectory.appendingPathComponent("declined.txt")