Merge aa7e723 into 4e89887

berkmancenter · Apr 11, 2019 · 234bd3e · 234bd3e
2 parents 4e89887 + aa7e723
commit 234bd3e
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 2 deletions.
diff --git a/app/assets/stylesheets/layouts/_application.scss b/app/assets/stylesheets/layouts/_application.scss
@@ -48,8 +48,7 @@ section.main.app {
 }
 
 // Add inner padding to certain pages
-body.topics-show,
-body.high_voltage-pages {
+body.topics-show, .high_voltage-pages {
   .main-inner {
     padding: $base-padding;
 

diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
@@ -7,6 +7,9 @@
 # - item_searcher
 # They may also define html_responder.
 class SearchController < ApplicationController
+  before_filter :prevent_impossible_pagination
+  before_filter :restrict_deep_pagination
+
   layout 'search'
 
   EACH_SERIALIZER = nil
@@ -73,4 +76,37 @@ def wrap_instances
                .map { |r| augment_instance(r) }
                .compact
   end
+
+  # Elasticsearch cannot return more than 20_000 results in production (2000
+  # pages at 10 results per page).
+  def prevent_impossible_pagination
+    return if params[:page].to_i < 2000
+
+    render 'shared/_error',
+           status: :not_found,
+           locals: {
+             message: 'Lumen cannot display more than 2000 pages of results.'
+           }
+  end
+
+  # Deep pagination is expensive for the CPU, so don't let anonymous users
+  # do it.
+  def restrict_deep_pagination
+    return if pagination_allowed?
+
+    render 'shared/_error',
+           status: :unauthorized,
+           locals: {
+             message: 'You must be logged in to see past the first 10 pages ' \
+                      'of results. ' \
+                      '<a href="https://lumendatabase.org/pages/researchers#key">Request ' \
+                      'a research account key</a>.'.html_safe
+           }
+  end
+
+  def pagination_allowed?
+    [user_signed_in?,
+     params[:page].to_i < 11,
+     request.format.json?].any?
+  end
 end
diff --git a/app/views/shared/_error.html.erb b/app/views/shared/_error.html.erb
@@ -0,0 +1,18 @@
+<% title 'Error' %>
+
+<div class='high_voltage-pages'>
+  <section class="main-inner">
+    <% if defined? message %>
+      <p>
+        <%= message %>
+      </p>
+    <% else %>
+      <p>
+        The URL you are attempting to reach cannot be found. We apologize for the inconvenience.
+      </p>
+      <p>
+        Many older Lumen URLS (.cgi, .xml, etc) have changed.  Please explore the site starting at our <a href="/">homepage</a>.
+      </p>
+    <% end %>
+  </section>
+</div>
diff --git a/spec/controllers/notices/search_controller_spec.rb b/spec/controllers/notices/search_controller_spec.rb
@@ -11,4 +11,25 @@
       expect(response).to be_successful
     end
   end
+
+  scenario 'deep pagination allowed with json', search: true do
+    get :index, page: 100, term: 'batman', format: :json
+    expect(response).to have_http_status :success
+  end
+
+  scenario 'deep pagination not allowed with html', search: true do
+    get :index, page: 100, term: 'batman'
+    expect(response).to have_http_status :unauthorized
+  end
+
+  scenario 'shallow pagination allowed with html', search: true do
+    get :index, page: 10, term: 'batman'
+    expect(response).to have_http_status :success
+  end
+
+  scenario 'deep pagination allowed for signed-in users', search: true do
+    SearchController.any_instance.stub(:user_signed_in?).and_return(true)
+    get :index, page: 100, term: 'batman'
+    expect(response).to have_http_status :success
+  end
 end