diff --git a/server.py b/server.py index 9738b04..61f97a3 100644 --- a/server.py +++ b/server.py @@ -299,16 +299,23 @@ def retrieve_tile(meta, offset, cache_info): ) +def is_valid_tile_request(z, x, y): + return (0 <= z < 20) and (0 <= x < 2**z) and (0 <= y < 2**z) + + @tile_bp.route('/tilezen/vector/v1//all///.') @tile_bp.route('/tilezen/vector/v1/all///.') def handle_tile(z, x, y, fmt, tile_pixel_size=None): - requested_tile = TileRequest(z, x, y, fmt) + if not is_valid_tile_request(z, x, y): + return abort(400, "Requested tile out of range.") tile_pixel_size = tile_pixel_size or 256 tile_size = tile_pixel_size / 256 if tile_size != int(tile_size): return abort(400, "Invalid tile size. %s is not a multiple of 256." % tile_pixel_size) + requested_tile = TileRequest(z, x, y, fmt) + tile_size = int(tile_size) meta, offset = meta_and_offset( diff --git a/tests.py b/tests.py index 280da87..794d434 100644 --- a/tests.py +++ b/tests.py @@ -127,6 +127,25 @@ def test_zoom_zero(self): self.assertTileEquals(TileRequest(1, 0, 1, 'zip'), meta) self.assertTileEquals(TileRequest(2, 2, 3, 'json'), offset) + def test_valid_tile_request(self): + from server import is_valid_tile_request + + # The world + self.assertTrue(is_valid_tile_request(0, 0, 0)) + # Home sweet home + self.assertTrue(is_valid_tile_request(15, 15800, 23583)) + # Negative! + self.assertFalse(is_valid_tile_request(-1, 15800, 23583)) + self.assertFalse(is_valid_tile_request(15, -23, 23583)) + self.assertFalse(is_valid_tile_request(15, 15800, -12)) + # Too big! + self.assertFalse(is_valid_tile_request(15, 2401239, 23583)) + self.assertFalse(is_valid_tile_request(15, 15800, 2341583)) + self.assertFalse(is_valid_tile_request(12, 4096, 1844674407)) + # In the corners + self.assertFalse(is_valid_tile_request(16, 65535, 10110)) + self.assertFalse(is_valid_tile_request(16, 65536, 10111)) + def test_compute_key(self): from server import compute_key, KeyFormatType