From e3042f7623e143a8d8f162387a400265a1871840 Mon Sep 17 00:00:00 2001
From: Ajay Ramachandran <dev@ajay.app>
Date: Sat, 4 Dec 2021 22:34:50 -0500
Subject: [PATCH] Add limit to bulk hash prefix

---
 src/routes/ratings/getRating.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/routes/ratings/getRating.ts b/src/routes/ratings/getRating.ts
index edaae8e..b3fd5c0 100644
--- a/src/routes/ratings/getRating.ts
+++ b/src/routes/ratings/getRating.ts
@@ -32,7 +32,8 @@ export async function getRating(req: Request, res: Response): Promise<Response>
     } catch(error) {
         return res.status(400).send("Bad parameter: hashPrefixes (invalid JSON)");
     }
-    if (hashPrefixes.some((hashPrefix) => !hashPrefix || !hashPrefixTester(hashPrefix))) {
+    if (hashPrefixes.length === 0 || hashPrefixes.length > 75
+            || hashPrefixes.some((hashPrefix) => !hashPrefix || !hashPrefixTester(hashPrefix))) {
         return res.status(400).send("Hash prefix does not match format requirements."); // Exit early on faulty prefix
     }