limit query size (#4)

* limit query size

* add env variable

* fix typo

* add more info on query length and limits

Author: BoBer78

.env.example

@@ -40,6 +40,7 @@ SCHOLARAG__KEYCLOAK__VALIDATE_TOKEN=
 # other
 SCHOLARAG__MISC__APPLICATION_PREFIX=
 SCHOLARAG__MISC__CORS_ORIGINS=
+SCHOLARAG__MISC__QUERY_MAX_SIZE=
 
 SSL_CERT_FILE=(path to cert file)(etc/ssl/certs/ca-certificates.crt for ubuntu, for mac check Nicolas tutorial)
 REQUESTS_CA_BUNDLE=(path to cert file)(etc/ssl/certs/ca-certificates.crt for ubuntu, for mac check Nicolas tutorial)

CHANGELOG.md

@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 ### Fixed
+- Limit query size.
 - Add OBI copyright.
 
 ## [0.0.8] - 10.12.2024

src/scholarag/app/config.py

@@ -138,6 +138,9 @@ class SettingsMisc(BaseModel):
     # comma separated entries, i.e. "value_1, value_2, ..."
     cors_origins: str = ""
 
+    # Query size limiter, in number of characters. (630 words ~= 5000 characters.)
+    query_max_size: int = 10000
+
     model_config = ConfigDict(frozen=True)
 
 

src/scholarag/app/routers/qa.py

@@ -104,6 +104,11 @@ async def passthrough(
     -------
         A single answer.
     """  # noqa: D301, D400, D205
+    if len(request.query) > settings.misc.query_max_size:
+        raise HTTPException(
+            status_code=413,
+            detail=f"Query string has {len(request.query)} characters. Maximum allowed is {settings.misc.query_max_size}.",
+        )
     start = time.time()
     logger.info("Finding answers ...")
     try:
@@ -240,6 +245,11 @@ async def generative_qa(
     -------
         A single answer with metadata of each relevant source.
     """  # noqa: D301, D400, D205
+    if len(request.query) > settings.misc.query_max_size:
+        raise HTTPException(
+            status_code=413,
+            detail=f"Query string has {len(request.query)} characters. Maximum allowed is {settings.misc.query_max_size}.",
+        )
     start = time.time()
     logger.info("Finding answers ...")
 
@@ -460,6 +470,11 @@ async def streamed_generative_qa(
     -------
         A single answer with metadata of each relevant source.
     """  # noqa: D301, D400, D205
+    if len(request.query) > settings.misc.query_max_size:
+        raise HTTPException(
+            status_code=413,
+            detail=f"Query string has {len(request.query)} characters. Maximum allowed is {settings.misc.query_max_size}.",
+        )
     start = time.time()
     logger.info("Finding answers ...")
 

src/scholarag/app/routers/retrieval.py

@@ -90,6 +90,11 @@ async def retrieval(
     -------
         A list of article titles and paragraphs.
     """  # noqa: D301, D400, D205
+    if len(request.query) > settings.misc.query_max_size:
+        raise HTTPException(
+            status_code=413,
+            detail=f"Query string has {len(request.query)} characters. Maximum allowed is {settings.misc.query_max_size}.",
+        )
     start = time.time()
     logger.info("Finding documents ...")