From f59cf47cb7f78bda459672c0cab485dad3ff40e0 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Tue, 27 Sep 2016 13:13:05 -0400
Subject: Server: Round number of objects down to the nearest thousand, to
 avoid leaking too much data about when objects are uploaded to servers.

---
 HTTP/Server.hs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'HTTP')

diff --git a/HTTP/Server.hs b/HTTP/Server.hs
index f2ecfa8..886fe6f 100644
--- a/HTTP/Server.hs
+++ b/HTTP/Server.hs
@@ -96,8 +96,13 @@ validObjectsize o = any (sz ==) knownObjectSizes
 	sz = B.length (fromStorableObject o)
 
 countObjects :: ServerState -> Maybe ProofOfWork -> Handler (POWGuarded CountResult)
-countObjects st pow = rateLimit (rateLimiter st) (logger st) pow NoPOWIdent $
-	liftIO $ countShares $ storage st
+countObjects st pow = rateLimit (rateLimiter st) (logger st) pow NoPOWIdent $ do
+	v <- liftIO $ countShares $ storage st
+	case v of
+		CountResult n -> return $
+			-- Round down to avoid leaking too much detail.
+			CountResult ((n `div` 1000) * 1000)
+		CountFailure s -> return (CountFailure s)
 
 -- | 1 is a dummy value; the server does not know the actual share numbers.
 dummyShareNum :: ShareNum
-- 
cgit v1.2.3