♻️ Add string length validation to backend RPC methods fields

2025-03-19 19:21:23 -05:00 · 2024-06-20 08:28:38 +02:00 · 2024-06-20 08:28:38 +02:00 · 28c2197ba7
commit 28c2197ba7
parent 0721760900
13 changed files with 31 additions and 29 deletions
--- a/backend/src/app/rpc/commands/binfile.clj
+++ b/backend/src/app/rpc/commands/binfile.clj
@ -30,9 +30,10 @@

 ;; --- Command: export-binfile

-(def ^:private schema:export-binfile
+(def ^:private
+  schema:export-binfile
  [:map {:title "export-binfile"}
-   [:name :string]
+   [:name [:string {:max 250}]]
   [:file-id ::sm/uuid]
   [:include-libraries :boolean]
   [:embed-assets :boolean]])
@ -74,9 +75,10 @@
                {:id project-id})
    result))

-(def ^:private schema:import-binfile
+(def ^:private
+  schema:import-binfile
  [:map {:title "import-binfile"}
-   [:name :string]
+   [:name [:string {:max 250}]]
   [:project-id ::sm/uuid]
   [:file ::media/upload]])

--- a/backend/src/app/rpc/commands/comments.clj
+++ b/backend/src/app/rpc/commands/comments.clj
@ -292,7 +292,7 @@
  [:map {:title "create-comment-thread"}
   [:file-id ::sm/uuid]
   [:position ::gpt/point]
-   [:content :string]
+   [:content [:string {:max 250}]]
   [:page-id ::sm/uuid]
   [:frame-id ::sm/uuid]
   [:share-id {:optional true} [:maybe ::sm/uuid]]])
@ -418,7 +418,7 @@
  schema:create-comment
  [:map {:title "create-comment"}
   [:thread-id ::sm/uuid]
-   [:content :string]
+   [:content [:string {:max 250}]]
   [:share-id {:optional true} [:maybe ::sm/uuid]]])

 (sv/defmethod ::create-comment
@ -477,7 +477,7 @@
  schema:update-comment
  [:map {:title "update-comment"}
   [:id ::sm/uuid]
-   [:content :string]
+   [:content [:string {:max 250}]]
   [:share-id {:optional true} [:maybe ::sm/uuid]]])

 (sv/defmethod ::update-comment
--- a/backend/src/app/rpc/commands/feedback.clj
+++ b/backend/src/app/rpc/commands/feedback.clj
@ -21,8 +21,8 @@

 (def ^:private schema:send-user-feedback
  [:map {:title "send-user-feedback"}
-   [:subject :string]
-   [:content :string]])
+   [:subject [:string {:max 250}]]
+   [:content [:string {:max 250}]]])

 (sv/defmethod ::send-user-feedback
  {::doc/added "1.18"
--- a/backend/src/app/rpc/commands/files.clj
+++ b/backend/src/app/rpc/commands/files.clj
@ -177,7 +177,7 @@
     [:features ::cfeat/features]
     [:has-media-trimmed :boolean]
     [:comment-thread-seqn {:min 0} :int]
-     [:name :string]
+     [:name [:string {:max 250}]]
     [:revn {:min 0} :int]
     [:modified-at ::dt/instant]
     [:is-shared :boolean]
@ -747,19 +747,19 @@
   [:map {:title "RenameFileEvent"}
    [:id ::sm/uuid]
    [:project-id ::sm/uuid]
-    [:name :string]
+    [:name [:string {:max 250}]]
    [:created-at ::dt/instant]
    [:modified-at ::dt/instant]]

   ::sm/params
   [:map {:title "RenameFileParams"}
-    [:name {:min 1} :string]
+    [:name [:string {:min 1 :max 250}]]
    [:id ::sm/uuid]]

   ::sm/result
   [:map {:title "SimplifiedFile"}
    [:id ::sm/uuid]
-    [:name :string]
+    [:name [:string {:max 250}]]
    [:created-at ::dt/instant]
    [:modified-at ::dt/instant]]}

--- a/backend/src/app/rpc/commands/files_create.clj
+++ b/backend/src/app/rpc/commands/files_create.clj
@ -88,7 +88,7 @@

 (def ^:private schema:create-file
  [:map {:title "create-file"}
-   [:name :string]
+   [:name [:string {:max 250}]]
   [:project-id ::sm/uuid]
   [:id {:optional true} ::sm/uuid]
   [:is-shared {:optional true} :boolean]
--- a/backend/src/app/rpc/commands/files_share.clj
+++ b/backend/src/app/rpc/commands/files_share.clj
@ -22,8 +22,8 @@
 (def ^:private schema:create-share-link
  [:map {:title "create-share-link"}
   [:file-id ::sm/uuid]
-   [:who-comment :string]
-   [:who-inspect :string]
+   [:who-comment [:string {:max 250}]]
+   [:who-inspect [:string {:max 250}]]
   [:pages [:set ::sm/uuid]]])

 (sv/defmethod ::create-share-link
--- a/backend/src/app/rpc/commands/files_temp.clj
+++ b/backend/src/app/rpc/commands/files_temp.clj
@ -35,7 +35,7 @@

 (def ^:private schema:create-temp-file
  [:map {:title "create-temp-file"}
-   [:name :string]
+   [:name [:string {:max 250}]]
   [:project-id ::sm/uuid]
   [:id {:optional true} ::sm/uuid]
   [:is-shared :boolean]
--- a/backend/src/app/rpc/commands/files_thumbnails.clj
+++ b/backend/src/app/rpc/commands/files_thumbnails.clj
@ -85,8 +85,8 @@
   ::doc/module :files
   ::sm/params [:map {:title "get-file-object-thumbnails"}
                [:file-id ::sm/uuid]
-                [:tag {:optional true} :string]]
-   ::sm/result [:map-of :string :string]}
+                [:tag {:optional true} [:string {:max 50}]]]
+   ::sm/result [:map-of [:string {:max 250}] [:string {:max 250}]]}
  [{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id file-id tag] :as params}]
  (dm/with-open [conn (db/open pool)]
    (files/check-read-permissions! conn profile-id file-id)
@ -275,9 +275,9 @@
  schema:create-file-object-thumbnail
  [:map {:title "create-file-object-thumbnail"}
   [:file-id ::sm/uuid]
-   [:object-id :string]
+   [:object-id [:string {:max 250}]]
   [:media ::media/upload]
-   [:tag {:optional true} :string]])
+   [:tag {:optional true} [:string {:max 50}]]])

 (sv/defmethod ::create-file-object-thumbnail
  {::doc/added "1.19"
@ -316,7 +316,7 @@
 (def ^:private schema:delete-file-object-thumbnail
  [:map {:title "delete-file-object-thumbnail"}
   [:file-id ::sm/uuid]
-   [:object-id :string]])
+   [:object-id [:string {:max 250}]]])

 (sv/defmethod ::delete-file-object-thumbnail
  {::doc/added "1.19"
--- a/backend/src/app/rpc/commands/files_update.clj
+++ b/backend/src/app/rpc/commands/files_update.clj
@ -51,7 +51,7 @@
    [:vector [:map
              [:changes [:vector ::cpc/change]]
              [:hint-origin {:optional true} :keyword]
-              [:hint-events {:optional true} [:vector :string]]]]]
+              [:hint-events {:optional true} [:vector [:string {:max 250}]]]]]]
   [:skip-validate {:optional true} :boolean]])

 (def ^:private
--- a/backend/src/app/rpc/commands/management.clj
+++ b/backend/src/app/rpc/commands/management.clj
@ -91,7 +91,7 @@
  (sm/define
    [:map {:title "duplicate-file"}
     [:file-id ::sm/uuid]
-     [:name {:optional true} :string]]))
+     [:name {:optional true} [:string {:max 250}]]]))

 (sv/defmethod ::duplicate-file
  "Duplicate a single file in the same team."
@ -153,7 +153,7 @@
  (sm/define
    [:map {:title "duplicate-project"}
     [:project-id ::sm/uuid]
-     [:name {:optional true} :string]]))
+     [:name {:optional true} [:string {:max 250}]]]))

 (sv/defmethod ::duplicate-project
  "Duplicate an entire project with all the files"
--- a/backend/src/app/rpc/commands/media.clj
+++ b/backend/src/app/rpc/commands/media.clj
@ -47,7 +47,7 @@
   [:id {:optional true} ::sm/uuid]
   [:file-id ::sm/uuid]
   [:is-local :boolean]
-   [:name :string]
+   [:name [:string {:max 250}]]
   [:content ::media/upload]])

 (sv/defmethod ::upload-file-media-object
@ -177,7 +177,7 @@
   [:is-local :boolean]
   [:url ::sm/uri]
   [:id {:optional true} ::sm/uuid]
-   [:name {:optional true} :string]])
+   [:name {:optional true} [:string {:max 250}]]])

 (sv/defmethod ::create-file-media-object-from-url
  {::doc/added "1.17"
--- a/backend/src/app/rpc/commands/teams.clj
+++ b/backend/src/app/rpc/commands/teams.clj
@ -873,7 +873,7 @@

 (def ^:private schema:create-team-with-invitations
  [:map {:title "create-team-with-invitations"}
-   [:name :string]
+   [:name [:string {:max 250}]]
   [:features {:optional true} ::cfeat/features]
   [:id {:optional true} ::sm/uuid]
   [:emails ::sm/set-of-emails]
--- a/backend/src/app/rpc/commands/verify_token.clj
+++ b/backend/src/app/rpc/commands/verify_token.clj
@ -29,7 +29,7 @@

 (def ^:private schema:verify-token
  [:map {:title "verify-token"}
-   [:token :string]])
+   [:token [:string {:max 1000}]]])

 (sv/defmethod ::verify-token
  {::rpc/auth false