add max length validations for summary in challenge create and update… (#14053)

* add max length validations for summary in challenge create and update controllers * Add validation to group APIs * fix lint errors * add validation to group plan * fix imports * add tests * add max length validations for summary in challenge create and update controllers * Add validation to group APIs * fix lint errors * add validation to group plan * fix imports * add tests * lint checks
2025-12-17 14:47:53 +01:00 · 2022-07-23 01:54:24 +05:30
parent 8e717de039
commit 8070486def
7 changed files with 71 additions and 1 deletions
--- a/website/server/controllers/api-v3/challenges.js
+++ b/website/server/controllers/api-v3/challenges.js
@@ -30,6 +30,10 @@ import {
 } from '../../libs/challenges';
 import apiError from '../../libs/apiError';

+import common from '../../../common';
+
+const { MAX_SUMMARY_SIZE_FOR_CHALLENGES } = common.constants;
+
 const api = {};

 /**
@@ -200,6 +204,7 @@ api.createChallenge = {
    const { user } = res.locals;

    req.checkBody('group', apiError('groupIdRequired')).notEmpty();
+    req.checkBody('summary', apiError('summaryLengthExceedsMax')).isLength({ max: MAX_SUMMARY_SIZE_FOR_CHALLENGES });

    const validationErrors = req.validationErrors();
    if (validationErrors) throw validationErrors;
@@ -707,6 +712,7 @@ api.updateChallenge = {
  middlewares: [authWithHeaders()],
  async handler (req, res) {
    req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
+    req.checkBody('summary', apiError('summaryLengthExceedsMax')).isLength({ max: MAX_SUMMARY_SIZE_FOR_CHALLENGES });

    const validationErrors = req.validationErrors();
    if (validationErrors) throw validationErrors;
--- a/website/server/controllers/api-v3/groups.js
+++ b/website/server/controllers/api-v3/groups.js
@@ -28,6 +28,7 @@ import amzLib from '../../libs/payments/amazon';
 import apiError from '../../libs/apiError';
 import { model as UserNotification } from '../../models/userNotification';

+const { MAX_SUMMARY_SIZE_FOR_GUILDS } = common.constants;
 const MAX_EMAIL_INVITES_BY_USER = 200;
 const TECH_ASSISTANCE_EMAIL = nconf.get('EMAILS_TECH_ASSISTANCE_EMAIL');

@@ -118,6 +119,11 @@ api.createGroup = {
    const group = new Group(Group.sanitize(req.body));
    group.leader = user._id;

+    req.checkBody('summary', apiError('summaryLengthExceedsMax')).isLength({ max: MAX_SUMMARY_SIZE_FOR_GUILDS });
+
+    const validationErrors = req.validationErrors();
+    if (validationErrors) throw validationErrors;
+
    if (group.type === 'guild') {
      if (group.privacy === 'public' && user.flags.chatRevoked) throw new NotAuthorized(res.t('chatPrivilegesRevoked'));
      if (user.balance < 1) throw new NotAuthorized(res.t('messageInsufficientGems'));
@@ -191,7 +197,7 @@ api.createGroupPlan = {
    const group = new Group(Group.sanitize(req.body.groupToCreate));

    req.checkBody('paymentType', res.t('paymentTypeRequired')).notEmpty();
-
+    req.checkBody('summary', apiError('summaryLengthExceedsMax')).isLength({ max: MAX_SUMMARY_SIZE_FOR_GUILDS });
    const validationErrors = req.validationErrors();
    if (validationErrors) throw validationErrors;

@@ -462,6 +468,7 @@ api.updateGroup = {
    const { user } = res.locals;

    req.checkParams('groupId', apiError('groupIdRequired')).notEmpty();
+    req.checkBody('summary', apiError('summaryLengthExceedsMax')).isLength({ max: MAX_SUMMARY_SIZE_FOR_GUILDS });

    const validationErrors = req.validationErrors();
    if (validationErrors) throw validationErrors;