From 5f6a1738e3346e69f9535a28f63e457cbc618360 Mon Sep 17 00:00:00 2001
From: srgooglo <srgooglo@ragestudio.net>
Date: Tue, 31 May 2022 21:16:53 +0200
Subject: [PATCH] implement `MaxStringLenghts`

---
 .../server/src/controllers/UserController/index.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/packages/server/src/controllers/UserController/index.js b/packages/server/src/controllers/UserController/index.js
index 1b54c4d2..61383614 100644
--- a/packages/server/src/controllers/UserController/index.js
+++ b/packages/server/src/controllers/UserController/index.js
@@ -12,6 +12,12 @@ const AllowedPublicUpdateFields = [
     "description",
 ]
 
+const MaxStringsLengths = {
+    fullName: 120,
+    email: 320,
+    description: 2000,
+}
+
 export default class UserController extends Controller {
     static refName = "UserController"
 
@@ -376,6 +382,14 @@ export default class UserController extends Controller {
 
                 AllowedPublicUpdateFields.forEach((key) => {
                     if (typeof req.selection.update[key] !== "undefined") {
+                        // sanitize update
+                        // check maximung strings length
+                        if (typeof req.selection.update[key] === "string" && MaxStringsLengths[key]) {
+                            if (req.selection.update[key].length > MaxStringsLengths[key]) {
+                                return res.status(400).json({ error: `${key} is too long` })
+                            }
+                        }
+
                         update[key] = req.selection.update[key]
                     }
                 })