From 3b389d7911a757fe2004de3f623f9d863ec7bcb1 Mon Sep 17 00:00:00 2001 From: Khor Shu Heng <32997938+khorshuheng@users.noreply.github.com> Date: Thu, 1 Aug 2024 12:00:59 +0800 Subject: [PATCH] fix: impose character limits on comment (#712) --- libs/app-error/src/lib.rs | 5 +++++ src/biz/workspace/ops.rs | 7 +++++++ tests/workspace/publish.rs | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 48 insertions(+) diff --git a/libs/app-error/src/lib.rs b/libs/app-error/src/lib.rs index 4745e831..e09a9b5d 100644 --- a/libs/app-error/src/lib.rs +++ b/libs/app-error/src/lib.rs @@ -122,6 +122,9 @@ pub enum AppError { #[error("{0}")] AIServiceUnavailable(String), + + #[error("{0}")] + StringLengthLimitReached(String), } impl AppError { @@ -182,6 +185,7 @@ impl AppError { AppError::Utf8Error(_) => ErrorCode::Internal, AppError::PublishNamespaceAlreadyTaken(_) => ErrorCode::PublishNamespaceAlreadyTaken, AppError::AIServiceUnavailable(_) => ErrorCode::AIServiceUnavailable, + AppError::StringLengthLimitReached(_) => ErrorCode::StringLengthLimitReached, } } } @@ -294,6 +298,7 @@ pub enum ErrorCode { PublishNamespaceAlreadyTaken = 1031, AIServiceUnavailable = 1032, AIResponseLimitExceeded = 1033, + StringLengthLimitReached = 1034, } impl ErrorCode { diff --git a/src/biz/workspace/ops.rs b/src/biz/workspace/ops.rs index 5a0a9cfd..a58af59e 100644 --- a/src/biz/workspace/ops.rs +++ b/src/biz/workspace/ops.rs @@ -35,6 +35,8 @@ use crate::biz::user::user_init::initialize_workspace_for_user; use crate::mailer::{Mailer, WorkspaceInviteMailerParam}; use crate::state::GoTrueAdmin; +const MAX_COMMENT_LENGTH: usize = 5000; + pub async fn delete_workspace_for_user( pg_pool: &PgPool, workspace_id: &Uuid, @@ -186,6 +188,11 @@ pub async fn create_comment_on_published_view( content: &str, user_uuid: &Uuid, ) -> Result<(), AppError> { + if content.len() > MAX_COMMENT_LENGTH { + return Err(AppError::StringLengthLimitReached( + "comment content exceed limit".to_string(), + )); + } insert_comment_to_published_view(pg_pool, view_id, user_uuid, content, reply_comment_id).await?; Ok(()) } diff --git a/tests/workspace/publish.rs b/tests/workspace/publish.rs index 4ef2271a..ef2fe12c 100644 --- a/tests/workspace/publish.rs +++ b/tests/workspace/publish.rs @@ -414,6 +414,42 @@ async fn test_publish_comments() { assert!(published_view_comments.iter().all(|c| !c.can_be_deleted)); } +#[tokio::test] +async fn test_excessive_comment_length() { + let (client, _) = generate_unique_registered_user_client().await; + let workspace_id = get_first_workspace_string(&client).await; + let published_view_namespace = uuid::Uuid::new_v4().to_string(); + client + .set_workspace_publish_namespace(&workspace_id.to_string(), &published_view_namespace) + .await + .unwrap(); + + let publish_name = "published-view"; + let view_id = uuid::Uuid::new_v4(); + client + .publish_collabs::( + &workspace_id, + vec![PublishCollabItem { + meta: PublishCollabMetadata { + view_id, + publish_name: publish_name.to_string(), + metadata: MyCustomMetadata { + title: "some_title".to_string(), + }, + }, + data: "yrs_encoded_data_1".as_bytes(), + }], + ) + .await + .unwrap(); + + let resp = client + .create_comment_on_published_view(&view_id, "a".repeat(5001).as_str(), &None) + .await; + assert!(resp.is_err()); + assert_eq!(resp.unwrap_err().code, ErrorCode::StringLengthLimitReached); +} + #[tokio::test] async fn test_publish_reactions() { let (page_owner_client, _) = generate_unique_registered_user_client().await;