feat(server): add max length for limit params

lareii · Sep 18, 2024 · d32b5ca · d32b5ca
1 parent 2a64337
commit d32b5ca
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 0 deletions.
diff --git a/server/handlers/auth/feed.go b/server/handlers/auth/feed.go
@@ -16,6 +16,12 @@ func GetFeed(c *fiber.Ctx) error {
 	limit := c.QueryInt("limit", 10)
 	offset := c.QueryInt("offset", 0)
 
+	if limit > 30 {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{
+			"message": "Limit must be less than 30.",
+		})
+	}
+
 	user, ok := c.Locals("user").(models.User)
 	if !ok {
 		return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{

diff --git a/server/handlers/posts/get_post_comments.go b/server/handlers/posts/get_post_comments.go
@@ -23,6 +23,12 @@ func GetPostComments(c *fiber.Ctx) error {
 	limit := c.QueryInt("limit", 10)
 	offset := c.QueryInt("offset", 0)
 
+	if limit > 30 {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{
+			"message": "Limit must be less than 30.",
+		})
+	}
+
 	comments, err := models.GetCommentsByPostID(postID, int64(limit), int64(offset))
 	if err != nil {
 		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{

diff --git a/server/handlers/posts/get_posts.go b/server/handlers/posts/get_posts.go
@@ -16,6 +16,12 @@ func GetPosts(c *fiber.Ctx) error {
 	limit := c.QueryInt("limit", 10)
 	offset := c.QueryInt("offset", 0)
 
+	if limit > 30 {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{
+			"message": "Limit must be less than 30.",
+		})
+	}
+
 	posts, err := models.GetPosts(int64(limit), int64(offset), nil, bson.M{"created_at": -1})
 	if err != nil {
 		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{

diff --git a/server/handlers/users/follows.go b/server/handlers/users/follows.go
@@ -11,6 +11,12 @@ func Follows(c *fiber.Ctx) error {
 	limit := c.QueryInt("limit", 10)
 	offset := c.QueryInt("offset", 0)
 
+	if limit > 30 {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{
+			"message": "Limit must be less than 30.",
+		})
+	}
+
 	slug := c.Params("slug")
 	user, err := models.GetUserByUsername(slug)
 	if err != nil {

diff --git a/server/handlers/users/get_user_posts.go b/server/handlers/users/get_user_posts.go
@@ -23,6 +23,12 @@ func GetUserPosts(c *fiber.Ctx) error {
 	limit := c.QueryInt("limit", 10)
 	offset := c.QueryInt("offset", 0)
 
+	if limit > 30 {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{
+			"message": "Limit must be less than 30.",
+		})
+	}
+
 	posts, err := models.GetPosts(int64(limit), int64(offset), bson.M{"author": user.ID}, bson.M{"created_at": -1})
 	if err != nil {
 		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{

diff --git a/server/handlers/users/get_users.go b/server/handlers/users/get_users.go
@@ -10,6 +10,12 @@ func GetUsers(c *fiber.Ctx) error {
 	limit := c.QueryInt("limit", 10)
 	offset := c.QueryInt("offset", 0)
 
+	if limit > 30 {
+		return c.Status(fiber.StatusBadRequest).JSON(fiber.Map{
+			"message": "Limit must be less than 30.",
+		})
+	}
+
 	users, err := models.GetUsers(int64(limit), int64(offset), bson.M{}, bson.M{"points": -1})
 	if err != nil {
 		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{