diff --git a/frontend/src/components/chat/messages/ValidChat.jsx b/frontend/src/components/chat/messages/ValidChat.jsx index 6dde101..8f9c93a 100644 --- a/frontend/src/components/chat/messages/ValidChat.jsx +++ b/frontend/src/components/chat/messages/ValidChat.jsx @@ -9,6 +9,8 @@ import { Button } from "../../ui/button"; import { resolveProfilePic, handleImageError } from "../../../shared/imageFallbacks"; import { API_BASE_URL } from "../../../config"; +const MAX_CHAT_MESSAGE_LENGTH = 2000; + function ValidChat() { const dispatch = useDispatch(); const url = API_BASE_URL; @@ -49,7 +51,7 @@ function ValidChat() { }; const handleMessageChange = (e) => { - const nextMessage = e.target.value; + const nextMessage = e.target.value.slice(0, MAX_CHAT_MESSAGE_LENGTH); setchat_message(nextMessage); if (!channel_id || !server_id || !id) { @@ -85,6 +87,7 @@ function ValidChat() { const sendNow = async () => { if (!chat_message.trim()) return; + if (chat_message.length > MAX_CHAT_MESSAGE_LENGTH) return; const message_to_send = chat_message; const timestamp = Date.now(); setchat_message(""); @@ -559,7 +562,13 @@ function ValidChat() { ) : null} -
+
+
+ Message + + {chat_message.length}/{MAX_CHAT_MESSAGE_LENGTH} + +
diff --git a/server/src/routes/chat.js b/server/src/routes/chat.js index 375128d..37544a8 100644 --- a/server/src/routes/chat.js +++ b/server/src/routes/chat.js @@ -17,6 +17,7 @@ import { getIO } from "../socket/runtime.js"; import expressRateLimit from "../middleware/rateLimit.js"; const router = express.Router(); +const MAX_CHAT_MESSAGE_LENGTH = 2000; async function shouldSendNotification(userId, preferenceKey) { try { @@ -66,8 +67,19 @@ router.post("/store_message", expressRateLimit("chat"), async (req, res) => { profile_pic, } = req.body; + if ( + typeof message !== "string" || + !message.trim() || + message.length > MAX_CHAT_MESSAGE_LENGTH + ) { + return res.status(400).json({ + status: 400, + message: `Message must be 1-${MAX_CHAT_MESSAGE_LENGTH} characters.`, + }); + } + const chatMessage = { - content: message, + content: message.trim(), sender_id: id, sender_name: username, sender_pic: profile_pic, @@ -209,7 +221,14 @@ router.post("/edit_server_message", async (req, res) => { } const senderId = user.id; - if (!server_id || !channel_id || !timestamp || !content || !content.trim()) { + if ( + !server_id || + !channel_id || + !timestamp || + typeof content !== "string" || + !content.trim() || + content.length > MAX_CHAT_MESSAGE_LENGTH + ) { return res.status(400).json({ status: 400, message: "Invalid input" }); } diff --git a/server/src/routes/servers.js b/server/src/routes/servers.js index e2cac68..82791f4 100644 --- a/server/src/routes/servers.js +++ b/server/src/routes/servers.js @@ -21,6 +21,7 @@ import { import { getIO } from "../socket/runtime.js"; const router = express.Router(); +const MAX_SERVER_NAME_LENGTH = 100; router.post("/create_server", async (req, res) => { let user_id; @@ -33,9 +34,22 @@ router.post("/create_server", async (req, res) => { return res.status(401).json({ message: "Unauthorized", status: 401 }); } + const serverDetails = req.body.server_details || {}; + const normalizedName = String(serverDetails.name || "").trim(); + if ( + typeof serverDetails.name !== "string" || + !normalizedName || + normalizedName.length > MAX_SERVER_NAME_LENGTH + ) { + return res.status(400).json({ + status: 400, + message: `Server name must be 1-${MAX_SERVER_NAME_LENGTH} characters.`, + }); + } + const serverTemplate = await createServerFromTemplate( user_id, - req.body.server_details, + { ...serverDetails, name: normalizedName }, req.body.server_image ); const addNewChat = await createChat(serverTemplate.server_id);