initial attempt to fix title > 255 char (#1189)

Victor-M-Giraldo · web-flow · commit 4cbbbcbee40e · 2024-01-05T13:14:03.000-05:00
* initial attempt to fix title &gt; 255 char

* added title to OttApiRequestRoomCreate

* add validator to createRoom &amp; throw proper error

* ran yarn lint

* add title test for create endpoint

* fixed unit test for create endpoint, added unit test for patch endpoint

* fixed stray import

* fixed post endpoint unit test

* one more fix

* added authorization to request

* ran yarn lint
diff --git a/common/models/rest-api.ts b/common/models/rest-api.ts
@@ -32,6 +32,7 @@ export interface OttApiResponseRoomGenerate {
 
 /** Endpoint: `/api/room/create` */
 export interface OttApiRequestRoomCreate {
+	title?: string;
 	name: string;
 	isTemporary?: boolean;
 	visibility?: Visibility;
diff --git a/server/api/room.ts b/server/api/room.ts
@@ -94,7 +94,6 @@ const generateRoom: RequestHandler<unknown, OttResponseBody<OttApiResponseRoomGe
 	if (!conf.get("room.enable_create_temporary")) {
 		throw new FeatureDisabledException("Temporary rooms are disabled.");
 	}
-
 	let points = 50;
 	if (!(await consumeRateLimitPoints(res, req.ip, points))) {
 		return;
@@ -149,6 +148,14 @@ const createRoom: RequestHandler<
 			"not allowed (too long, must be at most 32 characters)"
 		);
 	}
+
+	if (req.body.title && req.body.title.length > 255) {
+		throw new BadApiArgumentException(
+			"title",
+			"not allowed (too long, must be at most 255 characters)"
+		);
+	}
+
 	if (!ROOM_NAME_REGEX.exec(req.body.name)) {
 		throw new BadApiArgumentException("name", "not allowed (invalid characters)");
 	}
@@ -237,6 +244,13 @@ const patchRoom: RequestHandler = async (req, res) => {
 		delete req.body.permissions;
 	}
 
+	if (req.body.title && req.body.title.length > 255) {
+		throw new BadApiArgumentException(
+			"title",
+			"not allowed (too long, must be at most 255 characters)"
+		);
+	}
+
 	req.body.grants = new Grants(req.body.grants);
 
 	const result = await roommanager.getRoom(req.params.name);
diff --git a/server/tests/unit/api/room.spec.ts b/server/tests/unit/api/room.spec.ts
@@ -225,6 +225,14 @@ describe("Room API", () => {
 					isTemporary: true,
 				},
 			],
+			[
+				{ arg: "title", reason: "not allowed (too long, must be at most 255 characters)" },
+				{
+					name: "foo",
+					title: "abababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababab",
+					isTemporary: true,
+				},
+			],
 			[
 				{ arg: "visibility", reason: "must be one of public,unlisted,private" },
 				{ name: "test1", isTemporary: true, visibility: "invalid" },
@@ -309,4 +317,57 @@ describe("Room API", () => {
 			});
 		}
 	});
+
+	describe("PATCH /api/room/:name", () => {
+		let getSessionInfoSpy: jest.SpyInstance;
+		let validateSpy: jest.SpyInstance;
+
+		beforeAll(async () => {
+			getSessionInfoSpy = jest.spyOn(tokens, "getSessionInfo").mockResolvedValue({
+				isLoggedIn: false,
+				username: "test",
+			});
+			validateSpy = jest.spyOn(tokens, "validate").mockResolvedValue(true);
+
+			await roommanager.createRoom({
+				name: "foo",
+				isTemporary: true,
+			});
+		});
+
+		afterAll(async () => {
+			getSessionInfoSpy.mockRestore();
+			validateSpy.mockRestore();
+
+			try {
+				await roommanager.unloadRoom("foo");
+			} catch (e) {
+				if (!(e instanceof RoomNotFoundException)) {
+					throw e;
+				}
+			}
+		});
+
+		it.each([
+			[
+				{ arg: "title", reason: "not allowed (too long, must be at most 255 characters)" },
+				{
+					title: "abababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababababab",
+					isTemporary: true,
+				},
+			],
+		])("should fail to modify room for validation errors: %s", async (error, body) => {
+			let resp = await request(app)
+				.patch("/api/room/foo")
+				.set({ Authorization: "Bearer foobar" })
+				.send(body)
+				.expect("Content-Type", /json/)
+				.expect(400);
+			expect(resp.body.success).toEqual(false);
+			expect(resp.body.error).toMatchObject({
+				name: "BadApiArgumentException",
+				...error,
+			});
+		});
+	});
 });
