security: bound Zod inputs, add SSE per-user cap and tRPC body limit (#51, PR #59)
CI / Architecture Guardrails (push) Successful in 3m38s
CI / Assistant Split Regression (push) Successful in 4m40s
CI / Lint (push) Successful in 5m17s
CI / Typecheck (push) Successful in 5m46s
CI / Build (push) Successful in 7m1s
CI / Unit Tests (push) Failing after 9m41s
CI / Release Images (push) Has been cancelled
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
CI / E2E Tests (push) Has started running
CI / Architecture Guardrails (push) Successful in 3m38s
CI / Assistant Split Regression (push) Successful in 4m40s
CI / Lint (push) Successful in 5m17s
CI / Typecheck (push) Successful in 5m46s
CI / Build (push) Successful in 7m1s
CI / Unit Tests (push) Failing after 9m41s
CI / Release Images (push) Has been cancelled
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
CI / E2E Tests (push) Has started running
Closes #51 (ESLint rule + conventions doc remain as follow-up). Co-authored-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com> Co-committed-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com>
This commit was merged in pull request #59.
This commit is contained in:
@@ -13,45 +13,45 @@ import type { TRPCContext } from "../trpc.js";
|
||||
import { invalidateRoleDefaultsCache } from "../trpc.js";
|
||||
|
||||
export const CreateUserInputSchema = z.object({
|
||||
email: z.string().email(),
|
||||
name: z.string().min(1),
|
||||
email: z.string().email().max(320),
|
||||
name: z.string().min(1).max(200),
|
||||
systemRole: z.nativeEnum(SystemRole).default(SystemRole.USER),
|
||||
password: z.string().min(PASSWORD_MIN_LENGTH, PASSWORD_POLICY_MESSAGE).max(PASSWORD_MAX_LENGTH),
|
||||
});
|
||||
|
||||
export const SetUserPasswordInputSchema = z.object({
|
||||
userId: z.string(),
|
||||
userId: z.string().max(64),
|
||||
password: z.string().min(PASSWORD_MIN_LENGTH, PASSWORD_POLICY_MESSAGE).max(PASSWORD_MAX_LENGTH),
|
||||
});
|
||||
|
||||
export const UpdateUserRoleInputSchema = z.object({
|
||||
id: z.string(),
|
||||
id: z.string().max(64),
|
||||
systemRole: z.nativeEnum(SystemRole),
|
||||
});
|
||||
|
||||
export const UpdateUserNameInputSchema = z.object({
|
||||
id: z.string(),
|
||||
id: z.string().max(64),
|
||||
name: z.string().min(1, "Name is required").max(200),
|
||||
});
|
||||
|
||||
export const LinkUserResourceInputSchema = z.object({
|
||||
userId: z.string(),
|
||||
resourceId: z.string().nullable(),
|
||||
userId: z.string().max(64),
|
||||
resourceId: z.string().max(64).nullable(),
|
||||
});
|
||||
|
||||
export const SetUserPermissionsInputSchema = z.object({
|
||||
userId: z.string(),
|
||||
userId: z.string().max(64),
|
||||
overrides: z
|
||||
.object({
|
||||
granted: z.array(z.string()).optional(),
|
||||
denied: z.array(z.string()).optional(),
|
||||
chapterIds: z.array(z.string()).optional(),
|
||||
granted: z.array(z.string().max(128)).max(500).optional(),
|
||||
denied: z.array(z.string().max(128)).max(500).optional(),
|
||||
chapterIds: z.array(z.string().max(64)).max(500).optional(),
|
||||
})
|
||||
.nullable(),
|
||||
});
|
||||
|
||||
export const UserIdInputSchema = z.object({
|
||||
userId: z.string(),
|
||||
userId: z.string().max(64),
|
||||
});
|
||||
|
||||
type UserReadContext = Pick<TRPCContext, "db" | "dbUser">;
|
||||
|
||||
Reference in New Issue
Block a user