add length limits to all items

2023-03-19 23:46:42 -04:00
parent e5e5449e8b
commit fe4e4f4f17
41 changed files with 473 additions and 399 deletions
--- a/lib/cannery/accounts/invite.ex
+++ b/lib/cannery/accounts/invite.ex
@@ -48,8 +48,9 @@ defmodule Cannery.Accounts.Invite do
    %__MODULE__{}
    |> change(token: token, created_by_id: user_id)
    |> cast(attrs, [:name, :uses_left, :disabled_at])
-    |> validate_required([:name, :token, :created_by_id])
+    |> validate_length(:name, max: 255)
    |> validate_number(:uses_left, greater_than_or_equal_to: 0)
+    |> validate_required([:name, :token, :created_by_id])
  end

  @doc false
@@ -57,7 +58,8 @@ defmodule Cannery.Accounts.Invite do
  def update_changeset(invite, attrs) do
    invite
    |> cast(attrs, [:name, :uses_left, :disabled_at])
-    |> validate_required([:name])
+    |> validate_length(:name, max: 255)
    |> validate_number(:uses_left, greater_than_or_equal_to: 0)
+    |> validate_required([:name])
  end
 end
--- a/lib/cannery/accounts/user.ex
+++ b/lib/cannery/accounts/user.ex
@@ -79,6 +79,7 @@ defmodule Cannery.Accounts.User do
    %User{}
    |> cast(attrs, [:email, :password, :locale])
    |> put_change(:invite_id, if(invite, do: invite.id))
+    |> validate_length(:locale, max: 255)
    |> validate_email()
    |> validate_password(opts)
  end
@@ -209,6 +210,7 @@ defmodule Cannery.Accounts.User do
  def locale_changeset(user_or_changeset, locale) do
    user_or_changeset
    |> cast(%{"locale" => locale}, [:locale])
+    |> validate_length(:locale, max: 255)
    |> validate_required(:locale)
  end
 end
--- a/lib/cannery/activity_log/shot_group.ex
+++ b/lib/cannery/activity_log/shot_group.ex
@@ -61,6 +61,7 @@ defmodule Cannery.ActivityLog.ShotGroup do
    |> change(user_id: user_id)
    |> change(ammo_group_id: ammo_group_id)
    |> cast(attrs, [:count, :notes, :date])
+    |> validate_length(:notes, max: 255)
    |> validate_create_shot_group_count(ammo_group)
    |> validate_required([:date, :ammo_group_id, :user_id])
  end
@@ -68,6 +69,7 @@ defmodule Cannery.ActivityLog.ShotGroup do
  def create_changeset(shot_group, _invalid_user, _invalid_ammo_group, attrs) do
    shot_group
    |> cast(attrs, [:count, :notes, :date])
+    |> validate_length(:notes, max: 255)
    |> validate_required([:ammo_group_id, :user_id])
    |> add_error(:invalid, dgettext("errors", "Please select a valid user and ammo pack"))
  end
@@ -99,6 +101,7 @@ defmodule Cannery.ActivityLog.ShotGroup do
  def update_changeset(%__MODULE__{} = shot_group, user, attrs) do
    shot_group
    |> cast(attrs, [:count, :notes, :date])
+    |> validate_length(:notes, max: 255)
    |> validate_number(:count, greater_than: 0)
    |> validate_required([:count, :date])
    |> validate_update_shot_group_count(shot_group, user)
--- a/lib/cannery/ammo/ammo_type.ex
+++ b/lib/cannery/ammo/ammo_type.ex
@@ -42,7 +42,7 @@ defmodule Cannery.Ammo.AmmoType do
    field :name, :string
    field :desc, :string

-    # https://en.wikipedia.org/wiki/Bullet#Abbreviations
+    # https://shootersreference.com/reloadingdata/bullet_abbreviations/
    field :bullet_type, :string
    field :bullet_core, :string
    field :cartridge, :string
@@ -129,20 +129,46 @@ defmodule Cannery.Ammo.AmmoType do
      :upc
    ]

+  @spec string_fields() :: [atom()]
+  defp string_fields,
+    do: [
+      :name,
+      :bullet_type,
+      :bullet_core,
+      :cartridge,
+      :caliber,
+      :case_material,
+      :jacket_type,
+      :powder_type,
+      :pressure,
+      :primer_type,
+      :firing_type,
+      :manufacturer,
+      :upc
+    ]
+
  @doc false
  @spec create_changeset(new_ammo_type(), User.t(), attrs :: map()) :: changeset()
  def create_changeset(ammo_type, %User{id: user_id}, attrs) do
-    ammo_type
-    |> change(user_id: user_id)
-    |> cast(attrs, changeset_fields())
+    changeset =
+      ammo_type
+      |> change(user_id: user_id)
+      |> cast(attrs, changeset_fields())
+
+    string_fields()
+    |> Enum.reduce(changeset, fn field, acc -> acc |> validate_length(field, max: 255) end)
    |> validate_required([:name, :user_id])
  end

  @doc false
  @spec update_changeset(t() | new_ammo_type(), attrs :: map()) :: changeset()
  def update_changeset(ammo_type, attrs) do
-    ammo_type
-    |> cast(attrs, changeset_fields())
+    changeset =
+      ammo_type
+      |> cast(attrs, changeset_fields())
+
+    string_fields()
+    |> Enum.reduce(changeset, fn field, acc -> acc |> validate_length(field, max: 255) end)
    |> validate_required(:name)
  end
 end
--- a/lib/cannery/containers/container.ex
+++ b/lib/cannery/containers/container.ex
@@ -53,6 +53,8 @@ defmodule Cannery.Containers.Container do
    container
    |> change(user_id: user_id)
    |> cast(attrs, [:name, :desc, :type, :location])
+    |> validate_length(:name, max: 255)
+    |> validate_length(:type, max: 255)
    |> validate_required([:name, :type, :user_id])
  end

@@ -61,6 +63,8 @@ defmodule Cannery.Containers.Container do
  def update_changeset(container, attrs) do
    container
    |> cast(attrs, [:name, :desc, :type, :location])
+    |> validate_length(:name, max: 255)
+    |> validate_length(:type, max: 255)
    |> validate_required([:name, :type])
  end
 end
--- a/lib/cannery/containers/tag.ex
+++ b/lib/cannery/containers/tag.ex
@@ -47,6 +47,9 @@ defmodule Cannery.Containers.Tag do
    tag
    |> change(user_id: user_id)
    |> cast(attrs, [:name, :bg_color, :text_color])
+    |> validate_length(:name, max: 255)
+    |> validate_length(:bg_color, max: 12)
+    |> validate_length(:text_color, max: 12)
    |> validate_required([:name, :bg_color, :text_color, :user_id])
  end

@@ -55,6 +58,9 @@ defmodule Cannery.Containers.Tag do
  def update_changeset(tag, attrs) do
    tag
    |> cast(attrs, [:name, :bg_color, :text_color])
+    |> validate_length(:name, max: 255)
+    |> validate_length(:bg_color, max: 12)
+    |> validate_length(:text_color, max: 12)
    |> validate_required([:name, :bg_color, :text_color])
  end
 end
--- a/lib/cannery_web/components/add_shot_group_component.html.heex
+++ b/lib/cannery_web/components/add_shot_group_component.html.heex
@@ -39,6 +39,7 @@
    <%= textarea(f, :notes,
      id: "add-shot-group-form-notes",
      class: "input input-primary col-span-2",
+      maxlength: 255,
      placeholder: gettext("Really great weather"),
      phx_hook: "MaintainAttrs",
      phx_update: "ignore"
--- a/lib/cannery_web/live/ammo_type_live/form_component.html.heex
+++ b/lib/cannery_web/live/ammo_type_live/form_component.html.heex
@@ -19,7 +19,10 @@
    </div>

    <%= label(f, :name, gettext("Name"), class: "title text-lg text-primary-600") %>
-    <%= text_input(f, :name, class: "text-center col-span-2 input input-primary") %>
+    <%= text_input(f, :name,
+      class: "text-center col-span-2 input input-primary",
+      maxlength: 255
+    ) %>
    <%= error_tag(f, :name, "col-span-3 text-center") %>

    <%= label(f, :desc, gettext("Description"), class: "title text-lg text-primary-600") %>
@@ -40,6 +43,7 @@
    <%= label(f, :bullet_type, gettext("Bullet type"), class: "title text-lg text-primary-600") %>
    <%= text_input(f, :bullet_type,
      class: "text-center col-span-2 input input-primary",
+      maxlength: 255,
      placeholder: gettext("FMJ")
    ) %>
    <%= error_tag(f, :bullet_type, "col-span-3 text-center") %>
@@ -47,6 +51,7 @@
    <%= label(f, :bullet_core, gettext("Bullet core"), class: "title text-lg text-primary-600") %>
    <%= text_input(f, :bullet_core,
      class: "text-center col-span-2 input input-primary",
+      maxlength: 255,
      placeholder: gettext("Steel")
    ) %>
    <%= error_tag(f, :bullet_core, "col-span-3 text-center") %>
@@ -54,6 +59,7 @@
    <%= label(f, :cartridge, gettext("Cartridge"), class: "title text-lg text-primary-600") %>
    <%= text_input(f, :cartridge,
      class: "text-center col-span-2 input input-primary",
+      maxlength: 255,
      placeholder: gettext("5.56x46mm NATO")
    ) %>
    <%= error_tag(f, :cartridge, "col-span-3 text-center") %>
@@ -61,6 +67,7 @@
    <%= label(f, :caliber, gettext("Caliber"), class: "title text-lg text-primary-600") %>
    <%= text_input(f, :caliber,
      class: "text-center col-span-2 input input-primary",
+      maxlength: 255,
      placeholder: gettext(".223")
    ) %>
    <%= error_tag(f, :caliber, "col-span-3 text-center") %>
@@ -68,6 +75,7 @@
    <%= label(f, :case_material, gettext("Case material"), class: "title text-lg text-primary-600") %>
    <%= text_input(f, :case_material,
      class: "text-center col-span-2 input input-primary",
+      maxlength: 255,
      placeholder: gettext("Brass")
    ) %>
    <%= error_tag(f, :case_material, "col-span-3 text-center") %>
@@ -75,6 +83,7 @@
    <%= label(f, :jacket_type, gettext("Jacket type"), class: "title text-lg text-primary-600") %>
    <%= text_input(f, :jacket_type,
      class: "text-center col-span-2 input input-primary",
+      maxlength: 255,
      placeholder: gettext("Bimetal")
    ) %>
    <%= error_tag(f, :case_material, "col-span-3 text-center") %>
@@ -90,7 +99,10 @@
    <%= error_tag(f, :muzzle_velocity, "col-span-3 text-center") %>

    <%= label(f, :powder_type, gettext("Powder type"), class: "title text-lg text-primary-600") %>
-    <%= text_input(f, :powder_type, class: "text-center col-span-2 input input-primary") %>
+    <%= text_input(f, :powder_type,
+      class: "text-center col-span-2 input input-primary",
+      maxlength: 255
+    ) %>
    <%= error_tag(f, :powder_type, "col-span-3 text-center") %>

    <%= label(f, :powder_grains_per_charge, gettext("Powder grains per charge"),
@@ -114,6 +126,7 @@
    <%= label(f, :pressure, gettext("Pressure"), class: "title text-lg text-primary-600") %>
    <%= text_input(f, :pressure,
      class: "text-center col-span-2 input input-primary",
+      maxlength: 255,
      placeholder: gettext("+P")
    ) %>
    <%= error_tag(f, :pressure, "col-span-3 text-center") %>
@@ -121,6 +134,7 @@
    <%= label(f, :primer_type, gettext("Primer type"), class: "title text-lg text-primary-600") %>
    <%= text_input(f, :primer_type,
      class: "text-center col-span-2 input input-primary",
+      maxlength: 255,
      placeholder: gettext("Boxer")
    ) %>
    <%= error_tag(f, :primer_type, "col-span-3 text-center") %>
@@ -128,6 +142,7 @@
    <%= label(f, :firing_type, gettext("Firing type"), class: "title text-lg text-primary-600") %>
    <%= text_input(f, :firing_type,
      class: "text-center col-span-2 input input-primary",
+      maxlength: 255,
      placeholder: gettext("Centerfire")
    ) %>
    <%= error_tag(f, :firing_type, "col-span-3 text-center") %>
@@ -149,11 +164,17 @@
    <%= error_tag(f, :corrosive, "col-span-3 text-center") %>

    <%= label(f, :manufacturer, gettext("Manufacturer"), class: "title text-lg text-primary-600") %>
-    <%= text_input(f, :manufacturer, class: "text-center col-span-2 input input-primary") %>
+    <%= text_input(f, :manufacturer,
+      class: "text-center col-span-2 input input-primary",
+      maxlength: 255
+    ) %>
    <%= error_tag(f, :manufacturer, "col-span-3 text-center") %>

    <%= label(f, :upc, gettext("UPC"), class: "title text-lg text-primary-600") %>
-    <%= text_input(f, :upc, class: "text-center col-span-2 input input-primary") %>
+    <%= text_input(f, :upc,
+      class: "text-center col-span-2 input input-primary",
+      maxlength: 255
+    ) %>
    <%= error_tag(f, :upc, "col-span-3 text-center") %>

    <%= submit(dgettext("actions", "Save"),
--- a/lib/cannery_web/live/container_live/form_component.html.heex
+++ b/lib/cannery_web/live/container_live/form_component.html.heex
@@ -21,7 +21,8 @@
    <%= label(f, :name, gettext("Name"), class: "title text-lg text-primary-600") %>
    <%= text_input(f, :name,
      class: "input input-primary col-span-2",
-      placeholder: gettext("My cool ammo can")
+      placeholder: gettext("My cool ammo can"),
+      maxlength: 255
    ) %>
    <%= error_tag(f, :name, "col-span-3 text-center") %>

@@ -38,7 +39,8 @@
    <%= label(f, :type, gettext("Type"), class: "title text-lg text-primary-600") %>
    <%= text_input(f, :type,
      class: "input input-primary col-span-2",
-      placeholder: gettext("Magazine, Clip, Ammo Box, etc")
+      placeholder: gettext("Magazine, Clip, Ammo Box, etc"),
+      maxlength: 255
    ) %>
    <%= error_tag(f, :type, "col-span-3 text-center") %>

--- a/lib/cannery_web/live/invite_live/form_component.html.heex
+++ b/lib/cannery_web/live/invite_live/form_component.html.heex
@@ -18,7 +18,10 @@
      <%= changeset_errors(@changeset) %>
    </div>

-    <%= label(f, :name, gettext("Name"), class: "title text-lg text-primary-600") %>
+    <%= label(f, :name, gettext("Name"),
+      class: "title text-lg text-primary-600",
+      maxlength: 255
+    ) %>
    <%= text_input(f, :name, class: "input input-primary col-span-2") %>
    <%= error_tag(f, :name, "col-span-3") %>

--- a/lib/cannery_web/live/range_live/form_component.html.heex
+++ b/lib/cannery_web/live/range_live/form_component.html.heex
@@ -31,6 +31,7 @@
    <%= textarea(f, :notes,
      id: "shot-group-form-notes",
      class: "input input-primary col-span-2",
+      maxlength: 255,
      placeholder: gettext("Really great weather"),
      phx_hook: "MaintainAttrs",
      phx_update: "ignore"
--- a/lib/cannery_web/live/tag_live/form_component.html.heex
+++ b/lib/cannery_web/live/tag_live/form_component.html.heex
@@ -19,7 +19,7 @@
    </div>

    <%= label(f, :name, gettext("Name"), class: "title text-lg text-primary-600") %>
-    <%= text_input(f, :name, class: "input input-primary col-span-2") %>
+    <%= text_input(f, :name, class: "input input-primary col-span-2", maxlength: 255) %>
    <%= error_tag(f, :name, "col-span-3") %>

    <%= label(f, :bg_color, gettext("Background color"), class: "title text-lg text-primary-600") %>