From 20b2843680ad1d72b561db5ae536c790015e90cd Mon Sep 17 00:00:00 2001
From: TomatoCake <60300461+DEVTomatoCake@users.noreply.github.com>
Date: Sat, 10 Aug 2024 22:10:20 +0200
Subject: [PATCH 1/2] Make profile bio max length configurable

---
 src/api/routes/users/#id/profile.ts           | 20 ++++++++++++++++---
 src/api/routes/users/@me/index.ts             | 18 ++++++++++++++---
 .../subconfigurations/limits/UserLimits.ts    |  7 ++++---
 src/util/entities/User.ts                     |  8 ++++----
 src/util/schemas/UserModifySchema.ts          |  9 +++------
 5 files changed, 43 insertions(+), 19 deletions(-)

diff --git a/src/api/routes/users/#id/profile.ts b/src/api/routes/users/#id/profile.ts
index db0922d6..44271cad 100644
--- a/src/api/routes/users/#id/profile.ts
+++ b/src/api/routes/users/#id/profile.ts
@@ -1,17 +1,17 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
@@ -19,6 +19,8 @@
 import { route } from "@spacebar/api";
 import {
 	Badge,
+	Config,
+	FieldErrors,
 	Member,
 	PrivateUserProjection,
 	User,
@@ -136,6 +138,18 @@ router.patch(
 			select: [...PrivateUserProjection, "data"],
 		});
 
+		if (body.bio) {
+			const { maxBio } = Config.get().limits.user;
+			if (body.bio.length > maxBio) {
+				throw FieldErrors({
+					bio: {
+						code: "BIO_INVALID",
+						message: `Bio must be less than ${maxBio} in length`,
+					},
+				});
+			}
+		}
+
 		user.assign(body);
 		await user.save();
 
diff --git a/src/api/routes/users/@me/index.ts b/src/api/routes/users/@me/index.ts
index cddc3a08..5caf0d11 100644
--- a/src/api/routes/users/@me/index.ts
+++ b/src/api/routes/users/@me/index.ts
@@ -1,17 +1,17 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
@@ -189,6 +189,18 @@ router.patch(
 			}
 		}
 
+		if (body.bio) {
+			const { maxBio } = Config.get().limits.user;
+			if (body.bio.length > maxBio) {
+				throw FieldErrors({
+					bio: {
+						code: "BIO_INVALID",
+						message: `Bio must be less than ${maxBio} in length`,
+					},
+				});
+			}
+		}
+
 		user.assign(body);
 		user.validate();
 		await user.save();
diff --git a/src/util/config/types/subconfigurations/limits/UserLimits.ts b/src/util/config/types/subconfigurations/limits/UserLimits.ts
index 8f9b1a97..afe9afbe 100644
--- a/src/util/config/types/subconfigurations/limits/UserLimits.ts
+++ b/src/util/config/types/subconfigurations/limits/UserLimits.ts
@@ -1,17 +1,17 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
@@ -20,4 +20,5 @@ export class UserLimits {
 	maxGuilds: number = 1048576;
 	maxUsername: number = 32;
 	maxFriends: number = 5000;
+	maxBio: number = 190;
 }
diff --git a/src/util/entities/User.ts b/src/util/entities/User.ts
index c929039e..b299bcfc 100644
--- a/src/util/entities/User.ts
+++ b/src/util/entities/User.ts
@@ -1,17 +1,17 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
@@ -130,7 +130,7 @@ export class User extends BaseClass {
 	bot: boolean = false; // if user is bot
 
 	@Column()
-	bio: string = ""; // short description of the user (max 190 chars -> should be configurable)
+	bio: string = ""; // short description of the user
 
 	@Column()
 	system: boolean = false; // shouldn't be used, the api sends this field type true, if the generated message comes from a system generated author
diff --git a/src/util/schemas/UserModifySchema.ts b/src/util/schemas/UserModifySchema.ts
index e155b9af..4be6ad43 100644
--- a/src/util/schemas/UserModifySchema.ts
+++ b/src/util/schemas/UserModifySchema.ts
@@ -1,17 +1,17 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
@@ -23,9 +23,6 @@ export interface UserModifySchema {
 	 */
 	username?: string;
 	avatar?: string | null;
-	/**
-	 * @maxLength 1024
-	 */
 	bio?: string;
 	accent_color?: number;
 	banner?: string | null;

From 5900d4fdacb89e0f6312ae2b3f52267f142f1b65 Mon Sep 17 00:00:00 2001
From: TomatoCake <60300461+DEVTomatoCake@users.noreply.github.com>
Date: Sat, 10 Aug 2024 22:23:02 +0200
Subject: [PATCH 2/2] Update schema for bio max length config

---
 assets/schemas.json | Bin 23267068 -> 23291081 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/assets/schemas.json b/assets/schemas.json
index 5226bbade87cac4040e598053c272c32a2445bb6..70a65862aa56151cd2364f5639bf6515ee96b3eb 100644
GIT binary patch
delta 8586
zcmb7}dsNj`7RT4-as_!mjHkdA6o?d16z~-&DuSR~P*M?4LhzlX2o(bIaF<{|2)jQU
z!b@T=BfwGGPKdv39I0RiWk_eBL2?Gr0VJA&F&&x%tkuk)=lt>6>#n=*_qQMCoPEyk
z+$SeXOuzc-q-kCuTrw!zs5@`x1S{oZ#~r=pQoBH3SS;_TvnXX>jr6IU<eNusnUa-7
zptUc06c{j6<WXQ49L+Bq8aKqDaWxH%PdgsYFH>h2p*q8u)EU#CU(GF($CJ!VQT<>#
z!-UiiOw$EiGA)iLnbUZZg}g@4<$?|iT+m@j3p%WNBKWlp=Pt~^%Td-08@e22JI<df
zuDxc<m_ci=J@pEIxVSOUj$uz5104<u6eqsM0pn{NDZa+(qJXTz-5D#~XHtc`i#>mk
zvQpx1B=1kQc9i|SmumHX_0BM>JZAblS>vE_qML1RhZ~e1xaBnYm0$Jp6LO+~$xOL)
z(R|nPP!}uAt#DzuQf`G?XB7WvOnObsH?l>wy@oN1)b{S)0@<<$pi<&NO3CcK0<tRx
zbMT6RCtWe{sud^_TUl0UmgU9pCbO)k(<Av)Wm+RN8+n@HLuMn-1oDR~Pini;=3-ac
zJnBmG&Ek(4d%JuYe$?CL|B--9qn(c$?E=zh12P37WimDTHU}^kl5g{(9Xu|PwL3--
zYkR?|hq+6tYj0M|4|jh)P5!aVH}%&k>nB@%qIUe>MAcjzHIl3DEwYn)t~<|?Z|WM|
z<eS&5?B(z0s*KR;VlZPdSzTPRizn8p);!@FExngAmXW3R@=`%*VC8ZQtbCRND?`Tk
zm&>Hr>kgrK-C+e?cUbu<f8WDfr7Ia>bgOjLrUdR1<7KDSj5T!GDg4-4epyRdIJT6n
zrIxaYdVwI#O(N0UWF48CM9Bh^&UI|P8LrHWVnox*y!DX+kuoj1j%^^<v6x_fmw11l
zmJv($_r-bfk3GKoT^wU0z5Cs!{qg+etV)Z=s<h{*DsA%?f&Hqub2AoqZlU7Nt+NHZ
ztw>J570KIZMRH=CKyIELiRjspM4lbV3k51U7_l7(BX-bWL`u4Vx8AEM*n9PP>b;tp
zARucG*oo}{Y1AH&?#17{vA8Ckv5Sgpb_?wMGLxC(xmkM{d+FS)eNh6D=Ii!hzHUF|
z>kixzDCdCL3pikQkOs_N{6@fAZ2pTFoBtBU<{!$7;h&hPa2Qh|gHqv$R=`{Mks}y>
zB$L9AWQoXp2C~p+;AQd|cm)K!H6_1_P088RlzdbtAnWZoioG2<)Z3ApColkGk$E^4
zd5p#)^QQ@Tlazdvlme2J!qj!#13*QKi;6(5|H*KsocBYVwd}UmSo7<tti1M~GusD^
z<(uA1x0WAtw3O=>?sT2{_2*V5R+zJ_h;f{9mf<`6vFa@yp9N#QbO9N!(WMKoKjCjm
z`n_+2f+<FOo?sMHv}cJ<pj&5DmS9HZNy?~v<E1$6D&fm+5~Gw}b}KXE&lBxWl`-BV
z`%~px1)7D*{1mFp-y)T{?wUYu@r62!FO(_1@botVOR!1xHa4k#Lrtm*M}gdSWmVv=
ztaoTvR%N?@taYdoTZhh2>yX}@UnVn|F&;{(V!TU-QqFGX*J9$Gvy5s=ymM|Jzf5K_
zBTR{UkMTaGM1AmsKu!BvKES?~52>%^qZjyHVt?p)#>dnjTI0pPhOz3i8pbD7^;zvt
z0^Yp*>(I-;p1k}o2&_M3FTjl7Qp356c>>;=9WP<CV*@oiekyXQa98>i?@B~>rOSo<
z2SJ(1jPQxk?--xa6Qjma{stqn1!0UO*^P`VRFd7aoj=RT19rhk6BdkIrGgQqgFoa+
zDSH{ghr6%Q!`)x}%pdWjG`IT;%<cX?<#u1+y@9*4O-Z-?0du$ApxkZE!~D4(Z*M-{
z{^h6bUm5Xhn7e7HU-LDih4gD$1$N=dNP`+%F{ts66x8^qdqQ5-SnuD)xJmW?w*;<=
zCcMf_IvxApyTxdy{`dYYaOE=@b+%InW;=aD*-p3j2oBBB)3@>H={t1v^j{Y9pCR4~
z={Cj~i@!2DDaN8pRO(UKg&u|9l1Jg+PVnCw7KL;dh1_ij={Y5^Y3<DH!JV1k(ay|!
z>HLcYlZNjx{!U55|A-Or7Mj+Jp=o^-n$~Z@KYy^Nv!8LFdO9Bz@_Un+OpTAV|6~l%
zW9{IV{5^d_YmAAlgNz|cY<>6|e>=d;&|${+lo>jbA&_NG!wBXy{6IMk|56FaY<+%2
zTc4lE)@Srvewlu_Z9W*wwfFta<!80?bM!q~Y6z3tIxN<dyIz|(b<UF?_F1`1e$X_G
zs>@^M&CrLQ3Ic0=Rh}9wbRU#hzj?{&|L$bIw~6&DuQ#!fOWz8&LbtP{j4^UM`|nFz
zxci}A**^!S;{l&XjGyU%&*LzG!iSxCjA3V<P}rIOIPx#_sZ!vm^El&|#!+X;=J#1_
zSPBvY6vI*jDB%}M?uII0#t;;DLp2l&C_~s#Ng-L&Knck*f^_~&C-3^Duu&sm#u${a
z(diJ!?|4ccu*U?XfIX(51ne<`O``HS-DV)o={5&tPPYX_^UEc}SW8ywSSwcQSZg>b
zp!B$54U)$V8&EuM*g}DTGI+@hkb;*y1xoM|J17!RZm6{bX+y0&C>v@Wgp_ISjv%GE
zJAsns?hJ1V_&lL=2I+)uCMYL#E|AK9F)8I)y8<(ApyXL=grb#;G$6@Evp|uH+~Jr&
zwC5kWgLM9p2Po$s%@!J!i6$W_`#nKX_Itq?|GqV~)TNj{FJQ(Sl$gG!p*4xSJxR5P
ze1Mr}K&d@67jgx%Rr=?$nEU6knEQQ&DttS^52V`({-E4Wm=7r6bE3yf!)*&d8Ey*@
znn|{+7J_8EY7r>5s{$dJf78`Z<Y^*VGzJ1QL7-SP28)cXeqtsXN?v}8fte+sc=;`b
zy#hJUu3ie#?CNEp%&uMzTlf!c(!{L@Ga;Z@I)=j6{ClZ1aV5gc3Q+dGu@c_j#6O>^
zZNfmRwpj&Awasdn$zNwl`}%5NW(_FX*TW%<KhMc`dCB*eaA0OFD89c$z()RLC*I4=
z<sWx{9;F{XI0yV?O$yjd{Dmkfha=exKfI33@WWBiCNO522T>qt9z=tpd9WU|0!mfl
z29Q*VF`%dtwNTHWhP1j}3(UlVvbsGEw(=`wyD>utx$5-oASo|=BkP*sn^@NjkB11s
zF_6cv*giG&pt`1bkm{PA1EsEMGknbdAZajQ3ox@4l)-=m2ogwx{c$o)YWy$(nArw(
tjUOfoybVgxE=j;lGAPk5+d<&|Lh35p4$SNTrK>CjPVq);;%i`X^uNDo(c}OC

delta 3986
zcmbuCeOymz7QjEJ>Ahctywp^Rrb+elW2)%|4QfO`p;QLxWnw1UQn5;!D9M>6b2G_h
zv-?xb*paq|;VdmTc1L+xru8y08L72vhKB4YOxZovR!{u7e|*m$=lyxkbMJlbxpUjh
zI=2;=<!pkl^tMM7P4i5r&<Gbh4W7@_V_u{4dHTL{`t)i|{%nK%*@j1F8>P?eQ?m2(
zbR))?o~N5EoiU)-WmcJj8J6BRVN9v?zFC40^*?J!yb43&%_$__q9Ev%Si1%bv}>>=
zyM`f6!2?!#%at#OV{q6|W*7yBS-lX-V$NABW;o@X9kEVGiJntNGNZ_Iigl{c2sR$J
zW^AbO@asoJeVwZ<*16hIovZz*{yg>?w9(l!qsd0+Fg&cUDb^=AI5J}>!C~z5{yeO2
zE*{G`QFHMdiT(P~8bp;d^CqFn<xo$4<h^Ic@eEvx*7jv~(x6kPE8|8^o$lWK8Cbu2
zm6{n(yH{z}_IJnw(cbH30%`9}{6f^LW8Ok_j0dS>JTv<9uz%xKPsWQHufF}E=%1za
z#w@K5WodoG1-+b8;ctMd8ehhbR5g>5XZ1B}r|C74&txQ@DMUX0g+e59B=ZjCR7~v*
z860GWHLlZ`=~Uwyutu0Rt}F{+0%>L0yOB`?LD;FD!30sKdS<TB0Up~wlbJ=w_6Jvq
zd35$#)Y;D_oqdQbE<a^Q2&U|qLn%AvE)ep_tXH9_Y913xrm8UYprDOmn6hy`rECm$
z5m$J*BOEVxM9}4q$m9hB&B`O^TRO-#?n7*`GJ65@9#v*9bP&$1oU$>@2rV8jWEPRd
z<HhzuI4;YGVwTXdjA(Hb_~=126GM+4#CnPCMK6uR=%w#d^wRhQvAwQ_c<gFeN?i@h
zqD1}nxgX&6xgXN@xd|@Xfwr-&Hi21AZM7=~Jxu%k6LG))uV}x2(jqaB_mL#@K9Wq{
zM^=6-_7mimf<bPn6y%n6P4ti0n}!j4S5d^?)j6R;U314@qq*Z6GIvZ56Z~b?8>6l`
zoyj0w@!DX)h-1t$nRPVAEDJ<^R8AH~<$Od@IoUf!y<2-Wy0xz-xAqM=VzVttIoOhv
zOD#zo4F!MM`+MV|=-IrH$s^C^P2sZ#IwoaFem=<GOlz?K5BYSUu~kv1$#_hS$!9iG
zY7CwhOC(-HOuY6nC0_fDzEA=WXtyw1>43JNR5**6d!~TdM!9D`SrtA|71c8&rjXP#
zwyVTEX(zU0+KEpo?L^UHai02KJ5b-NnDo7No)+`JDBp=M%4K>{zU!Je2bFp^s?@(F
zmAb^HKR>_JVoOVyJrrB|yZU}TKmC;jdyO$|)bAM`rH$HaAQ+L2Oes|sl*I{pxi#Z6
zBb=wVkJ(T2^gjDQFd`e7&#5)zz%#Kkho=Y7;prd9;prDCqJM4jL99(Kr`qI0F8%Z2
zj>p|Q#8l9@dw={{^pA|G#K@Q`ij4WPQ+OPazcI{V+H&Pcj_4m4{1pZUAEm(HW1EGE
z%8KuCBQ&Ww#t@m*{3%;}^{^2Y-xH+xR(A<SWZqt5?5e0{{!CpJCkJgy&ug~C=@gbY
zDOBQAb5+RL`<kuTQ-c+IPE*C6GtY&z*fjJn%wMT#=+`Uf4V;$Vpn}4$v7qoQ6%^J!
z6c*NNJZ@Nr#|_WXal`X^uNa?YoyTWc7wB2m#aE4fZ5Pq6?Qi7QcB%R0NLh2M-UQ<l
zE;HXyd_w&vFMA++Fn=e_tt&>a7+24~imT^eqt)}TC%&>C+xqKhTmLQD);IVG1Ho-G
zZ!kA$+sy9<zQ=q-S#OM%r@mtv$@0{#E&UgqKI6?v-{Z|mx9R4jrULOH(H(9=-Qhc=
zJKUTg%mSynw=n;psqS|}MgO|8yI5EDPpT{XmxZt<w6wm*{6Lo0KW-BIW!4*Dz4Rk<
zpX#Ltb^Yg;J7c3U-ZX7xexjSE4?h+MUb5jKmTY)LB^%n-h?Rn$v|;d*#}xeJ->-@K
z{KTIzKk*6WC$={VdR>*H2N=sgE$}tR%BFUvgDRVz`Y#zcLpuLzXD~rc(lh2cX_9^k
z6dO6%^a~zr>ZF5BT{gm`dK065><i{U)%vmUkr1`@_!W>CP>x^Gg95=Kt)KN8u+Rr(
z{VW66Dw+aL8h{jV(h!t@lSYsrR_nQWO0AQPfrSYut&>e5T#W5@kTR>xK*_99L7ZUf
zy_ZV%&gQ_v0u*~^OPC`#Nc(nM0*fJ_?AtvQwuz<{7Q;YVVPOTz3X9>8Cz_n|hJ)ms
zHv$yrypfPEnp!$Wg4EJ63Y3-(>%pedBpZ-QlU@g<G|3h|6{31}R9{NHV+$<oKuNu0
z4{^esN-~Ka4J;f$F^P5@oVK>!5v1DsF`(4ekA++zt&|(&1T5YFB{#@<@DjQwFZox$
z35tKU3v>uiK<{{^HD2R@g)1m)yxibo%)qIU)}3(!7Ve;|JEMjTVnq+1@gRBlXh8As
znJ~D|N97YhdQ?6Ult<-n0g6%GCsnF)^aQ2K(QDAoNLj^Rz~XICvWmSSR(QfBD{~)U
z;R}kDx!>T~-N^L==|=7(P;TT-h7_?@Zu?~3llCdRC++^QNO;LeR>|*h!sMx(FnJoB
z7oH_)WXm*QF&&hVEdlU(<iKv|w6|w~xumx|5Lmnmir(@WU@7+5?I3Ay2Z5r!Jre?j
zialRg=~Cn@U=a+;rARGA2xWUdrZRs_4W;E5w7_CED9bN|K(gQ@Sxlb;Eark@F?}9{
ziHqHJbRI~%j)sD=>u4BMiBY-k^LZcK!+9UvBVe&$k~c@iSr?}o_{f&~N{r;D>)yk=
zuRrq26t%TH1Pz83#oZkyKg_coEl*spKVs)D!_l(l2a}g<QejyHu!sbuuxtU?i3PeZ
z7V>&$+Yvog=C)q6?<w$qm8-IOkI#_JLOw$_i@-}P$Nvfj(pYH`uviSrSSboTL_7Z*
z7)nL@OMpc*R2J#Sh&N8@VrC4mhy~?hW*mt33JD&@0gLxRfrs(1qd(~gjh<=te*qY;
BHnji%