Cutlery/immich
1
0
Fork 1
mirror of https://github.com/immich-app/immich.git synced 2025-07-09 03:04:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: array-max-length (#19562)

Browse Source
This commit is contained in:
Jason Rasmussen 2025-06-26 15:41:48 -04:00 committed by GitHub
parent 3105094a3d
commit 6fed223405
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 87 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
open-api/immich-openapi-specs.json
View File

@ -13425,9 +13425,9 @@
"properties": { "properties": {
"acks": { "acks": {
"items": { "items": {
"maxLength": 1000,
"type": "string" "type": "string"
}, },
"maxItems": 1000,
"type": "array" "type": "array"
} }
}, },

84
server/src/controllers/sync.controller.spec.ts Normal file
View File

@ -0,0 +1,84 @@
import { SyncController } from 'src/controllers/sync.controller';
import { GlobalExceptionFilter } from 'src/middleware/global-exception.filter';
import { SyncService } from 'src/services/sync.service';
import request from 'supertest';
import { errorDto } from 'test/medium/responses';
import { ControllerContext, controllerSetup, mockBaseService } from 'test/utils';
describe(SyncController.name, () => {
let ctx: ControllerContext;
const syncService = mockBaseService(SyncService);
const errorService = { handleError: vi.fn() };
beforeAll(async () => {
ctx = await controllerSetup(SyncController, [
{ provide: SyncService, useValue: syncService },
{ provide: GlobalExceptionFilter, useValue: errorService },
]);
return () => ctx.close();
});
beforeEach(() => {
syncService.resetAllMocks();
errorService.handleError.mockReset();
ctx.reset();
});
describe('POST /sync/stream', () => {
it('should be an authenticated route', async () => {
await request(ctx.getHttpServer()).post('/sync/stream');
expect(ctx.authenticate).toHaveBeenCalled();
});
it('should require sync request type enums', async () => {
const { status, body } = await request(ctx.getHttpServer())
.post('/sync/stream')
.send({ types: ['invalid'] });
expect(status).toBe(400);
expect(body).toEqual(
errorDto.badRequest([expect.stringContaining('each value in types must be one of the following values')]),
);
expect(ctx.authenticate).toHaveBeenCalled();
});
});
describe('GET /sync/ack', () => {
it('should be an authenticated route', async () => {
await request(ctx.getHttpServer()).get('/sync/ack');
expect(ctx.authenticate).toHaveBeenCalled();
});
});
describe('POST /sync/ack', () => {
it('should be an authenticated route', async () => {
await request(ctx.getHttpServer()).post('/sync/ack');
expect(ctx.authenticate).toHaveBeenCalled();
});
it('should not allow more than 1,000 entries', async () => {
const acks = Array.from({ length: 1001 }, (_, i) => `ack-${i}`);
const { status, body } = await request(ctx.getHttpServer()).post('/sync/ack').send({ acks });
expect(status).toBe(400);
expect(body).toEqual(errorDto.badRequest(['acks must contain no more than 1000 elements']));
expect(ctx.authenticate).toHaveBeenCalled();
});
});
describe('DELETE /sync/ack', () => {
it('should be an authenticated route', async () => {
await request(ctx.getHttpServer()).delete('/sync/ack');
expect(ctx.authenticate).toHaveBeenCalled();
});
it('should require sync response type enums', async () => {
const { status, body } = await request(ctx.getHttpServer())
.delete('/sync/ack')
.send({ types: ['invalid'] });
expect(status).toBe(400);
expect(body).toEqual(
errorDto.badRequest([expect.stringContaining('each value in types must be one of the following values')]),
);
expect(ctx.authenticate).toHaveBeenCalled();
});
});
});

4
server/src/dtos/sync.dto.ts
View File

@ -1,5 +1,5 @@
import { ApiProperty } from '@nestjs/swagger'; import { ApiProperty } from '@nestjs/swagger';
import { IsEnum, IsInt, IsPositive, IsString, MaxLength } from 'class-validator'; import { ArrayMaxSize, IsEnum, IsInt, IsPositive, IsString } from 'class-validator';
import { AssetResponseDto } from 'src/dtos/asset-response.dto'; import { AssetResponseDto } from 'src/dtos/asset-response.dto';
import { AlbumUserRole, AssetOrder, AssetType, AssetVisibility, SyncEntityType, SyncRequestType } from 'src/enum'; import { AlbumUserRole, AssetOrder, AssetType, AssetVisibility, SyncEntityType, SyncRequestType } from 'src/enum';
import { Optional, ValidateDate, ValidateUUID } from 'src/validation'; import { Optional, ValidateDate, ValidateUUID } from 'src/validation';
@ -217,7 +217,7 @@ export class SyncAckDto {
} }
export class SyncAckSetDto { export class SyncAckSetDto {
@MaxLength(1000) @ArrayMaxSize(1000)
@IsString({ each: true }) @IsString({ each: true })
acks!: string[]; acks!: string[];
} }