Enforce user invites/request on server

2022-08-08 11:02:37 +02:00
parent b37a848914
commit 7923a7e071
3 changed files with 11 additions and 6 deletions
--- a/app/scenes/Invite.tsx
+++ b/app/scenes/Invite.tsx
@@ -5,6 +5,7 @@ import { useTranslation, Trans } from "react-i18next";
 import { Link } from "react-router-dom";
 import styled from "styled-components";
 import { Role } from "@shared/types";
+import { UserValidation } from "@shared/validations";
 import Button from "~/components/Button";
 import CopyToClipboard from "~/components/CopyToClipboard";
 import Flex from "~/components/Flex";
@@ -19,8 +20,6 @@ import usePolicy from "~/hooks/usePolicy";
 import useStores from "~/hooks/useStores";
 import useToasts from "~/hooks/useToasts";

-const MAX_INVITES = 20;
-
 type Props = {
  onSubmit: () => void;
 };
@@ -97,10 +96,10 @@ function Invite({ onSubmit }: Props) {
  }, []);

  const handleAdd = React.useCallback(() => {
-    if (invites.length >= MAX_INVITES) {
+    if (invites.length >= UserValidation.maxInvitesPerRequest) {
      showToast(
        t("Sorry, you can only send {{MAX_INVITES}} invites at a time", {
-          MAX_INVITES,
+          MAX_INVITES: UserValidation.maxInvitesPerRequest,
        }),
        {
          type: "warning",
@@ -241,7 +240,7 @@ function Invite({ onSubmit }: Props) {
      ))}

      <Flex justify="space-between">
-        {invites.length <= MAX_INVITES ? (
+        {invites.length <= UserValidation.maxInvitesPerRequest ? (
          <Button type="button" onClick={handleAdd} neutral>
            <Trans>Add another</Trans>…
          </Button>
--- a/server/routes/api/users.ts
+++ b/server/routes/api/users.ts
@@ -1,6 +1,7 @@
 import crypto from "crypto";
 import Router from "koa-router";
 import { Op, WhereOptions } from "sequelize";
+import { UserValidation } from "@shared/validations";
 import userDemoter from "@server/commands/userDemoter";
 import userDestroyer from "@server/commands/userDestroyer";
 import userInviter from "@server/commands/userInviter";
@@ -316,7 +317,7 @@ router.post("users.invite", auth(), async (ctx) => {

  const response = await userInviter({
    user,
-    invites,
+    invites: invites.slice(0, UserValidation.maxInvitesPerRequest),
    ip: ctx.request.ip,
  });

--- a/shared/validations.ts
+++ b/shared/validations.ts
@@ -42,6 +42,11 @@ export const TeamValidation = {
  maxDomains: 10,
 };

+export const UserValidation = {
+  /** The maximum number of invites per request */
+  maxInvitesPerRequest: 20,
+};
+
 export const WebhookSubscriptionValidation = {
  /** The maximum number of webhooks per team */
  maxSubscriptions: 10,