fix: add explicite validation check for empty url, title and content length

2025-11-23 14:21:30 +01:00
parent 216e8657f6
commit 0a8ed2e27c
1 changed files with 15 additions and 0 deletions
--- a/internal/handlers/post_handler.go
+++ b/internal/handlers/post_handler.go
@@ -130,6 +130,11 @@ func (h *PostHandler) CreatePost(w http.ResponseWriter, r *http.Request) {
 	url := security.SanitizeURL(req.URL)
 	content := security.SanitizePostContent(req.Content)

+	if url == "" {
+		SendErrorResponse(w, "Invalid URL", http.StatusBadRequest)
+		return
+	}
+
 	if title == "" && h.titleFetcher != nil {
 		titleCtx, cancel := context.WithTimeout(r.Context(), 7*time.Second)
 		defer cancel()
@@ -160,6 +165,16 @@ func (h *PostHandler) CreatePost(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	if len(title) > 200 {
+		SendErrorResponse(w, "Title must be at most 200 characters", http.StatusBadRequest)
+		return
+	}
+
+	if len(content) > 10000 {
+		SendErrorResponse(w, "Content must be at most 10000 characters", http.StatusBadRequest)
+		return
+	}
+
 	post := &database.Post{
 		Title:    title,
 		URL:      url,