Skip to content

Commit

Permalink
fix: set limit to 250kb for whitelist
Browse files Browse the repository at this point in the history
  • Loading branch information
kevin9foong committed Jan 13, 2025
1 parent 4863334 commit bf81c71
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 29 deletions.
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { useCallback, useEffect, useMemo, useState } from 'react'
import { useCallback, useEffect, useState } from 'react'
import {
Controller,
ControllerRenderProps,
Expand All @@ -8,14 +8,13 @@ import {
import { useParams } from 'react-router'
import { Box, Skeleton } from '@chakra-ui/react'

import { MB } from '~shared/constants'
import { AttachmentSize, BasicField, StorageFormSettings } from '~shared/types'
import { KB } from '~shared/constants'
import { StorageFormSettings } from '~shared/types'
import { VALID_WHITELIST_FILE_EXTENSIONS } from '~shared/utils/file-validation'

import { parseCsvFileToCsvString } from '~utils/parseCsvFileToCsvString'
import Attachment from '~components/Field/Attachment'
import { AttachmentFieldSchema } from '~templates/Field'
import { FieldContainer } from '~templates/Field/FieldContainer'
import { BaseFieldProps, FieldContainer } from '~templates/Field/FieldContainer'

import { useMutateFormSettings } from '../../mutations'

Expand All @@ -26,6 +25,7 @@ interface FormWhitelistAttachmentFieldProps {
isDisabled: boolean
}

const MAX_SIZE_IN_BYTES = 250 * KB
const FormWhitelistAttachmentFieldContainerName =
'whitelist-csv-attachment-field-container'
const FormWhitelistAttachmentFieldName = 'whitelist-csv-attachment-field'
Expand All @@ -45,16 +45,14 @@ export const FormWhitelistAttachmentField = ({

const standardCsvDownloadFileName = `whitelist_${formId}.csv`

const fieldContainerSchema: AttachmentFieldSchema = {
const fieldContainerSchema: BaseFieldProps['schema'] = {
_id: FormWhitelistAttachmentFieldContainerName,
title: 'Restrict form to eligible NRIC/FIN/UENs only',
description:
'Only NRIC/FIN/UENs in this list are allowed to submit a response. CSV file should include all whitelisted NRIC/FIN/UENs in a single column with the "Respondent" header. ' +
'[Download a sample .csv file](https://go.gov.sg/formsg-whitelist-respondents-sample-csv)',
required: true,
disabled: isDisabled,
fieldType: BasicField.Attachment,
attachmentSize: AttachmentSize.TwentyMb,
}

const { publicKey, whitelistedSubmitterIds } = settings
Expand All @@ -73,13 +71,6 @@ export const FormWhitelistAttachmentField = ({
}
}, [isWhitelistEnabled, setValue, standardCsvDownloadFileName])

const maxSizeInBytes = useMemo(() => {
if (!fieldContainerSchema.attachmentSize) {
return
}
return parseInt(fieldContainerSchema.attachmentSize) * MB
}, [fieldContainerSchema.attachmentSize])

const setWhitelistAttachmentFieldError = useCallback(
(errMsg: string) => {
setError(FormWhitelistAttachmentFieldContainerName, {
Expand Down Expand Up @@ -168,7 +159,7 @@ export const FormWhitelistAttachmentField = ({
handleDownloadFileOverride={triggerSecretKeyInputTransition}
handleRemoveFileOverride={removeWhitelist}
showFileSize
maxSize={maxSizeInBytes}
maxSize={MAX_SIZE_IN_BYTES}
showDownload
showRemove
isDownloadDisabled={false}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ export const enSG: Fields = {
fileEmpty:
'You have uploaded an empty file, please upload a valid attachment',
fileTooLarge:
'You have exceeded the limit, please upload a file below {readableMaxSize}',
'You have exceeded the file size limit, please upload a file below {readableMaxSize}',
fileInvalidType:
"Your file's extension ending in *{fileExt} is not allowed",
tooManyFiles: 'You can only upload a single file in this input',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ describe('attachment validation', () => {
// Assert
// Should show error message.
const error = screen.getByText(
/You have exceeded the limit, please upload a file below 1 MB/i,
/You have exceeded the file size limit, please upload a file below 1 MB/i,
)
expect(error).not.toBeNull()
})
Expand Down
17 changes: 6 additions & 11 deletions src/app/modules/form/admin-form/admin-form.controller.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ import { celebrate, Joi as BaseJoi, Segments } from 'celebrate'
import { AuthedSessionData } from 'express-session'
import { StatusCodes } from 'http-status-codes'
import JSONStream from 'JSONStream'
import multer from 'multer'
import { ResultAsync } from 'neverthrow'

import {
KB,
MAX_UPLOAD_FILE_SIZE,
VALID_UPLOAD_FILE_TYPES,
} from '../../../../../shared/constants/file'
Expand Down Expand Up @@ -1656,15 +1656,8 @@ export const handleDeleteWorkflowStep: ControllerHandler<
)
}

const TWENTY_MB_IN_BYTES = 20 * 1024 * 1024
const handleWhitelistSettingMultipartBody = multer({
limits: {
fieldSize: TWENTY_MB_IN_BYTES,
fields: 1, // only allow csv string field
files: 0,
},
})

const TWO_HUNDRED_FIFTY = 250
const TWO_HUNDRED_FIFTY_KB_IN_BYTES = TWO_HUNDRED_FIFTY * KB
const _handleUpdateWhitelistSettingValidator = celebrate({
[Segments.PARAMS]: {
formId: Joi.string()
Expand All @@ -1674,10 +1667,13 @@ const _handleUpdateWhitelistSettingValidator = celebrate({
},
[Segments.BODY]: {
whitelistCsvString: Joi.string()
.allow(null) // for removal of whitelist
.max(TWO_HUNDRED_FIFTY_KB_IN_BYTES)
.pattern(/^[a-zA-Z0-9,\r\n]+$/)
.messages({
'string.empty': 'Your csv is empty.',
'string.pattern.base': 'Your csv has one or more invalid characters.',
'string.max': `You have exceeded the file size limit, please upload a file below ${TWO_HUNDRED_FIFTY} kB.`,
}),
},
})
Expand Down Expand Up @@ -1792,7 +1788,6 @@ export const _handleUpdateWhitelistSettingForTest =
_handleUpdateWhitelistSetting

export const handleUpdateWhitelistSetting = [
handleWhitelistSettingMultipartBody.none(), // expecting string field
_handleUpdateWhitelistSettingValidator,
_handleUpdateWhitelistSetting,
] as ControllerHandler[]
Expand Down

0 comments on commit bf81c71

Please sign in to comment.