From ce98e2f89ffd6bbfc30fa9a35304391468f09c10 Mon Sep 17 00:00:00 2001 From: Dum Date: Sun, 1 Mar 2026 22:10:41 +0530 Subject: [PATCH] More fixes, adds limits --- server/routes/users/[id]/bookmarks.ts | 2 +- server/routes/users/[id]/lists/index.patch.ts | 10 +++++++++- server/routes/users/[id]/progress/import.ts | 2 +- .../routes/users/[id]/watch-history/[tmdbid]/index.ts | 2 +- server/utils/prisma.ts | 2 +- 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/server/routes/users/[id]/bookmarks.ts b/server/routes/users/[id]/bookmarks.ts index 56236d2..0706730 100644 --- a/server/routes/users/[id]/bookmarks.ts +++ b/server/routes/users/[id]/bookmarks.ts @@ -51,7 +51,7 @@ export default defineEventHandler(async event => { if (method === 'PUT') { const body = await readBody(event); - const validatedBody = z.array(bookmarkDataSchema).parse(body); + const validatedBody = z.array(bookmarkDataSchema).max(1000).parse(body); const now = new Date(); const upserts = validatedBody.map((item: any) => { diff --git a/server/routes/users/[id]/lists/index.patch.ts b/server/routes/users/[id]/lists/index.patch.ts index 87a1fd6..2b88b99 100644 --- a/server/routes/users/[id]/lists/index.patch.ts +++ b/server/routes/users/[id]/lists/index.patch.ts @@ -51,7 +51,9 @@ export default defineEventHandler(async event => { }); } - const result = await prisma.$transaction(async tx => { + let result; + try { + result = await prisma.$transaction(async tx => { if ( validatedBody.name || validatedBody.description !== undefined || @@ -106,6 +108,12 @@ export default defineEventHandler(async event => { include: { list_items: true }, }); }); + } catch (err: any) { + if (err.code === 'P2002') { + throw createError({ statusCode: 409, message: 'A list with this name already exists' }); + } + throw err; + } return { list: result, diff --git a/server/routes/users/[id]/progress/import.ts b/server/routes/users/[id]/progress/import.ts index 1a71f62..32a524c 100644 --- a/server/routes/users/[id]/progress/import.ts +++ b/server/routes/users/[id]/progress/import.ts @@ -73,7 +73,7 @@ export default defineEventHandler(async event => { try { const body = await readBody(event); - const validatedBody = z.array(progressItemSchema).parse(body); + const validatedBody = z.array(progressItemSchema).max(1000).parse(body); const existingItems = await prisma.progress_items.findMany({ where: { user_id: userId }, diff --git a/server/routes/users/[id]/watch-history/[tmdbid]/index.ts b/server/routes/users/[id]/watch-history/[tmdbid]/index.ts index b6afc5c..4791f83 100644 --- a/server/routes/users/[id]/watch-history/[tmdbid]/index.ts +++ b/server/routes/users/[id]/watch-history/[tmdbid]/index.ts @@ -58,7 +58,7 @@ export default defineEventHandler(async event => { // Accept single object (normal playback) or array (e.g. user import) const bodySchema = z.union([ watchHistoryItemSchema, - z.array(watchHistoryItemSchema), + z.array(watchHistoryItemSchema).max(1000), ]); const parsed = bodySchema.parse(body); const items = Array.isArray(parsed) ? parsed : [parsed]; diff --git a/server/utils/prisma.ts b/server/utils/prisma.ts index e1f2510..012eefc 100644 --- a/server/utils/prisma.ts +++ b/server/utils/prisma.ts @@ -11,7 +11,7 @@ const pool = globalForPrisma.pool || new Pool({ connectionString: process.env.DATABASE_URL, - max: parseInt(process.env.DB_POOL_MAX || '1000', 10), + max: Math.max(1, parseInt(process.env.DB_POOL_MAX, 10) || 30), connectionTimeoutMillis: 10000, idleTimeoutMillis: 300000, });