fix(j-s): String Length Validation #16924

gudjong · 2024-11-18T15:05:44Z

String Length Validation

Setja limit á lengd texta í "efni kröfu" þegar verið er að búa til nýtt mál

What

Validates varchar 255 input on the backend.
Limits investigation case description to 255 characters in the client.

Why

To prevent unexpected excheptions when writing to the database.

Checklist:

I have performed a self-review of my own code
I have made corresponding changes to the documentation
My changes generate no new warnings
I have added tests that prove my fix is effective or that my feature works
Formatting passes locally with my changes
I have rebased against main before asking for a review

Summary by CodeRabbit

New Features
- Enhanced input validation for various fields across multiple forms, enforcing a maximum length of 255 characters for string inputs.
- Updated logic for creating and managing defendants within the working case, ensuring correct context and state management.
Bug Fixes
- Improved navigation logic to check for the existence of the working case before proceeding.
Documentation
- Updated validation rules to reflect the new maximum length constraints.

coderabbitai · 2024-11-18T15:05:52Z

Walkthrough

The pull request introduces validation enhancements across multiple Data Transfer Objects (DTOs) in the judicial system application. Specifically, the @MaxLength(255) decorator has been added to various string properties in several DTO classes, ensuring that input values do not exceed 255 characters. This change applies to fields in CreateCaseDto, UpdateCaseDto, CreateDefendantDto, UpdateDefendantDto, CreateFileDto, UpdateFileDto, and others. Additionally, some properties have been updated to include minimum size requirements for arrays, enhancing overall data validation.

Changes

File Path	Change Summary
`apps/judicial-system/backend/src/app/modules/case/dto/createCase.dto.ts`	Added `@MaxLength(255)` to properties: `description`, `policeCaseNumbers`, `defenderName`, `defenderNationalId`, `defenderEmail`, `defenderPhoneNumber`, `leadInvestigator`.
`apps/judicial-system/backend/src/app/modules/case/dto/updateCase.dto.ts`	Added `@MaxLength(255)` to properties: `location`, `description`, `policeCaseNumbers`, `defenderName`, `defenderNationalId`, `defenderEmail`, `defenderPhoneNumber`, `leadInvestigator`, `translator`, `courtCaseNumber`, `courtLocation`, `appealCaseNumber`. Added `@ArrayMinSize(1)` to `policeCaseNumbers`.
`apps/judicial-system/backend/src/app/modules/defendant/dto/createDefendant.dto.ts`	Added `@MaxLength(255)` to properties: `nationalId`, `name`, `address`, `citizenship`, `defenderName`, `defenderNationalId`, `defenderEmail`, `defenderPhoneNumber`.
`apps/judicial-system/backend/src/app/modules/defendant/dto/updateCivilClaimant.dto.ts`	Added `@MaxLength(255)` to properties: `name`, `nationalId`, `spokespersonNationalId`, `spokespersonName`, `spokespersonEmail`, `spokespersonPhoneNumber`.
`apps/judicial-system/backend/src/app/modules/defendant/dto/updateDefendant.dto.ts`	Added `@MaxLength(255)` to properties: `nationalId`, `name`, `address`, `citizenship`, `defenderName`, `defenderNationalId`, `defenderEmail`, `defenderPhoneNumber`, `requestedDefenderNationalId`, `requestedDefenderName`.
`apps/judicial-system/backend/src/app/modules/file/dto/createFile.dto.ts`	Added `@MaxLength(255)` to properties: `type`, `key`, `policeCaseNumber`, `policeFileId`, `userGeneratedFilename`.
`apps/judicial-system/backend/src/app/modules/file/dto/createPresignedPost.dto.ts`	Added `@MaxLength(255)` to properties: `fileName`, `type`.
`apps/judicial-system/backend/src/app/modules/file/dto/updateFile.dto.ts`	Added `@MaxLength(255)` to property: `userGeneratedFilename`.
`apps/judicial-system/backend/src/app/modules/indictment-count/dto/updateIndictmentCount.dto.ts`	Added `@MaxLength(255)` to properties: `policeCaseNumber`, `vehicleRegistrationNumber`.
`apps/judicial-system/backend/src/app/modules/subpoena/dto/updateSubpoena.dto.ts`	Added `@MaxLength(255)` to properties: `servedBy`, `defenderNationalId`, `defenderName`, `defenderEmail`, `defenderPhoneNumber`, `requestedDefenderNationalId`, `requestedDefenderName`.
`apps/judicial-system/backend/src/app/modules/user/dto/createUser.dto.ts`	Added `@MaxLength(255)` to properties: `nationalId`, `name`, `title`, `mobileNumber`, `email`.
`apps/judicial-system/backend/src/app/modules/user/dto/updateUser.dto.ts`	Added `@MaxLength(255)` to properties: `name`, `title`, `mobileNumber`, `email`.
`apps/judicial-system/web/src/routes/Prosecutor/InvestigationCase/Defendant/Defendant.tsx`	Added `maxLength` property to the `Input` component for the description field and updated logic for creating and navigating defendants based on the existence of `workingCase.id`.

Possibly related PRs

fix(citizenship): validation update #14937: Related changes in UpdateCaseDto class with similar @MaxLength(255) validation applied to string properties.
fix(j-s): Merge Email #16011: Modifications in the Defendant model and UpdateDefendantDto class enhancing data structures related to defendants.
fix(j-s): Display correct verdict appeal info for defenders #16533: Changes in case.transformer.ts regarding verdict appeal deadlines, relevant to the main PR's focus on verdict-related information.
feat(j-s): Send defenders a notification once assigned to indictment case #16687: Addition of notification functionality for defenders, related to enhancements in handling defendant information.
chore(j-s): Display service status on info card for prosecutors #16709: Updates to the InfoCard component displaying service status for prosecutors, relevant to case information display.

Suggested labels

automerge

Suggested reviewers

unakb

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Generate unit testing code for this file.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai generate unit testing code for this file.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and generate unit testing code.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

coderabbitai

Actionable comments posted: 5

🧹 Outside diff range and nitpick comments (19)

apps/judicial-system/backend/src/app/modules/file/dto/createPresignedPost.dto.ts (1)
Line range hint 1-18: Consider centralizing validation constraints.

Since these length validations are being added across multiple DTOs, consider creating a shared constant or configuration for these magic numbers to ensure consistency and easier maintenance.

Example implementation:
// shared/constants/validation.ts
export const DATABASE_VARCHAR_LENGTH = 255;

// Then in DTOs:
@MaxLength(DATABASE_VARCHAR_LENGTH)
apps/judicial-system/backend/src/app/modules/user/dto/createUser.dto.ts (3)
16-16: Consider field-specific length constraints

While adding @MaxLength(255) aligns with the database varchar(255) limitation, consider these field-specific recommendations:

nationalId: Should typically have a fixed length based on the Icelandic national ID format

email: RFC 5321 limits email addresses to 254 characters

mobileNumber: Consider a shorter, reasonable maximum length for phone numbers

Example implementation for nationalId:
  @IsNotEmpty()
- @MaxLength(255)
+ @MaxLength(10)
  @IsString()
For email:
  @IsNotEmpty()
- @MaxLength(255)
+ @MaxLength(254)
  @IsString()
For mobileNumber:
  @IsNotEmpty()
- @MaxLength(255)
+ @MaxLength(20)
  @IsString()
Also applies to: 22-22, 28-28, 34-34, 40-40

Line range hint 16-44: Add format validation for specific fields

Consider adding format validation for specialized fields:

nationalId: Add pattern validation for Icelandic national ID format

email: Add email format validation

mobileNumber: Add phone number format validation

Add these decorators:
  // For nationalId
+ @Matches(/^\d{6}-?\d{4}$/)

  // For email
+ @IsEmail()

  // For mobileNumber
+ @Matches(/^\+?[1-9]\d{1,14}$/)
Line range hint 1-65: Enhance TypeScript type safety

Per the coding guidelines for apps/** paths, consider enhancing type safety:

Add strict validation for enum values:
+ import { UserRole, isUserRole } from '@island.is/judicial-system/types'

  @IsNotEmpty()
  @IsEnum(UserRole)
+ @ValidateIf((o) => isUserRole(o.role))
  @ApiProperty({ enum: UserRole })
  readonly role!: UserRole
Consider using a custom validation pipe to ensure type safety during runtime:
@Injectable()
export class UserValidationPipe implements PipeTransform {
  transform(value: CreateUserDto) {
    // Add runtime type checking
    return value;
  }
}
apps/judicial-system/backend/src/app/modules/indictment-count/dto/updateIndictmentCount.dto.ts (2)
23-26: Consider a tighter length constraint for vehicle registration

While the @MaxLength(255) prevents database issues, vehicle registration numbers are typically much shorter. Consider using a more specific length constraint that matches your business requirements for vehicle registration numbers.

Example:
-  @MaxLength(255)
+  @MaxLength(20) // Adjust based on your specific requirements
Line range hint 45-52: Add length validation to remaining string fields

The incidentDescription and legalArguments fields are missing length validation. To maintain consistency and prevent potential database issues, consider adding @MaxLength(255) to these fields as well.

Apply this diff:
  @IsOptional()
  @IsString()
+ @MaxLength(255)
  @ApiPropertyOptional({ type: String })
  readonly incidentDescription?: string

  @IsOptional()
  @IsString()
+ @MaxLength(255)
  @ApiPropertyOptional({ type: String })
  readonly legalArguments?: string
apps/judicial-system/backend/src/app/modules/file/dto/createFile.dto.ts (1)
68-71: Consider additional filename validation

While the length validation is correct, consider adding a pattern validation to ensure proper filename format and prevent directory traversal.
 @IsOptional()
 @MaxLength(255)
 @IsString()
+@Matches(/^[^/\\:*?"<>|]+$/, { message: 'Invalid filename format' })
 @ApiPropertyOptional({ type: String })
 readonly userGeneratedFilename?: string
apps/judicial-system/backend/src/app/modules/defendant/dto/updateCivilClaimant.dto.ts (2)
1-1: Consider centralizing validation constants.

To improve maintainability and consistency across DTOs, consider extracting the magic number 255 into a shared constant.

Example implementation:
// shared/constants/validation.ts
export const DATABASE_VARCHAR_LENGTH = 255;

// Then in this file:
import { DATABASE_VARCHAR_LENGTH } from '@shared/constants/validation';
@MaxLength(DATABASE_VARCHAR_LENGTH)
String fields across DTOs lack consistent length validation

The search results reveal that string fields in related DTOs lack consistent @MaxLength(255) validation. Several DTOs in the defendant module and other modules have @IsString() decorators without corresponding length constraints:

createDefendant.dto.ts: Missing length validation on fields like name, nationalId, address

updateDefendant.dto.ts: Missing length validation on fields like name, nationalId, defenderEmail

internalUpdateDefendant.dto.ts: Missing length validation on fields like defenderName, defenderEmail

🔗 Analysis chain

Line range hint 1-64: Verify consistent validation across related DTOs.

The AI summary mentions similar changes in other DTOs. Let's verify that the @MaxLength(255) decorator has been consistently applied across all related DTOs.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Check for consistent @MaxLength(255) validation across related DTOs
# Expected: All string fields in related DTOs should have @MaxLength(255)

# Search for DTO files without @MaxLength(255) on string fields
rg -l '@IsString(?![\s\S]*@MaxLength$255$)' apps/judicial-system/backend/src/app/modules/**/dto/*.ts

# List all DTOs for manual verification
echo "List of all DTOs for cross-reference:"
fd --type f --extension ts dto/ apps/judicial-system/backend
Length of output: 2896

Script:
#!/bin/bash
# Let's try a different approach to check string validations
# Search for string fields in DTOs and their validation decorators

# Check validation patterns in DTOs
rg -A 2 '@IsString' --type ts apps/judicial-system/backend/src/app/modules/**/dto/*.ts

# Also check specifically the related DTOs in the defendant module
echo "=== Defendant Module DTOs ==="
rg -A 2 '@IsString' apps/judicial-system/backend/src/app/modules/defendant/dto/*.ts
Length of output: 51407
apps/judicial-system/backend/src/app/modules/defendant/dto/createDefendant.dto.ts (2)
61-64: Consider adding email format validation

While the length validation is good, consider adding the @IsEmail() decorator for stronger email format validation.
  @IsOptional()
  @MaxLength(255)
  @IsString()
+ @IsEmail()
  @ApiPropertyOptional({ type: String })
  readonly defenderEmail?: string
67-70: Consider adding format validation for specific fields

For fields like phone numbers and national IDs, consider adding pattern validation using @Matches() decorator to ensure proper formatting:
  // Phone number
  @IsOptional()
  @MaxLength(255)
  @IsString()
+ @Matches(/^[0-9\-\+\s]+$/, { message: 'Invalid phone number format' })
  @ApiPropertyOptional({ type: String })
  readonly defenderPhoneNumber?: string

  // National IDs (both defendant and defender)
  @IsOptional()
  @MaxLength(255)
  @IsString()
+ @Matches(/^[0-9]{6}-?[0-9]{4}$/, { message: 'Invalid national ID format' })
  @ApiPropertyOptional({ type: String })
  readonly nationalId?: string
Also applies to: 55-58, 20-23
apps/judicial-system/backend/src/app/modules/subpoena/dto/updateSubpoena.dto.ts (3)
35-56: Consider adding field-specific validation rules.

While the MaxLength validation is correctly applied, these fields could benefit from additional validation:

defenderEmail: Add @isemail()

defenderPhoneNumber: Add a pattern validator for Icelandic phone numbers

defenderNationalId: Add a pattern validator for Icelandic national ID format

Example implementation:
@IsOptional()
@MaxLength(255)
@IsEmail()
@ApiPropertyOptional({ type: String })
readonly defenderEmail?: string

@IsOptional()
@MaxLength(255)
@Matches(/^(\+354 )?\d{3}[ -]?\d{4}$/)
@ApiPropertyOptional({ type: String })
readonly defenderPhoneNumber?: string

@IsOptional()
@MaxLength(255)
@Matches(/^\d{6}-?\d{4}$/)
@ApiPropertyOptional({ type: String })
readonly defenderNationalId?: string
64-73: Maintain consistency with primary defender field validations.

If you implement the suggested additional validations for the primary defender fields, please ensure the same validation rules are applied to these requested defender fields for consistency.

Case description field lacks length validation

The case description field ("efni kröfu") in both CreateCaseDto and UpdateCaseDto only has @IsString() validation but lacks @MaxLength() validation, unlike other string fields in the codebase. This should be addressed to prevent potential issues with overly long descriptions.

apps/judicial-system/backend/src/app/modules/case/dto/createCase.dto.ts: Add @MaxLength(255) to description field

apps/judicial-system/backend/src/app/modules/case/dto/updateCase.dto.ts: Add @MaxLength(255) to description field

🔗 Analysis chain

Line range hint 1-73: Verify case description validation implementation.

While this file correctly implements string length validation for subpoena-related fields, the PR objectives mention validating "efni kröfu" (case description). This validation isn't present in this file.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Search for case description validation in related DTOs
echo "Searching for case description validation..."
rg -l "efni kröfu|case description" apps/judicial-system/backend/src/app/modules/**/dto/
Length of output: 667

Script:
#!/bin/bash
# Let's try a broader search for validation patterns in DTOs and related files
# First, let's check for any files that might contain case description validation
rg -l "caseDescription|description|efni" apps/judicial-system/backend/src/app/modules/**/dto/

# Also search for class-validator decorators in DTO files
rg "@IsString|@MaxLength" apps/judicial-system/backend/src/app/modules/**/dto/

# Let's also check the types definition since we see imports from there
fd -e ts -e tsx . apps/judicial-system/types/ -x rg -l "caseDescription|description|efni" {}
Length of output: 19090

Script:
#!/bin/bash
# Let's check the case-related DTOs more specifically since we see them in the output
echo "Checking case DTOs content..."
rg -A 5 "class (Create|Update)Case" apps/judicial-system/backend/src/app/modules/case/dto/

# Also check for any description-related fields in case DTOs
echo "Checking for description fields in case DTOs..."
rg "description|efni|caseDescription" apps/judicial-system/backend/src/app/modules/case/dto/
Length of output: 1700

Script:
#!/bin/bash
# Let's check the validation decorators for the description field in both DTOs
echo "Checking validation for description field..."
rg -B 2 -A 1 "readonly description\?" apps/judicial-system/backend/src/app/modules/case/dto/updateCase.dto.ts apps/judicial-system/backend/src/app/modules/case/dto/createCase.dto.ts
Length of output: 1037
apps/judicial-system/backend/src/app/modules/case/dto/createCase.dto.ts (1)
43-45: Consider removing redundant validation

The field has both @IsNotEmpty and @ArrayMinSize(1) decorators, which are redundant as they serve the same purpose for arrays.

Consider keeping only @ArrayMinSize(1):
-  @IsNotEmpty()
   @IsArray()
   @ArrayMinSize(1)
   @MaxLength(255)
   @IsString({ each: true })
apps/judicial-system/backend/src/app/modules/defendant/dto/updateDefendant.dto.ts (2)
28-37: Consider additional validation rules for personal information

While the MaxLength validation is good, consider enhancing the validation rules:

For nationalId: Add a pattern validation to match the expected format

For name: Consider a reasonable minimum length validation

Example enhancement:
 @IsOptional()
 @MaxLength(255)
 @IsString()
+@Matches(/^[0-9]{6}-?[0-9]{4}$/, { message: 'Invalid national ID format' })
 @ApiPropertyOptional({ type: String })
 readonly nationalId?: string

 @IsOptional()
 @MaxLength(255)
+@MinLength(2)
 @IsString()
 @ApiPropertyOptional({ type: String })
 readonly name?: string
Line range hint 1-137: Document the rationale for character limits

The implementation consistently applies the 255-character limit across all string fields, which aligns well with the PR objectives. Consider adding a class-level JSDoc comment to document why this specific limit was chosen (e.g., database column constraints).

Example enhancement:
+/**
+ * DTO for updating defendant information.
+ * All string fields are limited to 255 characters to match the database varchar(255) constraints
+ * and prevent unexpected exceptions when writing to the database.
+ */
 export class UpdateDefendantDto {
apps/judicial-system/web/src/routes/Prosecutor/InvestigationCase/Defendant/Defendant.tsx (2)
Line range hint 332-341: Consider enhancing form validation feedback.

While the maxLength constraint is implemented, consider adding visual feedback to show the remaining character count, especially since this is a critical field with a strict limit.
 <Input
   data-testid="description"
   name="description"
   label={formatMessage(
     m.sections.investigationType.description.label,
   )}
   placeholder={formatMessage(
     m.sections.investigationType.description.placeholder,
   )}
   value={workingCase.description || ''}
   autoComplete="off"
+  hasError={workingCase.description?.length === 255}
+  errorMessage={workingCase.description?.length === 255 ? 
+    formatMessage(m.sections.investigationType.description.maxLengthError) : undefined}
+  helperText={`${workingCase.description?.length || 0}/255`}
   onChange={(evt) => {
     setWorkingCase((prevWorkingCase) => ({
       ...prevWorkingCase,
       description: evt.target.value,
     }))
   }}
   onBlur={(evt) =>
     setAndSendCaseToServer(
       [
         {
           description: evt.target.value.trim(),
           force: true,
         },
       ],
       workingCase,
       setWorkingCase,
     )
   }
   maxLength={255}
 />
Line range hint 332-341: Consider implementing form state management library.

The component handles complex form state with multiple fields and validation rules. Consider using a form management library like react-hook-form or formik to:

Reduce boilerplate code

Centralize validation logic

Improve performance by reducing rerenders

Handle form submission more efficiently

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 760b5fe and 84d5826.

📒 Files selected for processing (13)

apps/judicial-system/backend/src/app/modules/case/dto/createCase.dto.ts (3 hunks)
apps/judicial-system/backend/src/app/modules/case/dto/updateCase.dto.ts (8 hunks)
apps/judicial-system/backend/src/app/modules/defendant/dto/createDefendant.dto.ts (3 hunks)
apps/judicial-system/backend/src/app/modules/defendant/dto/updateCivilClaimant.dto.ts (3 hunks)
apps/judicial-system/backend/src/app/modules/defendant/dto/updateDefendant.dto.ts (4 hunks)
apps/judicial-system/backend/src/app/modules/file/dto/createFile.dto.ts (5 hunks)
apps/judicial-system/backend/src/app/modules/file/dto/createPresignedPost.dto.ts (1 hunks)
apps/judicial-system/backend/src/app/modules/file/dto/updateFile.dto.ts (2 hunks)
apps/judicial-system/backend/src/app/modules/indictment-count/dto/updateIndictmentCount.dto.ts (2 hunks)
apps/judicial-system/backend/src/app/modules/subpoena/dto/updateSubpoena.dto.ts (4 hunks)
apps/judicial-system/backend/src/app/modules/user/dto/createUser.dto.ts (2 hunks)
apps/judicial-system/backend/src/app/modules/user/dto/updateUser.dto.ts (2 hunks)
apps/judicial-system/web/src/routes/Prosecutor/InvestigationCase/Defendant/Defendant.tsx (1 hunks)

🧰 Additional context used

📓 Path-based instructions (13)

apps/judicial-system/backend/src/app/modules/case/dto/createCase.dto.ts (1)