From c28df5fc7fb7c92a5c790cdc64bdbbaef6b8bf06 Mon Sep 17 00:00:00 2001
From: Sam <sam@sam.wf>
Date: Mon, 29 May 2023 02:59:15 +0200
Subject: [PATCH] fix: enforce maximum number of flags on profile

---
 backend/routes/member/patch_member.go | 10 ++++++++++
 backend/routes/user/patch_user.go     | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/backend/routes/member/patch_member.go b/backend/routes/member/patch_member.go
index d4545eb..7e3409d 100644
--- a/backend/routes/member/patch_member.go
+++ b/backend/routes/member/patch_member.go
@@ -155,6 +155,16 @@ func (s *Server) patchMember(w http.ResponseWriter, r *http.Request) error {
 		}
 	}
 
+	// validate flag length
+	if req.Flags != nil {
+		if len(*req.Flags) > db.MaxPrideFlags {
+			return server.APIError{
+				Code:    server.ErrBadRequest,
+				Details: fmt.Sprintf("Too many flags (max %d, current %d)", len(*req.Flags), db.MaxPrideFlags),
+			}
+		}
+	}
+
 	if err := validateSlicePtr("name", req.Names, u.CustomPreferences); err != nil {
 		return *err
 	}
diff --git a/backend/routes/user/patch_user.go b/backend/routes/user/patch_user.go
index 3b015bb..19ab3e1 100644
--- a/backend/routes/user/patch_user.go
+++ b/backend/routes/user/patch_user.go
@@ -109,6 +109,16 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
 		}
 	}
 
+	// validate flag length
+	if req.Flags != nil {
+		if len(*req.Flags) > db.MaxPrideFlags {
+			return server.APIError{
+				Code:    server.ErrBadRequest,
+				Details: fmt.Sprintf("Too many flags (max %d, current %d)", len(*req.Flags), db.MaxPrideFlags),
+			}
+		}
+	}
+
 	// validate custom preferences
 	if req.CustomPreferences != nil {
 		if count := len(*req.CustomPreferences); count > db.MaxFields {