diff --git a/api/resolvers/search.js b/api/resolvers/search.js index 99dcd07f..18c68ea9 100644 --- a/api/resolvers/search.js +++ b/api/resolvers/search.js @@ -2,6 +2,7 @@ import { decodeCursor, LIMIT, nextCursorEncoded } from '@/lib/cursor' import { whenToFrom } from '@/lib/time' import { getItem, itemQueryWithMeta, SELECT } from './item' import { parse } from 'tldts' +import { searchSchema, validateSchema } from '@/lib/validate' function queryParts (q) { const regex = /"([^"]*)"/gm @@ -173,6 +174,7 @@ export default { } }, search: async (parent, { q, cursor, sort, what, when, from: whenFrom, to: whenTo }, { me, models, search }) => { + await validateSchema(searchSchema, { q }) const decodedCursor = decodeCursor(cursor) let sitems = null diff --git a/components/search.js b/components/search.js index 249683f9..ac85a8d5 100644 --- a/components/search.js +++ b/components/search.js @@ -15,6 +15,7 @@ import { useRouter } from 'next/router' import { whenToFrom } from '@/lib/time' import { useMe } from './me' import { useField } from 'formik' +import { searchSchema } from '@/lib/validate' export default function Search ({ sub }) { const router = useRouter() @@ -65,6 +66,7 @@ export default function Search ({ sub }) {
search({ ...values })} + schema={searchSchema} >
.active { display: flex; pointer-events: auto; - flex-flow: row nowrap; + flex-flow: row; align-items: center; -} - -form>.active :global(.input-group) { - flex-flow: nowrap; } \ No newline at end of file diff --git a/lib/validate.js b/lib/validate.js index 3dcaa60b..ea1fa25c 100644 --- a/lib/validate.js +++ b/lib/validate.js @@ -116,6 +116,10 @@ async function subHasPostType (name, type, { client, models }) { return !!(sub?.postTypes?.includes(type)) } +export const searchSchema = object({ + q: string().trim().max(100, 'must be at most 100 characters') +}) + export function advPostSchemaMembers ({ me, existingBoost = 0, ...args }) { const boostMin = existingBoost || BOOST_MIN return {