From 560be165eec20c0db1b88eb4348fc2f761fbbe3c Mon Sep 17 00:00:00 2001
From: k00b <k00b@stacker.news>
Date: Wed, 3 Sep 2025 12:10:21 -0500
Subject: [PATCH] limit search query length

---
 api/resolvers/search.js      | 2 ++
 components/search.js         | 2 ++
 components/search.module.css | 6 +-----
 lib/validate.js              | 4 ++++
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/api/resolvers/search.js b/api/resolvers/search.js
index 99dcd07f..18c68ea9 100644
--- a/api/resolvers/search.js
+++ b/api/resolvers/search.js
@@ -2,6 +2,7 @@ import { decodeCursor, LIMIT, nextCursorEncoded } from '@/lib/cursor'
 import { whenToFrom } from '@/lib/time'
 import { getItem, itemQueryWithMeta, SELECT } from './item'
 import { parse } from 'tldts'
+import { searchSchema, validateSchema } from '@/lib/validate'
 
 function queryParts (q) {
   const regex = /"([^"]*)"/gm
@@ -173,6 +174,7 @@ export default {
       }
     },
     search: async (parent, { q, cursor, sort, what, when, from: whenFrom, to: whenTo }, { me, models, search }) => {
+      await validateSchema(searchSchema, { q })
       const decodedCursor = decodeCursor(cursor)
       let sitems = null
 
diff --git a/components/search.js b/components/search.js
index 249683f9..ac85a8d5 100644
--- a/components/search.js
+++ b/components/search.js
@@ -15,6 +15,7 @@ import { useRouter } from 'next/router'
 import { whenToFrom } from '@/lib/time'
 import { useMe } from './me'
 import { useField } from 'formik'
+import { searchSchema } from '@/lib/validate'
 
 export default function Search ({ sub }) {
   const router = useRouter()
@@ -65,6 +66,7 @@ export default function Search ({ sub }) {
           <Form
             initial={{ q, what, sort, when, from: '', to: '' }}
             onSubmit={values => search({ ...values })}
+            schema={searchSchema}
           >
             <div className={`${styles.active} mb-3`}>
               <SearchInput
diff --git a/components/search.module.css b/components/search.module.css
index 89b45237..a9399d58 100644
--- a/components/search.module.css
+++ b/components/search.module.css
@@ -22,10 +22,6 @@
 form>.active {
     display: flex;
     pointer-events: auto;
-    flex-flow: row nowrap;
+    flex-flow: row;
     align-items: center;
-}
-
-form>.active :global(.input-group) {
-    flex-flow: nowrap;
 }
\ No newline at end of file
diff --git a/lib/validate.js b/lib/validate.js
index 3dcaa60b..ea1fa25c 100644
--- a/lib/validate.js
+++ b/lib/validate.js
@@ -116,6 +116,10 @@ async function subHasPostType (name, type, { client, models }) {
   return !!(sub?.postTypes?.includes(type))
 }
 
+export const searchSchema = object({
+  q: string().trim().max(100, 'must be at most 100 characters')
+})
+
 export function advPostSchemaMembers ({ me, existingBoost = 0, ...args }) {
   const boostMin = existingBoost || BOOST_MIN
   return {