diff --git a/backend/src/errors/index.ts b/backend/src/errors/index.ts index b56ac19..03e5aa3 100644 --- a/backend/src/errors/index.ts +++ b/backend/src/errors/index.ts @@ -41,3 +41,7 @@ export function internalServerError(): Response { export function statusNotFound(): Response { return generateErrorResponse('Status not found', 404) } + +export function exceededLimit(detail: string): Response { + return generateErrorResponse('Limit exceeded', 400, detail) +} diff --git a/backend/test/mastodon/statuses.spec.ts b/backend/test/mastodon/statuses.spec.ts index 6bc8d58..d6b75b2 100644 --- a/backend/test/mastodon/statuses.spec.ts +++ b/backend/test/mastodon/statuses.spec.ts @@ -608,5 +608,25 @@ describe('Mastodon APIs', () => { assert.equal(row.in_reply_to_object_id, note.id.toString()) } }) + + test('create new status with too many image', async () => { + const db = await makeDB() + const queue = makeQueue() + const actor = await createPerson(domain, db, userKEK, 'sven@cloudflare.com') + + const body = { + status: 'my status', + media_ids: ['id', 'id', 'id', 'id', 'id'], + visibility: 'public', + } + const req = new Request('https://example.com', { + method: 'POST', + headers: { 'content-type': 'application/json' }, + body: JSON.stringify(body), + }) + + const res = await statuses.handleRequest(req, db, actor, userKEK, queue, kv_cache) + assert.equal(res.status, 400) + }) }) }) diff --git a/functions/api/v1/statuses.ts b/functions/api/v1/statuses.ts index de46ffa..a7c157d 100644 --- a/functions/api/v1/statuses.ts +++ b/functions/api/v1/statuses.ts @@ -59,6 +59,10 @@ export async function handleRequest( const mediaAttachments: Array = [] if (body.media_ids && body.media_ids.length > 0) { + if (body.media_ids.length > 4) { + return errors.exceededLimit('up to 4 images are allowed') + } + for (let i = 0, len = body.media_ids.length; i < len; i++) { const id = body.media_ids[i] const document = await getObjectByMastodonId(db, id)