fix(server): check env name regex for batch update (#1065)

Author: maslow

server/src/application/dto/create-env.dto.ts

@@ -6,7 +6,7 @@ export class CreateEnvironmentDto {
   @IsNotEmpty()
   @IsString()
   @Length(1, 64)
-  @Matches(/^[a-zA-Z_][a-zA-Z0-9_]*$/)
+  @Matches(/^[a-zA-Z_][a-zA-Z0-9_]{1,64}$/)
   name: string
 
   @ApiProperty()

server/src/application/environment.controller.ts

@@ -49,6 +49,19 @@ export class EnvironmentVariableController {
     @Param('appid') appid: string,
     @Body() dto: CreateEnvironmentDto[],
   ) {
+    // check env name and value (since validation decorator not work if dto is array)
+    for (const item of dto) {
+      if (/^[a-zA-Z_][a-zA-Z0-9_]{1,64}$/g.test(item.name) === false) {
+        return ResponseUtil.error(
+          'name must match /^[a-zA-Z_][a-zA-Z0-9_]{1,64}$/ : ' + item.name,
+        )
+      }
+
+      if (item.value.length > 4096) {
+        return ResponseUtil.error('value must less than 4096: ' + item.name)
+      }
+    }
+
     // app secret can not missing or empty
     const secret = dto.find((item) => item.name === APPLICATION_SECRET_KEY)
     if (!secret || !secret.value) {