From 93a3809f6a16335344b50b9d3d94d49d6de67b05 Mon Sep 17 00:00:00 2001
From: Ephraim Duncan <55143799+ephraimduncan@users.noreply.github.com>
Date: Tue, 9 Sep 2025 07:52:03 +0000
Subject: [PATCH] fix: add maxLength limits to document input fields (#1988)
---
packages/trpc/server/document-router/schema.ts | 3 +++
packages/trpc/server/recipient-router/schema.ts | 16 ++++++++--------
packages/trpc/server/template-router/schema.ts | 8 ++++----
.../ui/primitives/document-flow/add-settings.tsx | 1 +
.../ui/primitives/document-flow/add-signers.tsx | 2 ++
.../ui/primitives/document-flow/add-subject.tsx | 10 +++++++---
.../add-template-placeholder-recipients.tsx | 2 ++
.../template-flow/add-template-settings.tsx | 11 ++++++-----
8 files changed, 33 insertions(+), 20 deletions(-)
diff --git a/packages/trpc/server/document-router/schema.ts b/packages/trpc/server/document-router/schema.ts
index f362bf1a1..c6f76bf0d 100644
--- a/packages/trpc/server/document-router/schema.ts
+++ b/packages/trpc/server/document-router/schema.ts
@@ -28,6 +28,7 @@ export const ZDocumentTitleSchema = z
export const ZDocumentExternalIdSchema = z
.string()
.trim()
+ .max(255)
.describe('The external ID of the document.');
export const ZDocumentVisibilitySchema = z
@@ -65,10 +66,12 @@ export const ZDocumentMetaLanguageSchema = z
export const ZDocumentMetaSubjectSchema = z
.string()
+ .max(254)
.describe('The subject of the email that will be sent to the recipients.');
export const ZDocumentMetaMessageSchema = z
.string()
+ .max(5000)
.describe('The message of the email that will be sent to the recipients.');
export const ZDocumentMetaDistributionMethodSchema = z
diff --git a/packages/trpc/server/recipient-router/schema.ts b/packages/trpc/server/recipient-router/schema.ts
index e7344a9da..dbc25a497 100644
--- a/packages/trpc/server/recipient-router/schema.ts
+++ b/packages/trpc/server/recipient-router/schema.ts
@@ -23,8 +23,8 @@ export const ZGetRecipientResponseSchema = ZRecipientSchema;
* pass along required details.
*/
export const ZCreateRecipientSchema = z.object({
- email: z.string().toLowerCase().email().min(1),
- name: z.string(),
+ email: z.string().toLowerCase().email().min(1).max(254),
+ name: z.string().max(255),
role: z.nativeEnum(RecipientRole),
signingOrder: z.number().optional(),
accessAuth: z.array(ZRecipientAccessAuthTypesSchema).optional().default([]),
@@ -33,8 +33,8 @@ export const ZCreateRecipientSchema = z.object({
export const ZUpdateRecipientSchema = z.object({
id: z.number().describe('The ID of the recipient to update.'),
- email: z.string().toLowerCase().email().min(1).optional(),
- name: z.string().optional(),
+ email: z.string().toLowerCase().email().min(1).max(254).optional(),
+ name: z.string().max(255).optional(),
role: z.nativeEnum(RecipientRole).optional(),
signingOrder: z.number().optional(),
accessAuth: z.array(ZRecipientAccessAuthTypesSchema).optional().default([]),
@@ -103,8 +103,8 @@ export const ZSetDocumentRecipientsRequestSchema = z
recipients: z.array(
z.object({
nativeId: z.number().optional(),
- email: z.string().toLowerCase().email().min(1),
- name: z.string(),
+ email: z.string().toLowerCase().email().min(1).max(254),
+ name: z.string().max(255),
role: z.nativeEnum(RecipientRole),
signingOrder: z.number().optional(),
actionAuth: z.array(ZRecipientActionAuthTypesSchema).optional().default([]),
@@ -229,8 +229,8 @@ export const ZCompleteDocumentWithTokenMutationSchema = z.object({
authOptions: ZRecipientActionAuthSchema.optional(),
nextSigner: z
.object({
- email: z.string().email(),
- name: z.string().min(1),
+ email: z.string().email().max(254),
+ name: z.string().min(1).max(255),
})
.optional(),
});
diff --git a/packages/trpc/server/template-router/schema.ts b/packages/trpc/server/template-router/schema.ts
index c1100b99e..452ade10c 100644
--- a/packages/trpc/server/template-router/schema.ts
+++ b/packages/trpc/server/template-router/schema.ts
@@ -83,8 +83,8 @@ export const ZCreateTemplateMutationSchema = z.object({
});
export const ZCreateDocumentFromDirectTemplateRequestSchema = z.object({
- directRecipientName: z.string().optional(),
- directRecipientEmail: z.string().email(),
+ directRecipientName: z.string().max(255).optional(),
+ directRecipientEmail: z.string().email().max(254),
directTemplateToken: z.string().min(1),
directTemplateExternalId: z.string().optional(),
signedFieldValues: z.array(ZSignFieldWithTokenMutationSchema),
@@ -97,8 +97,8 @@ export const ZCreateDocumentFromTemplateRequestSchema = z.object({
.array(
z.object({
id: z.number().describe('The ID of the recipient in the template.'),
- email: z.string().email(),
- name: z.string().optional(),
+ email: z.string().email().max(254),
+ name: z.string().max(255).optional(),
}),
)
.describe('The information of the recipients to create the document with.')
diff --git a/packages/ui/primitives/document-flow/add-settings.tsx b/packages/ui/primitives/document-flow/add-settings.tsx
index 3d1789e31..a96fe4e42 100644
--- a/packages/ui/primitives/document-flow/add-settings.tsx
+++ b/packages/ui/primitives/document-flow/add-settings.tsx
@@ -221,6 +221,7 @@ export const AddSettingsFormPartial = ({
className="bg-background"
{...field}
disabled={document.status !== DocumentStatus.DRAFT || field.disabled}
+ maxLength={255}
onBlur={handleAutoSave}
/>
diff --git a/packages/ui/primitives/document-flow/add-signers.tsx b/packages/ui/primitives/document-flow/add-signers.tsx
index a57c87167..cf592f448 100644
--- a/packages/ui/primitives/document-flow/add-signers.tsx
+++ b/packages/ui/primitives/document-flow/add-signers.tsx
@@ -690,6 +690,7 @@ export const AddSignersFormPartial = ({
}
data-testid="signer-email-input"
onKeyDown={onKeyDown}
+ maxLength={254}
onBlur={handleAutoSave}
/>
@@ -728,6 +729,7 @@ export const AddSignersFormPartial = ({
!canRecipientBeModified(signer.nativeId)
}
onKeyDown={onKeyDown}
+ maxLength={255}
onBlur={handleAutoSave}
/>
diff --git a/packages/ui/primitives/document-flow/add-subject.tsx b/packages/ui/primitives/document-flow/add-subject.tsx
index 82f6f11d5..c687dcfa1 100644
--- a/packages/ui/primitives/document-flow/add-subject.tsx
+++ b/packages/ui/primitives/document-flow/add-subject.tsx
@@ -262,7 +262,7 @@ export const AddSubjectFormPartial = ({
-
+
@@ -300,7 +300,7 @@ export const AddSubjectFormPartial = ({
-
+
@@ -326,7 +326,11 @@ export const AddSubjectFormPartial = ({
-
+
diff --git a/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx b/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx
index 70f42b990..7d0899574 100644
--- a/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx
+++ b/packages/ui/primitives/template-flow/add-template-placeholder-recipients.tsx
@@ -627,6 +627,7 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
signers[index].email === user?.email ||
isSignerDirectRecipient(signer)
}
+ maxLength={254}
onBlur={handleAutoSave}
data-testid="placeholder-recipient-email-input"
/>
@@ -663,6 +664,7 @@ export const AddTemplatePlaceholderRecipientsFormPartial = ({
signers[index].email === user?.email ||
isSignerDirectRecipient(signer)
}
+ maxLength={255}
onBlur={handleAutoSave}
data-testid="placeholder-recipient-name-input"
/>
diff --git a/packages/ui/primitives/template-flow/add-template-settings.tsx b/packages/ui/primitives/template-flow/add-template-settings.tsx
index 374e31a69..83cbc80c2 100644
--- a/packages/ui/primitives/template-flow/add-template-settings.tsx
+++ b/packages/ui/primitives/template-flow/add-template-settings.tsx
@@ -216,7 +216,7 @@ export const AddTemplateSettingsFormPartial = ({
-
+
@@ -519,7 +519,7 @@ export const AddTemplateSettingsFormPartial = ({
-
+
@@ -539,7 +539,7 @@ export const AddTemplateSettingsFormPartial = ({
-
+
@@ -569,6 +569,7 @@ export const AddTemplateSettingsFormPartial = ({
@@ -623,7 +624,7 @@ export const AddTemplateSettingsFormPartial = ({
-
+
@@ -714,7 +715,7 @@ export const AddTemplateSettingsFormPartial = ({
-
+