Skip to content

fix: add per-user goals limit guard#873

Open
Sammmyyyyyyy wants to merge 1 commit into
Priyanshu-byte-coder:mainfrom
Sammmyyyyyyy:fix/goals-limit-guard
Open

fix: add per-user goals limit guard#873
Sammmyyyyyyy wants to merge 1 commit into
Priyanshu-byte-coder:mainfrom
Sammmyyyyyyy:fix/goals-limit-guard

Conversation

@Sammmyyyyyyy
Copy link
Copy Markdown

@Sammmyyyyyyy Sammmyyyyyyy commented May 23, 2026

Summary

Adds a per-user goals limit guard to prevent unbounded database row creation and reduce performance issues caused by excessively large goal payloads.

Closes #698

Type of Change

  • Bug fix
  • New feature
  • Documentation update
  • Refactor / code cleanup

Changes Made

  • Added MAX_GOALS_PER_USER limit
  • Added a count check before inserting new goals
  • Added error handling for goal limit verification
  • Added .limit(MAX_GOALS_PER_USER) safeguard to the GET query

How to Test

Steps for the reviewer to verify this works:

  1. Start the development server using npm run dev
  2. Create goals normally and verify creation works below the limit
  3. Attempt to create more than 20 goals for the same user
  4. Verify the API returns an error once the limit is exceeded
  5. Verify the GET route only fetches up to the configured limit

Screenshots (if UI change)

N/A

Checklist

  • Linked issue in summary
  • npm run lint passes locally
  • No TypeScript errors (npm run type-check)
  • Self-reviewed the diff
  • Added/updated tests if applicable

@vercel
Copy link
Copy Markdown

vercel Bot commented May 23, 2026

@Sammmyyyyyyy is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions Bot added gssoc26 GSSoC 2026 contribution type:bug GSSoC type bonus: bug fix type:feature GSSoC type bonus: new feature labels May 23, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 23, 2026

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

  • level:beginner — 20 pts
  • level:intermediate — 35 pts
  • level:advanced — 55 pts
  • level:critical — 80 pts

Quality (optional):

  • quality:clean — ×1.2 multiplier
  • quality:exceptional — ×1.5 multiplier

Validation (required to score):

  • gssoc:approved — counts for points
  • gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

github-actions[bot]
github-actions Bot reviewed May 23, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your first PR on DevTrack! 🎉

A maintainer will review it within 48 hours. While you wait:

  • Make sure CI is passing (type-check + lint)
  • Double-check the PR description is filled out and the issue is linked
  • Feel free to ask questions in Discussions if you need help

If you find DevTrack useful, a ⭐ star on the repo is always appreciated — it helps the project grow and attract more contributors!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@Priyanshu-byte-coder Priyanshu-byte-coder Awaiting requested review from Priyanshu-byte-coder Priyanshu-byte-coder is a code owner

Assignees

@Sammmyyyyyyy Sammmyyyyyyy

Labels

gssoc26 GSSoC 2026 contribution type:bug GSSoC type bonus: bug fix type:feature GSSoC type bonus: new feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] No per-user goals limit allows unbounded database row insertion (storage DoS)

1 participant

@Sammmyyyyyyy