Limit customer name and invoice metadata value length#5880
Limit customer name and invoice metadata value length#5880lago-claude-ai-agent[bot] wants to merge 3 commits into
Conversation
## Context Several string fields accept arbitrarily long values that fit the DB column but break downstream: 10,000-character customer names break PDF invoice rendering (Gotenberg layout limits) and inflate webhook payloads, and invoice metadata values are unbounded. ## Description Add a 255-character length validation to customer name and a 100-character length validation to invoice metadata value, mirroring the length limits already enforced on sibling models (entitlement name, customer metadata value). Signed-off-by: lago-claude-ai-agent[bot] <297187938+lago-claude-ai-agent[bot]@users.noreply.github.com>
|
check before merge that we do not have higher values than limits in prod DB |
|
PASS — Adds Verified:
Non-blocking nits:
|
yes good idea! |
customer_name: invoice_metadata - no offenders on EU, 2 offenders on US (140 symbols) Also we need to communicate to customers before merging |
Only enforce name/value length limits when the field is being changed. Signed-off-by: lago-claude-ai-agent[bot] <297187938+lago-claude-ai-agent[bot]@users.noreply.github.com>
|
Thanks for the review! Addressed below.
|
|
Held: CI is not green on this PR; not reviewed. Re-run CI, then re-review. Checks: https://github.com/getlago/lago-api/pull/5880/checks |
Impediment — no code change to make; remaining items need a human merge decisionWhere I stoppedI made no code changes. After reading every unresolved comment against the current branch, the only comment that asked for a code change is already implemented, and the rest are merge-gating decisions that only a human can make. Why
Decision a human needsWhether to proceed to merge, given that:
Both are merge-timing/communication decisions outside the scope of a code edit. No commit was pushed. |
0889627 to
a48d0a1
Compare
Caps customer
nameat 255 characters and invoice metadatavalueat 100, mirroring the length limits already enforced on sibling models (entitlementname, customer metadatavalue). These fields were unbounded, and oversized values break PDF invoice rendering and inflate webhook payloads.Out of scope: the customer
emaillength limit.emailstores comma-separated multiple addresses (it is split on,in the payment-provider sync services), so a single-address cap would reject valid data — an appropriate limit needs a product decision. Email format validation already exists.