rohskiddo/UMBRA
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
UMBRA/backend/app/schemas/project_task.py
Kyle Pope 2f58282c31 M-01+M-03: Add input validation and extra=forbid to all request schemas 
- Add max_length constraints to all string fields in request schemas,
  matching DB column limits (title:255, description:5000, etc.)
- Add min_length=1 to required name/title fields
- Add ConfigDict(extra="forbid") to all request schemas to reject
  unknown fields (prevents silent field injection)
- Add Path(ge=1, le=2147483647) to all integer path parameters across
  all routers to prevent integer overflow → 500 errors
- Add max_length to TOTP inline schemas (code:6, mfa_token:256, etc.)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-27 15:43:55 +08:00

55 lines
1.6 KiB
Python
Raw Blame History

from pydantic import BaseModel, ConfigDict, Field
from datetime import datetime, date
from typing import Optional, List, Literal
from app.schemas.task_comment import TaskCommentResponse
TaskStatus = Literal["pending", "in_progress", "completed", "blocked", "review", "on_hold"]
TaskPriority = Literal["none", "low", "medium", "high"]
class ProjectTaskCreate(BaseModel):
model_config = ConfigDict(extra="forbid")
title: str = Field(min_length=1, max_length=255)
description: Optional[str] = Field(None, max_length=5000)
status: TaskStatus = "pending"
priority: TaskPriority = "medium"
due_date: Optional[date] = None
person_id: Optional[int] = None
sort_order: int = 0
parent_task_id: Optional[int] = None
class ProjectTaskUpdate(BaseModel):
model_config = ConfigDict(extra="forbid")
title: Optional[str] = Field(None, min_length=1, max_length=255)
description: Optional[str] = Field(None, max_length=5000)
status: Optional[TaskStatus] = None
priority: Optional[TaskPriority] = None
due_date: Optional[date] = None
person_id: Optional[int] = None
sort_order: Optional[int] = None
class ProjectTaskResponse(BaseModel):
id: int
project_id: int
parent_task_id: Optional[int] = None
title: str
description: Optional[str]
status: str
priority: str
due_date: Optional[date]
person_id: Optional[int]
sort_order: int
created_at: datetime
updated_at: datetime
subtasks: List["ProjectTaskResponse"] = []
comments: List[TaskCommentResponse] = []
model_config = ConfigDict(from_attributes=True)
ProjectTaskResponse.model_rebuild()
Reference in New Issue View Git Blame Copy Permalink