Commit Graph

3 Commits

Author SHA1 Message Date
Marshall Polaris
d00fe7bcd2
Backend robustness to email sending or analytics tracking failures (#728)
* Make `sendEmail` functions await email send success

* Make tracking and email sending not throw on failure
2022-08-15 22:13:38 -07:00
Marshall Polaris
1075fec53f
Clean up unclean user names (#543)
* Clean the user's display name on update.

The user's display name should always be clean (see for example
functions/src/create-user.ts). However, change-user-info.ts does not
enforce this, thus potentially allowing a malicious user to change their
name to something that doesn't satisfy the rules for clean display
names.

Note: this cannot happen currently because all callers (in profile.tsx)
clean the name. However, doing it here is good defense in depth
(similar to how the userName is cleaned).

* Update display name max length to 30

* Add a script to hunt down too-long display names

* Make util.isProd a function

* Don't access admin.firestore() on top level of utils.ts

Co-authored-by: Jonas Wagner <ltlygwayh@gmail.com>
2022-06-18 14:31:39 -07:00
mantikoros
fb10e9cddc server side tracking; track M$ purchases 2022-06-15 21:29:53 -05:00