Description
The current group creation and update endpoints lack proper input validation and constraints. This may allow malformed or abusive payloads, such as excessively long group names, invalid member IDs, or an unbounded number of members.
To improve security, stability, and scalability, validation rules and limits should be implemented for group-related inputs.
Proposed Improvements
- Validate group name (required, max length)
- Ensure
members is a valid array of ObjectIds
- Set maximum member limit per group
- Validate avatar format (if provided)
- Reject malformed or oversized payloads
- Return proper 400 responses for invalid inputs
Acceptance Criteria
Description
The current group creation and update endpoints lack proper input validation and constraints. This may allow malformed or abusive payloads, such as excessively long group names, invalid member IDs, or an unbounded number of members.
To improve security, stability, and scalability, validation rules and limits should be implemented for group-related inputs.
Proposed Improvements
membersis a valid array of ObjectIdsAcceptance Criteria