From 4974712d6c0a29fe4be0df68e1067a161970b633 Mon Sep 17 00:00:00 2001
From: Sabe Jones <sabrecat@gmail.com>
Date: Tue, 17 Oct 2023 22:31:43 +0000
Subject: [PATCH] fix(stats): enforce sensible maxima in db

---
 .../settings/settingRows/fixValuesSetting.vue    | 12 +++++++-----
 website/common/script/constants.js               |  1 +
 website/common/script/index.js                   |  2 ++
 website/server/models/user/hooks.js              | 16 ++++++++++++++++
 4 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/website/client/src/pages/settings/settingRows/fixValuesSetting.vue b/website/client/src/pages/settings/settingRows/fixValuesSetting.vue
index ef63f77058..d8ee046be5 100644
--- a/website/client/src/pages/settings/settingRows/fixValuesSetting.vue
+++ b/website/client/src/pages/settings/settingRows/fixValuesSetting.vue
@@ -148,7 +148,7 @@ import svgGold from '@/assets/svg/gold.svg';
 import level from '@/assets/svg/level.svg';
 import streakIcon from '@/assets/svg/streak.svg';
 import { mapState } from '@/libs/store';
-import { MAX_LEVEL_HARD_CAP } from '../../../../../common/script/constants';
+import { MAX_LEVEL_HARD_CAP, MAX_FIELD_HARD_CAP } from '../../../../../common/script/constants';
 
 export default {
   components: { SaveCancelButtons },
@@ -231,10 +231,6 @@ export default {
         return;
       }
 
-      if (this.restoreValues.lvl > MAX_LEVEL_HARD_CAP) {
-        this.restoreValues.lvl = MAX_LEVEL_HARD_CAP;
-      }
-
       const userChangedLevel = this.restoreValues.lvl !== this.user.stats.lvl;
       const userDidNotChangeExp = this.restoreValues.exp === this.user.stats.exp;
       if (userChangedLevel && userDidNotChangeExp) {
@@ -265,6 +261,9 @@ export default {
         ) {
           this.restoreValues[stat] = this.user.stats[stat];
           valid = false;
+        } else if (this.restoreValues[stat] > MAX_FIELD_HARD_CAP) {
+          this.restoreValues[stat] = MAX_FIELD_HARD_CAP;
+          valid = false;
         }
       }
 
@@ -274,6 +273,9 @@ export default {
           || inputLevel < 1) {
         this.restoreValues.lvl = this.user.stats.lvl;
         valid = false;
+      } else if (inputLevel > MAX_LEVEL_HARD_CAP) {
+        this.restoreValues.lvl = MAX_LEVEL_HARD_CAP;
+        valid = false;
       }
 
       const inputStreak = Number(this.restoreValues.streak);
diff --git a/website/common/script/constants.js b/website/common/script/constants.js
index b3ca1162a1..f58af46f8e 100644
--- a/website/common/script/constants.js
+++ b/website/common/script/constants.js
@@ -2,6 +2,7 @@ export const MAX_HEALTH = 50;
 export const MAX_LEVEL = 100;
 export const MAX_STAT_POINTS = MAX_LEVEL;
 export const MAX_LEVEL_HARD_CAP = 9999;
+export const MAX_FIELD_HARD_CAP = 99999999;
 export const ATTRIBUTES = ['str', 'int', 'con', 'per'];
 export const MAX_INCENTIVES = 500;
 
diff --git a/website/common/script/index.js b/website/common/script/index.js
index 3045e012ee..e8718670a0 100644
--- a/website/common/script/index.js
+++ b/website/common/script/index.js
@@ -11,6 +11,7 @@ import {
   MAX_INCENTIVES,
   MAX_LEVEL,
   MAX_LEVEL_HARD_CAP,
+  MAX_FIELD_HARD_CAP,
   MAX_STAT_POINTS,
   MAX_SUMMARY_SIZE_FOR_CHALLENGES,
   MAX_SUMMARY_SIZE_FOR_GUILDS,
@@ -124,6 +125,7 @@ api.constants = {
   MAX_MESSAGE_LENGTH,
   MAX_GIFT_MESSAGE_LENGTH,
   MAX_LEVEL_HARD_CAP,
+  MAX_FIELD_HARD_CAP,
 };
 // TODO Move these under api.constants
 api.maxLevel = MAX_LEVEL;
diff --git a/website/server/models/user/hooks.js b/website/server/models/user/hooks.js
index a64d49fde9..217e1d39a2 100644
--- a/website/server/models/user/hooks.js
+++ b/website/server/models/user/hooks.js
@@ -362,6 +362,8 @@ schema.pre('save', true, function preSaveUser (next, done) {
     }
   }
 
+  // Enforce min/max values without displaying schema errors to end user
+
   if (this.isDirectSelected('preferences')) {
     if (
       _.isNaN(this.preferences.dayStart)
@@ -372,6 +374,20 @@ schema.pre('save', true, function preSaveUser (next, done) {
     }
   }
 
+  if (this.isSelected('stats')) {
+    const statMaximum = common.constants.MAX_FIELD_HARD_CAP;
+    const levelMaximum = common.constants.MAX_LEVEL_HARD_CAP;
+
+    _.each(['hp', 'mp', 'exp', 'gp'], stat => {
+      if (this.stats[stat] > statMaximum) {
+        this.stats[stat] = statMaximum;
+      }
+    });
+    if (this.stats.lvl > levelMaximum) {
+      this.stats.lvl = levelMaximum;
+    }
+  }
+
   // our own version incrementer
   if (this.isDirectSelected('_v')) {
     if (_.isNaN(this._v) || !_.isNumber(this._v)) this._v = 0;