From 03fb83db87a013c17c55ba9aa5f006e8b35b31ba Mon Sep 17 00:00:00 2001
From: Kevin Foong <55353265+kevin9foong@users.noreply.github.com>
Date: Mon, 13 Jan 2025 22:34:50 +0800
Subject: [PATCH] fix: set limit to 250kb for whitelist (#8043)

Co-authored-by: Ken <ken@open.gov.sg>
---
 .../FormWhitelistAttachmentField.tsx          | 23 ++++++-------------
 .../features/public-form/fields/en-sg.ts      |  2 +-
 .../Field/Attachment/AttachmentField.test.tsx |  2 +-
 .../form/admin-form/admin-form.controller.ts  |  8 ++++---
 4 files changed, 14 insertions(+), 21 deletions(-)

diff --git a/frontend/src/features/admin-form/settings/components/AuthSettingsSection/FormWhitelistAttachmentField.tsx b/frontend/src/features/admin-form/settings/components/AuthSettingsSection/FormWhitelistAttachmentField.tsx
index edaf41c44a..94b116cee8 100644
--- a/frontend/src/features/admin-form/settings/components/AuthSettingsSection/FormWhitelistAttachmentField.tsx
+++ b/frontend/src/features/admin-form/settings/components/AuthSettingsSection/FormWhitelistAttachmentField.tsx
@@ -1,4 +1,4 @@
-import { useCallback, useEffect, useMemo, useState } from 'react'
+import { useCallback, useEffect, useState } from 'react'
 import {
   Controller,
   ControllerRenderProps,
@@ -8,14 +8,13 @@ import {
 import { useParams } from 'react-router'
 import { Box, Skeleton } from '@chakra-ui/react'
 
-import { MB } from '~shared/constants'
-import { AttachmentSize, BasicField, StorageFormSettings } from '~shared/types'
+import { KB } from '~shared/constants'
+import { StorageFormSettings } from '~shared/types'
 import { VALID_WHITELIST_FILE_EXTENSIONS } from '~shared/utils/file-validation'
 
 import { parseCsvFileToCsvString } from '~utils/parseCsvFileToCsvString'
 import Attachment from '~components/Field/Attachment'
-import { AttachmentFieldSchema } from '~templates/Field'
-import { FieldContainer } from '~templates/Field/FieldContainer'
+import { BaseFieldProps, FieldContainer } from '~templates/Field/FieldContainer'
 
 import { useMutateFormSettings } from '../../mutations'
 
@@ -26,6 +25,7 @@ interface FormWhitelistAttachmentFieldProps {
   isDisabled: boolean
 }
 
+const MAX_SIZE_IN_BYTES = 250 * KB
 const FormWhitelistAttachmentFieldContainerName =
   'whitelist-csv-attachment-field-container'
 const FormWhitelistAttachmentFieldName = 'whitelist-csv-attachment-field'
@@ -45,7 +45,7 @@ export const FormWhitelistAttachmentField = ({
 
   const standardCsvDownloadFileName = `whitelist_${formId}.csv`
 
-  const fieldContainerSchema: AttachmentFieldSchema = {
+  const fieldContainerSchema: BaseFieldProps['schema'] = {
     _id: FormWhitelistAttachmentFieldContainerName,
     title: 'Restrict form to eligible NRIC/FIN/UENs only',
     description:
@@ -53,8 +53,6 @@ export const FormWhitelistAttachmentField = ({
       '[Download a sample .csv file](https://go.gov.sg/formsg-whitelist-respondents-sample-csv)',
     required: true,
     disabled: isDisabled,
-    fieldType: BasicField.Attachment,
-    attachmentSize: AttachmentSize.TwentyMb,
   }
 
   const { publicKey, whitelistedSubmitterIds } = settings
@@ -73,13 +71,6 @@ export const FormWhitelistAttachmentField = ({
     }
   }, [isWhitelistEnabled, setValue, standardCsvDownloadFileName])
 
-  const maxSizeInBytes = useMemo(() => {
-    if (!fieldContainerSchema.attachmentSize) {
-      return
-    }
-    return parseInt(fieldContainerSchema.attachmentSize) * MB
-  }, [fieldContainerSchema.attachmentSize])
-
   const setWhitelistAttachmentFieldError = useCallback(
     (errMsg: string) => {
       setError(FormWhitelistAttachmentFieldContainerName, {
@@ -168,7 +159,7 @@ export const FormWhitelistAttachmentField = ({
                     handleDownloadFileOverride={triggerSecretKeyInputTransition}
                     handleRemoveFileOverride={removeWhitelist}
                     showFileSize
-                    maxSize={maxSizeInBytes}
+                    maxSize={MAX_SIZE_IN_BYTES}
                     showDownload
                     showRemove
                     isDownloadDisabled={false}
diff --git a/frontend/src/i18n/locales/features/public-form/fields/en-sg.ts b/frontend/src/i18n/locales/features/public-form/fields/en-sg.ts
index a3de15481b..eb2ecf0784 100644
--- a/frontend/src/i18n/locales/features/public-form/fields/en-sg.ts
+++ b/frontend/src/i18n/locales/features/public-form/fields/en-sg.ts
@@ -22,7 +22,7 @@ export const enSG: Fields = {
       fileEmpty:
         'You have uploaded an empty file, please upload a valid attachment',
       fileTooLarge:
-        'You have exceeded the limit, please upload a file below {readableMaxSize}',
+        'You have exceeded the file size limit, please upload a file below {readableMaxSize}',
       fileInvalidType:
         "Your file's extension ending in *{fileExt} is not allowed",
       tooManyFiles: 'You can only upload a single file in this input',
diff --git a/frontend/src/templates/Field/Attachment/AttachmentField.test.tsx b/frontend/src/templates/Field/Attachment/AttachmentField.test.tsx
index a95145492b..dc50c7e284 100644
--- a/frontend/src/templates/Field/Attachment/AttachmentField.test.tsx
+++ b/frontend/src/templates/Field/Attachment/AttachmentField.test.tsx
@@ -165,7 +165,7 @@ describe('attachment validation', () => {
     // Assert
     // Should show error message.
     const error = screen.getByText(
-      /You have exceeded the limit, please upload a file below 1 MB/i,
+      /You have exceeded the file size limit, please upload a file below 1 MB/i,
     )
     expect(error).not.toBeNull()
   })
diff --git a/src/app/modules/form/admin-form/admin-form.controller.ts b/src/app/modules/form/admin-form/admin-form.controller.ts
index 946a86b7cc..34df310ec3 100644
--- a/src/app/modules/form/admin-form/admin-form.controller.ts
+++ b/src/app/modules/form/admin-form/admin-form.controller.ts
@@ -8,6 +8,7 @@ import JSONStream from 'JSONStream'
 import { ResultAsync } from 'neverthrow'
 
 import {
+  KB,
   MAX_UPLOAD_FILE_SIZE,
   VALID_UPLOAD_FILE_TYPES,
 } from '../../../../../shared/constants/file'
@@ -1655,7 +1656,8 @@ export const handleDeleteWorkflowStep: ControllerHandler<
   )
 }
 
-const TWENTY_MB_IN_BYTES = 20 * 1024 * 1024
+const TWO_HUNDRED_FIFTY = 250
+const TWO_HUNDRED_FIFTY_KB_IN_BYTES = TWO_HUNDRED_FIFTY * KB
 const _handleUpdateWhitelistSettingValidator = celebrate({
   [Segments.PARAMS]: Joi.object({
     formId: Joi.string()
@@ -1666,12 +1668,12 @@ const _handleUpdateWhitelistSettingValidator = celebrate({
   [Segments.BODY]: Joi.object({
     whitelistCsvString: Joi.string()
       .allow(null) // for removal of whitelist
-      .max(TWENTY_MB_IN_BYTES)
+      .max(TWO_HUNDRED_FIFTY_KB_IN_BYTES)
       .pattern(/^[a-zA-Z0-9,\r\n]+$/)
       .messages({
         'string.empty': 'Your csv is empty.',
         'string.pattern.base': 'Your csv has one or more invalid characters.',
-        'string.max': 'Your csv is too large.',
+        'string.max': `You have exceeded the file size limit, please upload a file below ${TWO_HUNDRED_FIFTY} kB.`,
       }),
   }),
 })