Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Improve URL validation and error handling in branding form #3007

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
steven-tey merged 2 commits into from
Oct 26, 2025
Merged

Improve URL validation and error handling in branding form #3007

steven-tey merged 2 commits into from
Oct 26, 2025

Conversation

@devkiran
Copy link
Collaborator

@devkiran devkiran commented Oct 26, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Bug Fixes
    • Implemented validation to restrict file URLs to HTTP and HTTPS protocols only, preventing unsafe connections and improving overall security for file uploads
    • Enhanced form submission error handling to provide clearer user feedback through notifications and form-level error indicators, helping users understand submission failures

@vercel
Copy link
Contributor

vercel bot commented Oct 26, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Updated (UTC)
dub Ready Ready Preview Oct 26, 2025 11:59am

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 26, 2025
edited
Loading

Walkthrough

This PR enforces HTTP/HTTPS protocol validation for program lander file URLs and refactors error handling in the branding form component to compute user-facing messages from server errors with a fallback default message.

Changes

Cohort / File(s) Summary
URL Validation Enhancement
apps/web/lib/zod/schemas/program-lander.ts		 Updated programLanderFileSchema URL field to enforce HTTP/HTTPS protocols via a refine check with custom error messaging, retaining existing z.string().url() validation.
Error Handling Refactor
apps/web/ui/partners/groups/design/branding-form.tsx		 Modified BrandingFormInner error handler to compute user-facing messages from error.serverError or use a default, then display via toast and set root field error. Removed previous explicit error feedback in submission failure path.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Extra attention areas:
    • Error handling removal in branding form submission path—verify that silencing the previous error feedback in the non-success case aligns with intended UX and doesn't mask important failure states.
    • Protocol validation refine check—confirm the HTTP/HTTPS prefix matching covers all valid URL formats and doesn't have edge cases with port numbers or special characters.

Possibly related PRs

  • dubinc/dub#2893: Modifies the same programLanderSchema file with schema structure changes that could interact with this URL validation enhancement.
  • dubinc/dub#2445: Alters BrandingFormInner component rendering, which may have dependencies on or implications for the error-handling flow being modified here.

Suggested reviewers

  • steven-tey

Poem

🐰 A rabbit's rhyme for tighter reins,
HTTPS now flows through thy URLs' veins,
Error messages bloom, no longer silent,
User feedback strikes, so valiant!
Validation refined, and forms so kind. 🌐✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The PR title "Improve URL validation and error handling in branding form" accurately reflects the main changes in the changeset. The PR includes two related improvements: (1) enhanced URL validation in the programLanderFileSchema by adding HTTP/HTTPS enforcement, and (2) improved error handling in the BrandingFormInner component with better user-facing error messages. The title is concise, clear, and specific enough that a teammate reviewing the commit history would understand the primary focus of the changes. While the title emphasizes the branding form, both changes work together toward improving the overall form validation and error handling experience.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch DUB-01-004
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 565244f and 95ae19a.

📒 Files selected for processing (2)
  • apps/web/lib/zod/schemas/program-lander.ts (1 hunks)
  • apps/web/ui/partners/groups/design/branding-form.tsx (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: build
🔇 Additional comments (2)
apps/web/ui/partners/groups/design/branding-form.tsx (1)

233-237: LGTM! Error handling properly extracts server messages.

The error callback correctly derives a user-facing message from error.serverError with a sensible fallback, and provides feedback through both toast notifications and form error state.

apps/web/lib/zod/schemas/program-lander.ts (1)

33-38: Verify whether image URLs require HTTP/HTTPS protocol restriction for consistency.

The observation is valid: image URLs (line 13) use only .url() validation, while file URLs (lines 33-38) add an explicit HTTP/HTTPS restriction. However, codebase analysis shows this pattern is intentional—almost all other URL validations in the codebase use only .url() without protocol restrictions. This suggests the file URL constraint may be a deliberate security measure for that specific use case rather than an oversight.

Confirm with the team whether:

  • Images intentionally accept all URL schemes (current state), or
  • Images should also restrict to HTTP/HTTPS for security consistency with files

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@devkiran devkiran requested a review from steven-tey October 26, 2025 11:52
@steven-tey steven-tey merged commit 0153f06 into main Oct 26, 2025
8 checks passed
@steven-tey steven-tey deleted the DUB-01-004 branch October 26, 2025 17:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@steven-tey steven-tey steven-tey approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@devkiran @steven-tey