Refactored a bunch of shit

src/pages/api/organizations/update-name.ts

@@ -4,6 +4,7 @@ import path from "path";
 import { db } from "../../../db";
 import { organizations, members } from "../../../db/schema";
 import { eq, and } from "drizzle-orm";
+import { MAX_LENGTHS, exceedsLength } from "../../../lib/validation";
 
 export const POST: APIRoute = async ({ request, locals, redirect }) => {
   const user = locals.user;
@@ -29,6 +30,18 @@ export const POST: APIRoute = async ({ request, locals, redirect }) => {
     });
   }
 
+  const lengthError =
+    exceedsLength("Name", name, MAX_LENGTHS.name) ||
+    exceedsLength("Street", street, MAX_LENGTHS.address) ||
+    exceedsLength("City", city, MAX_LENGTHS.address) ||
+    exceedsLength("State", state, MAX_LENGTHS.address) ||
+    exceedsLength("ZIP", zip, MAX_LENGTHS.address) ||
+    exceedsLength("Country", country, MAX_LENGTHS.address) ||
+    exceedsLength("Currency", defaultCurrency, MAX_LENGTHS.currency);
+  if (lengthError) {
+    return new Response(lengthError, { status: 400 });
+  }
+
   try {
     // Verify user is admin/owner of this organization
     const membership = await db
@@ -67,7 +80,9 @@ export const POST: APIRoute = async ({ request, locals, redirect }) => {
         );
       }
 
-      const ext = logo.name.split(".").pop() || "png";
+      const rawExt = (logo.name.split(".").pop() || "png").toLowerCase().replace(/[^a-z]/g, "");
+      const allowedExtensions = ["png", "jpg", "jpeg"];
+      const ext = allowedExtensions.includes(rawExt) ? rawExt : "png";
       const filename = `${organizationId}-${Date.now()}.${ext}`;
       const dataDir = process.env.DATA_DIR
         ? process.env.DATA_DIR