fix: mark all notifications as read/unread

fix: check profile status, warning, and biography length
fix: check post warning and tags length

crates/app/src/routes/api/v1/auth/profile.rs

@@ -105,6 +105,18 @@ pub async fn update_user_settings_request(
         return Json(Error::DataTooLong("display name".to_string()).into());
     }
 
+    if req.warning.len() > 2048 {
+        return Json(Error::DataTooLong("warning".to_string()).into());
+    }
+
+    if req.status.len() > 256 {
+        return Json(Error::DataTooLong("status".to_string()).into());
+    }
+
+    if req.biography.len() > 4096 {
+        return Json(Error::DataTooLong("warning".to_string()).into());
+    }
+
     // check percentage themes
     if !req.theme_sat.is_empty() && !req.theme_sat.ends_with("%") {
         req.theme_sat = format!("{}%", req.theme_sat)

crates/app/src/routes/api/v1/communities/posts.rs

@@ -289,6 +289,16 @@ pub async fn update_context_request(
         None => return Json(Error::NotAllowed.into()),
     };
 
+    // check lengths
+    if req.context.tags.len() > 512 {
+        return Json(Error::DataTooLong("tags".to_string()).into());
+    }
+
+    if req.context.content_warning.len() > 512 {
+        return Json(Error::DataTooLong("warning".to_string()).into());
+    }
+
+    // ...
     match data.update_post_context(id, user, req.context).await {
         Ok(_) => Json(ApiReturn {
             ok: true,