From b66e984dddc384fc8a21c25da0e8c4d4b0a0449c Mon Sep 17 00:00:00 2001
From: Pascal Fischer <pascal@netbird.io>
Date: Mon, 27 Mar 2023 17:28:24 +0200
Subject: [PATCH] set limits for expiration

---
 management/server/http/pat_handler.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/management/server/http/pat_handler.go b/management/server/http/pat_handler.go
index 04c1f369f..c7bcb92bc 100644
--- a/management/server/http/pat_handler.go
+++ b/management/server/http/pat_handler.go
@@ -111,6 +111,16 @@ func (h *PATHandler) CreateToken(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if req.Name == "" {
+		util.WriteErrorResponse("name can't be empty", status.InvalidArgument, w)
+		return
+	}
+
+	if req.ExpiresIn < 1 || req.ExpiresIn > 365 {
+		util.WriteErrorResponse("expiration has to be between 1 and 365", status.InvalidArgument, w)
+		return
+	}
+
 	pat, plainToken, err := server.CreateNewPAT(req.Name, req.ExpiresIn, user.Id)
 	err = h.accountManager.AddPATToUser(account.Id, userID, pat)
 	if err != nil {