From 9b8e5c861f76f95ecd4ac472431e7af60ebb8987 Mon Sep 17 00:00:00 2001
From: Sara Tahir <saratahir34@gmail.com>
Date: Wed, 4 Feb 2026 21:05:55 +0000
Subject: [PATCH] =?UTF-8?q?Add=20backend=20validation=20to=20enforce=20280?=
 =?UTF-8?q?=E2=80=91character=20bloom=20limit?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/endpoints.py | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/backend/endpoints.py b/backend/endpoints.py
index 0e177a0..24b28b6 100644
--- a/backend/endpoints.py
+++ b/backend/endpoints.py
@@ -153,19 +153,32 @@ def do_follow():
 @jwt_required()
 def send_bloom():
     type_check_error = verify_request_fields({"content": str})
+
     if type_check_error is not None:
         return type_check_error
+    
+    
+    content = request.json["content"]
 
-    user = get_current_user()
+    MAXIMUM_BLOOM_LENGTH = 280
 
-    blooms.add_bloom(sender=user, content=request.json["content"])
+    
+    if len(content) > MAXIMUM_BLOOM_LENGTH:
+        return make_response(
+            (
+                {
+                    "success": False,
+                    "message": f"Bloom cannot exceed {MAXIMUM_BLOOM_LENGTH} characters.",
+                },
+                400,
+            )
+        )
 
-    return jsonify(
-        {
-            "success": True,
-        }
-    )
+    user = get_current_user()
+
+    blooms.add_bloom(sender=user, content=content)
 
+    return jsonify({"success": True})
 
 def get_bloom(id_str):
     try: