Limit length on all user-provided strings/input into contracts

[taoeffect]

Problem

Currently we do not place hard limit checks in the contracts on the length of strings, so this means things like usernames, profile summaries, bitcoin addresses, etc., are all technically allowed to be unlimited in size, presenting a DOS issue.

Solution

Replace all string validators in the contracts with a stringMax() function that takes a byte length and throws if the string is greater than that many bytes.

If it throws, make sure to ban the user from the group. Also place a limit on the maximum size of any single GIMessage, and make sure the server enforces it. Server-side ban users that exceed this limit.

[sandrina-p]

If it throws, make sure to ban the user from the group.

Why banning? Can't we just reject it?

[taoeffect]

Why banning? Can't we just reject it?

Because in this case it would mean the frontend validators were purposefully bypassed, e.g. someone is hacking the app.

[sandrina-p]

Fair enough

[snowteamer]

Most of the front end validators don't seem to work at all on my end. The first thing I did upon launching the app for the mode was typing a very long username and password, and they got accepted by both the client and server.

Is this because the app was not running in production mode?