chore: address comments

ssncferreira · ssncferreira · commit 657a23052008 · 2025-09-11T09:51:08.000Z
diff --git a/coderd/database/modelmethods.go b/coderd/database/modelmethods.go
@@ -376,10 +376,6 @@ func (u User) RBACObject() rbac.Object {
 	return rbac.ResourceUserObject(u.ID)
 }
 
-func (u User) IsSystemUser() bool {
-	return u.IsSystem
-}
-
 func (u GetUsersRow) RBACObject() rbac.Object {
 	return rbac.ResourceUserObject(u.ID)
 }
diff --git a/coderd/notifications.go b/coderd/notifications.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"time"
 
 	"github.com/google/uuid"
 
@@ -132,7 +133,7 @@ func (api *API) notificationTemplatesByKind(rw http.ResponseWriter, r *http.Requ
 	templates, err := api.Database.GetNotificationTemplatesByKind(ctx, kind)
 	if err != nil {
 		httpapi.Write(r.Context(), rw, http.StatusInternalServerError, codersdk.Response{
-			Message: fmt.Sprintf("Failed to retrieve '%s' notifications templates.", kind),
+			Message: fmt.Sprintf("Failed to retrieve %q notifications templates.", kind),
 			Detail:  err.Error(),
 		})
 		return
@@ -386,7 +387,7 @@ func (api *API) postCustomNotification(rw http.ResponseWriter, r *http.Request)
 		})
 		return
 	}
-	if user.IsSystemUser() {
+	if user.IsSystem {
 		api.Logger.Error(ctx, "send custom notification: system user is not allowed",
 			slog.F("id", user.ID.String()), slog.F("name", user.Name))
 		httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{
@@ -407,12 +408,12 @@ func (api *API) postCustomNotification(rw http.ResponseWriter, r *http.Request)
 		},
 		map[string]any{
 			// Current dedupe is done via an hash of (template, user, method, payload, targets, day).
-			// We intentionally include a timestamp to bypass the per-day dedupe so the caller can
-			// resend identical content to themselves multiple times in one day.
-			// TODO(ssncferreira): When we support sending custom notifications to multiple users/roles,
+			// Include a minute-bucketed timestamp to bypass per-day dedupe for self-sends,
+			// letting the caller resend identical content the same day (but not more than
+			// once per minute).
+			// TODO(ssncferreira): When custom notifications can target multiple users/roles,
 			//   enforce proper deduplication across recipients to reduce noise and prevent spam.
-			//   See https://github.com/coder/coder/issues/19768
-			"dedupe_bypass_ts": api.Clock.Now().UTC(),
+			"dedupe_bypass_ts": api.Clock.Now().UTC().Truncate(time.Minute),
 		},
 		user.ID.String(),
 	); err != nil {
diff --git a/codersdk/notifications.go b/codersdk/notifications.go
@@ -293,6 +293,11 @@ type CustomNotificationRequest struct {
 	//   See: https://github.com/coder/coder/issues/19768
 }
 
+const (
+	maxCustomNotificationTitleLen   = 120
+	maxCustomNotificationMessageLen = 2000
+)
+
 func (c CustomNotificationRequest) Validate() error {
 	if c.Content == nil {
 		return xerrors.Errorf("content is required")
@@ -301,6 +306,14 @@ func (c CustomNotificationRequest) Validate() error {
 		strings.TrimSpace(c.Content.Message) == "" {
 		return xerrors.Errorf("provide a non-empty 'content.title' or 'content.message'")
 	}
+
+	if len(c.Content.Title) > maxCustomNotificationTitleLen {
+		return xerrors.Errorf("'content.title' must be less than %d characters", maxCustomNotificationTitleLen)
+	}
+	if len(c.Content.Message) > maxCustomNotificationMessageLen {
+		return xerrors.Errorf("'content.message' must be less than %d characters", maxCustomNotificationMessageLen)
+	}
+
 	return nil
 }
 
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts

Original file line number	Diff line number	Diff line change
`@@ -376,10 +376,6 @@ func (u User) RBACObject() rbac.Object {`
`376`	`376`	`return rbac.ResourceUserObject(u.ID)`
`377`	`377`	`}`
`378`	`378`
`379`		`-func (u User) IsSystemUser() bool {`
`380`		`- return u.IsSystem`
`381`		`-}`
`382`		`-`
`383`	`379`	`func (u GetUsersRow) RBACObject() rbac.Object {`
`384`	`380`	`return rbac.ResourceUserObject(u.ID)`
`385`	`381`	`}`