feat(backend): implement comprehensive security and validation

Implement enterprise-grade security measures and input validation: Security Features: - Add Helmet.js for security headers (XSS, clickjacking, MIME protection) - Implement rate limiting (5/15min for auth, 100/15min for API) - Add Socket.IO JWT authentication middleware - Fix JWT auth middleware (remove throw in catch, extend token to 7 days) - Implement centralized error handling with AppError class - Add CORS restrictive configuration Input Validation: - Add express-validator to all routes (auth, streets, tasks, posts, events, rewards, reports, users) - Create comprehensive validation schemas in middleware/validators/ - Consistent error response format for validation failures Additional Features: - Add pagination middleware for all list endpoints - Add Multer file upload middleware (5MB limit, image validation) - Update .env.example with all required environment variables Dependencies Added: - helmet@8.1.0 - express-rate-limit@8.2.1 - express-validator@7.3.0 - multer@1.4.5-lts.1 - cloudinary@2.8.0 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-01 10:42:19 -07:00
parent 8002406120
commit b3dc608750
18 changed files with 5620 additions and 65 deletions
--- a/backend/middleware/pagination.js
+++ b/backend/middleware/pagination.js
@@ -0,0 +1,59 @@
+/**
+ * Pagination middleware for list endpoints
+ * Parses page and limit query parameters and adds pagination helpers to req object
+ */
+const paginate = (req, res, next) => {
+  // Parse page and limit from query params
+  const page = parseInt(req.query.page) || 1;
+  const limit = Math.min(parseInt(req.query.limit) || 10, 100); // Max 100 items per page
+
+  // Validate page and limit
+  if (page < 1) {
+    return res.status(400).json({ msg: "Page must be greater than 0" });
+  }
+
+  if (limit < 1) {
+    return res.status(400).json({ msg: "Limit must be greater than 0" });
+  }
+
+  // Calculate skip value for MongoDB
+  const skip = (page - 1) * limit;
+
+  // Attach pagination data to request
+  req.pagination = {
+    page,
+    limit,
+    skip,
+  };
+
+  next();
+};
+
+/**
+ * Helper function to build paginated response
+ * @param {Array} data - Array of documents
+ * @param {number} totalCount - Total number of documents
+ * @param {number} page - Current page number
+ * @param {number} limit - Items per page
+ * @returns {Object} Paginated response object
+ */
+const buildPaginatedResponse = (data, totalCount, page, limit) => {
+  const totalPages = Math.ceil(totalCount / limit);
+
+  return {
+    data,
+    pagination: {
+      currentPage: page,
+      totalPages,
+      totalCount,
+      itemsPerPage: limit,
+      hasNextPage: page < totalPages,
+      hasPrevPage: page > 1,
+    },
+  };
+};
+
+module.exports = {
+  paginate,
+  buildPaginatedResponse,
+};