feat(backend): implement comprehensive security and validation

Implement enterprise-grade security measures and input validation: Security Features: - Add Helmet.js for security headers (XSS, clickjacking, MIME protection) - Implement rate limiting (5/15min for auth, 100/15min for API) - Add Socket.IO JWT authentication middleware - Fix JWT auth middleware (remove throw in catch, extend token to 7 days) - Implement centralized error handling with AppError class - Add CORS restrictive configuration Input Validation: - Add express-validator to all routes (auth, streets, tasks, posts, events, rewards, reports, users) - Create comprehensive validation schemas in middleware/validators/ - Consistent error response format for validation failures Additional Features: - Add pagination middleware for all list endpoints - Add Multer file upload middleware (5MB limit, image validation) - Update .env.example with all required environment variables Dependencies Added: - helmet@8.1.0 - express-rate-limit@8.2.1 - express-validator@7.3.0 - multer@1.4.5-lts.1 - cloudinary@2.8.0 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-01 10:42:19 -07:00
parent 8002406120
commit b3dc608750
18 changed files with 5620 additions and 65 deletions
--- a/backend/middleware/upload.js
+++ b/backend/middleware/upload.js
@@ -0,0 +1,54 @@
+const multer = require("multer");
+
+// Configure multer to use memory storage
+const storage = multer.memoryStorage();
+
+// File filter for image validation
+const fileFilter = (req, file, cb) => {
+  // Accept only image files
+  const allowedMimeTypes = [
+    "image/jpeg",
+    "image/jpg",
+    "image/png",
+    "image/gif",
+    "image/webp",
+  ];
+
+  if (allowedMimeTypes.includes(file.mimetype)) {
+    cb(null, true);
+  } else {
+    cb(
+      new Error(
+        "Invalid file type. Only JPG, PNG, GIF, and WebP images are allowed.",
+      ),
+      false,
+    );
+  }
+};
+
+// Create multer upload instance with size limit (5MB)
+const upload = multer({
+  storage: storage,
+  limits: {
+    fileSize: 5 * 1024 * 1024, // 5MB max file size
+  },
+  fileFilter: fileFilter,
+});
+
+// Error handler middleware for multer
+const handleUploadError = (err, req, res, next) => {
+  if (err instanceof multer.MulterError) {
+    if (err.code === "LIMIT_FILE_SIZE") {
+      return res.status(400).json({ msg: "File size exceeds 5MB limit" });
+    }
+    return res.status(400).json({ msg: err.message });
+  } else if (err) {
+    return res.status(400).json({ msg: err.message });
+  }
+  next();
+};
+
+module.exports = {
+  upload,
+  handleUploadError,
+};