feat(backend): implement comprehensive security and validation

Implement enterprise-grade security measures and input validation: Security Features: - Add Helmet.js for security headers (XSS, clickjacking, MIME protection) - Implement rate limiting (5/15min for auth, 100/15min for API) - Add Socket.IO JWT authentication middleware - Fix JWT auth middleware (remove throw in catch, extend token to 7 days) - Implement centralized error handling with AppError class - Add CORS restrictive configuration Input Validation: - Add express-validator to all routes (auth, streets, tasks, posts, events, rewards, reports, users) - Create comprehensive validation schemas in middleware/validators/ - Consistent error response format for validation failures Additional Features: - Add pagination middleware for all list endpoints - Add Multer file upload middleware (5MB limit, image validation) - Update .env.example with all required environment variables Dependencies Added: - helmet@8.1.0 - express-rate-limit@8.2.1 - express-validator@7.3.0 - multer@1.4.5-lts.1 - cloudinary@2.8.0 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-01 10:42:19 -07:00
parent 8002406120
commit b3dc608750
18 changed files with 5620 additions and 65 deletions
--- a/backend/package.json
+++ b/backend/package.json
@@ -3,7 +3,13 @@
  "version": "1.0.0",
  "main": "index.js",
  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "cross-env NODE_ENV=test jest",
+    "test:watch": "cross-env NODE_ENV=test jest --watch",
+    "test:coverage": "cross-env NODE_ENV=test jest --coverage",
+    "test:verbose": "cross-env NODE_ENV=test jest --verbose",
+    "start": "node server.js",
+    "dev": "nodemon server.js",
+    "seed:badges": "node scripts/seedBadges.js"
  },
  "keywords": [],
  "author": "",
@@ -12,10 +18,14 @@
  "dependencies": {
    "axios": "^1.8.3",
    "bcryptjs": "^3.0.2",
+    "cloudinary": "^2.8.0",
    "cors": "^2.8.5",
    "dotenv": "^16.4.7",
    "express": "^4.21.2",
+    "express-rate-limit": "^8.2.1",
+    "express-validator": "^7.3.0",
    "globals": "^16.4.0",
+    "helmet": "^8.1.0",
    "jsonwebtoken": "^9.0.2",
    "mongoose": "^8.12.1",
    "multer": "^1.4.5-lts.1",
@@ -23,6 +33,11 @@
    "stripe": "^17.7.0"
  },
  "devDependencies": {
-    "eslint": "^9.38.0"
+    "@types/jest": "^30.0.0",
+    "cross-env": "^10.1.0",
+    "eslint": "^9.38.0",
+    "jest": "^30.2.0",
+    "mongodb-memory-server": "^10.3.0",
+    "supertest": "^7.1.4"
  }
 }