will/adopt-a-street
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7c70a8d098fce8c558abb543759e044f5433fd68
adopt-a-street/backend/middleware/validators/eventValidator.js
William Valentin b3dc608750 feat(backend): implement comprehensive security and validation 
Implement enterprise-grade security measures and input validation:

Security Features:
- Add Helmet.js for security headers (XSS, clickjacking, MIME protection)
- Implement rate limiting (5/15min for auth, 100/15min for API)
- Add Socket.IO JWT authentication middleware
- Fix JWT auth middleware (remove throw in catch, extend token to 7 days)
- Implement centralized error handling with AppError class
- Add CORS restrictive configuration

Input Validation:
- Add express-validator to all routes (auth, streets, tasks, posts, events, rewards, reports, users)
- Create comprehensive validation schemas in middleware/validators/
- Consistent error response format for validation failures

Additional Features:
- Add pagination middleware for all list endpoints
- Add Multer file upload middleware (5MB limit, image validation)
- Update .env.example with all required environment variables

Dependencies Added:
- helmet@8.1.0
- express-rate-limit@8.2.1
- express-validator@7.3.0
- multer@1.4.5-lts.1
- cloudinary@2.8.0

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-01 10:42:19 -07:00

66 lines
1.5 KiB
JavaScript
Raw Blame History

const { body, param, validationResult } = require("express-validator");
const validate = (req, res, next) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({
success: false,
errors: errors.array().map((err) => ({
field: err.path,
message: err.msg,
})),
});
}
next();
};
/**
* Create event validation
*/
const createEventValidation = [
body("title")
.trim()
.notEmpty()
.withMessage("Event title is required")
.isLength({ min: 3, max: 200 })
.withMessage("Title must be between 3 and 200 characters"),
body("description")
.trim()
.notEmpty()
.withMessage("Event description is required")
.isLength({ min: 10, max: 1000 })
.withMessage("Description must be between 10 and 1000 characters"),
body("date")
.notEmpty()
.withMessage("Event date is required")
.isISO8601()
.withMessage("Date must be a valid ISO 8601 date")
.custom((value) => {
if (new Date(value) < new Date()) {
throw new Error("Event date must be in the future");
}
return true;
}),
body("location")
.trim()
.notEmpty()
.withMessage("Event location is required")
.isLength({ min: 3, max: 200 })
.withMessage("Location must be between 3 and 200 characters"),
validate,
];
/**
* Event ID validation
*/
const eventIdValidation = [
param("id").isMongoId().withMessage("Invalid event ID"),
validate,
];
module.exports = {
createEventValidation,
eventIdValidation,
validate,
};
Reference in New Issue View Git Blame Copy Permalink