b3dc608750
Implement enterprise-grade security measures and input validation: Security Features: - Add Helmet.js for security headers (XSS, clickjacking, MIME protection) - Implement rate limiting (5/15min for auth, 100/15min for API) - Add Socket.IO JWT authentication middleware - Fix JWT auth middleware (remove throw in catch, extend token to 7 days) - Implement centralized error handling with AppError class - Add CORS restrictive configuration Input Validation: - Add express-validator to all routes (auth, streets, tasks, posts, events, rewards, reports, users) - Create comprehensive validation schemas in middleware/validators/ - Consistent error response format for validation failures Additional Features: - Add pagination middleware for all list endpoints - Add Multer file upload middleware (5MB limit, image validation) - Update .env.example with all required environment variables Dependencies Added: - helmet@8.1.0 - express-rate-limit@8.2.1 - express-validator@7.3.0 - multer@1.4.5-lts.1 - cloudinary@2.8.0 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
58 lines
1.3 KiB
JavaScript
58 lines
1.3 KiB
JavaScript
const { body, param, validationResult } = require("express-validator");
|
|
|
|
const validate = (req, res, next) => {
|
|
const errors = validationResult(req);
|
|
if (!errors.isEmpty()) {
|
|
return res.status(400).json({
|
|
success: false,
|
|
errors: errors.array().map((err) => ({
|
|
field: err.path,
|
|
message: err.msg,
|
|
})),
|
|
});
|
|
}
|
|
next();
|
|
};
|
|
|
|
/**
|
|
* Create reward validation
|
|
*/
|
|
const createRewardValidation = [
|
|
body("name")
|
|
.trim()
|
|
.notEmpty()
|
|
.withMessage("Reward name is required")
|
|
.isLength({ min: 2, max: 100 })
|
|
.withMessage("Name must be between 2 and 100 characters"),
|
|
body("description")
|
|
.trim()
|
|
.notEmpty()
|
|
.withMessage("Reward description is required")
|
|
.isLength({ min: 10, max: 500 })
|
|
.withMessage("Description must be between 10 and 500 characters"),
|
|
body("cost")
|
|
.notEmpty()
|
|
.withMessage("Cost is required")
|
|
.isInt({ min: 1, max: 100000 })
|
|
.withMessage("Cost must be a positive integer between 1 and 100000"),
|
|
body("isPremium")
|
|
.optional()
|
|
.isBoolean()
|
|
.withMessage("isPremium must be a boolean"),
|
|
validate,
|
|
];
|
|
|
|
/**
|
|
* Reward ID validation
|
|
*/
|
|
const rewardIdValidation = [
|
|
param("id").isMongoId().withMessage("Invalid reward ID"),
|
|
validate,
|
|
];
|
|
|
|
module.exports = {
|
|
createRewardValidation,
|
|
rewardIdValidation,
|
|
validate,
|
|
};
|