Enhance Input Validation Middleware for Robust Search Query Handling

[HermanKoii]

Enhance Input Validation Middleware for Robust Search Query Handling

Description

Task

Implement input validation middleware

Acceptance Criteria

• All input parameters are sanitized
• Injection attacks are prevented
• Input types and ranges are validated
• Clear error messages are provided
• Optional query parameters are supported
• Validation middleware is performant and extensible

Summary of Work

Overview

This pull request implements comprehensive input validation middleware to ensure data integrity, prevent potential injection attacks, and provide robust input sanitization for search queries.

Key Changes

• Enhanced input validation for search query parameters
• Implemented sanitization rules using express-validator
• Added comprehensive validation for:
  • Search query length and content
  • Category validation
  • Price range validation
  • Pagination parameters

Implementation Details

Validation Strategies

• Use express-validator for input validation and sanitization
• Trim and escape all input parameters
• Set strict length and type constraints
• Implement custom validation for specific fields (e.g., categories)

Validation Rules

1. Search Query (q):

   • Optional parameter
   • Trimmed and escaped
   • Length between 1-100 characters
   • Prevents potential injection attacks

2. Category Validation:

   • Whitelist of valid categories
   • Case-insensitive matching
   • Rejects invalid category inputs

3. Price Range Validation:

   • Non-negative price constraints
   • Ensures maxPrice is greater than or equal to minPrice
   • Prevents illogical price range queries

4. Pagination Parameters:

   • Validate page number (positive integer)
   • Limit results per page (1-100)

Error Handling

• Consistent error response format
• Detailed error messages
• 400 Bad Request for validation failures
• Returns field-specific error information

Testing

• Comprehensive test suite covering various input scenarios
• Validates positive and negative test cases
• Ensures middleware correctly handles edge cases

Notes

• Performance-optimized validation
• Easily extensible for future query parameters
• Follows security best practices

Changes Made

• Enhanced search query validation in searchValidation.ts
• Added comprehensive input sanitization
• Implemented custom validation rules
• Created detailed error handling for validation failures

Tests

• Validate search query length constraints
• Test category validation
• Verify price range logic
• Check pagination parameter validation
• Ensure proper error responses for invalid inputs

Signatures

Staking Key

G79TK8ccVx11JCsStBY85thohoSCm5eDwACAVju4z7bj: 7LCVehjjtwfMLUw8kPKiSyE2PQSKzxnvgxChxSzecGQLnfacRKcKCKnJp8DZKPB7BbF2aBZXCAdpi8c74cHbRz1y3wTbEKAgjgd2tHTpUjiqRSX1KiaYWF7gZyyBxBB2P3qYEhRt5cubBy3yE3iLQN4KsRQJqBFVqt8qTAw5kejenVYsruYjDc9UmzzYvKnPfv3ni5rpQE9WzBLu31MANKsTJkK6wHtXPZ1bi4FxtoyEQoDoY3WbpZ7X9ruNMJnc1SJgV9qWU4BR64WpmYACv5kxJLLgBiu988f3WGpxLcTeqfpbJKAAy1eKcnKiJb6zKeTpijuSDDQYkgRVsHXXFgJLwjxcAvEA4rPyi5PqjN7QUY28Wgi5BVRsx25vZLZVnLSwSmTWSWPZRBtYLGC7z29LZdwy1J9W5r

Public Key

3Zfb8hhM5g8ZC7nqNKELNBByLSP56s6gqGNc8RWB6PgP: 2GrFTXMaqUwAVAorMfAqxXDXuSyZuX4UxDmauzcMRuibqidnyu9dURBYDSS4E3dQiUtoYyW48XHV4ntanQnfEnRaEkDDZA6DRPQJGssDs7mUFuZhxhqfwh6kpX2Gv4P8KkT3oDsbDRwASE7DVgwYTN53quzyTUxR2XTy4GkMQHL8WMEviJZzywLubjovVcqU9UThGUbSXesycWXLcoiUcETMK2MvqJzav8dzkSA9uPMgzojPYcQg3q6Lmmn7MTSBAvkFyTRWWUMHBfPaCizSsMYqe9jtTcDW1VApsniWzjag3kHFr3UautM6oZ8m5XBxYwnPZMf9mEPfjqwYWKmUuFWS9XGNXZm7eX3UMvndPY8nHU5U7VVGDjzUgVEmmLVNYXTCWak1pKARwgfKGgce91ESH6PYJcoNfn