[AZ-808] [AZ-811] Strict validation on region POST + lat/lon GET

AZ-808: FluentValidation for POST /api/satellite/request - RegionRequestValidator: id non-empty, lat/lon/sizeMeters/zoomLevel ranges - RequestRegionRequest: [JsonRequired] on every property, no implicit defaults - Wired via .WithValidation<RequestRegionRequest>() in MapPost chain - Unit + integration tests + curl probe script - New contract: contracts/api/region-request.md v1.0.0 AZ-811: FluentValidation + envelope filter for GET /api/satellite/tiles/latlon - GetTileByLatLonQuery: nullable record (double?/int?) so the minimal-API binder never short-circuits with BadHttpRequestException before filters - GetTileByLatLonQueryValidator: Cascade(Stop) + NotNull + InclusiveBetween per param; missing surfaces as `\`<name>\` is required.` - RejectUnknownQueryParamsEndpointFilter: reusable IEndpointFilter that rejects any query key outside the allowed set with errors[<key>] map; catches legacy `?Latitude=` typos and hostile probes (`?debug=1&admin=1`) - Handler: [AsParameters] GetTileByLatLonQuery + .Value deref post-validator - Unit (validator + filter) + integration tests + curl probe script - New contract: contracts/api/tile-latlon.md v1.0.0 Shared hygiene - Promote AssertErrorsContainsMention from per-test-file private helpers to ProblemDetailsAssertions (closes batch-1 Low-severity DRY warning) - Sync Swagger param descriptions, README, blackbox/security/perf scripts, uuidv5 doc with the new lat/lon/zoom query-param names Docs - system-flows.md F1/F2 reference the new contracts + validation layers - modules/api_program.md adds Api/Validators + Api/DTOs sections - _autodev_state.md: batch 2 of 4 complete; next batch = AZ-809 All smoke tests green (mode=smoke, exit 0). AZ-808 + AZ-811 transitioned to In Testing on Jira. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-21 08:41:13 +00:00 · 2026-05-22 16:29:41 +03:00
parent fcd494f67e
commit 34ee1e0b83
35 changed files with 1993 additions and 122 deletions
@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Manual end-to-end probe for GET /api/satellite/tiles/latlon strict validation
+# (AZ-811). Each failure call should return HTTP 400 with an
+# `application/problem+json` body. The happy path should return HTTP 200.
+#
+# Two enforcement layers:
+#   1. RejectUnknownQueryParamsEndpointFilter — rejects any query key outside
+#      {lat, lon, zoom}.
+#   2. WithValidation<GetTileByLatLonQuery> — range-checks lat, lon, zoom.
+#
+# Usage:
+#   API_URL=https://localhost:8080 JWT="<bearer-token>" ./scripts/probe_latlon_validation.sh
+
+API_URL="${API_URL:-https://localhost:8080}"
+JWT="${JWT:-}"
+PATH_LATLON="${API_URL%/}/api/satellite/tiles/latlon"
+
+if [[ -z "${JWT}" ]]; then
+    echo "ERROR: set JWT env var to a bearer token. Mint one via:"
+    echo "  dotnet run --project SatelliteProvider.IntegrationTests -- --mint-only"
+    exit 2
+fi
+
+curl_args=(-sS -k -H "Authorization: Bearer ${JWT}" -X GET)
+
+probe() {
+    local label="$1"
+    local query="$2"
+    local expected_status="$3"
+
+    echo "----- ${label} (expecting HTTP ${expected_status}) -----"
+    local response
+    response=$(curl "${curl_args[@]}" "${PATH_LATLON}?${query}" -w "\nHTTP_STATUS=%{http_code}\n")
+    echo "${response}"
+    local actual_status
+    actual_status=$(echo "${response}" | tail -n 1 | sed 's/HTTP_STATUS=//')
+    if [[ "${actual_status}" != "${expected_status}" ]]; then
+        echo "FAIL: expected HTTP ${expected_status}, got ${actual_status}"
+        return 1
+    fi
+    echo "OK: HTTP ${expected_status}"
+    echo
+}
+
+probe "happy-path"             "lat=47.461747&lon=37.647063&zoom=18"     200
+# Validator rules — NotNull (missing required) + InclusiveBetween (range)
+probe "missing-lat"            "lon=37.647063&zoom=18"                   400
+probe "missing-lon"            "lat=47.461747&zoom=18"                   400
+probe "missing-zoom"           "lat=47.461747&lon=37.647063"             400
+probe "lat-out-of-range"       "lat=91&lon=37.647063&zoom=18"            400
+probe "lon-out-of-range"       "lat=47.461747&lon=181&zoom=18"           400
+probe "zoom-out-of-range"      "lat=47.461747&lon=37.647063&zoom=30"     400
+# Envelope rule: unknown query params (legacy pre-AZ-811 wire names + hostile probes)
+probe "legacy-param-names"     "Latitude=47.461747&Longitude=37.647063&ZoomLevel=18" 400
+probe "hostile-debug-admin"    "lat=47.461747&lon=37.647063&zoom=18&debug=1&admin=true" 400
+probe "typo-zooom"             "lat=47.461747&lon=37.647063&zooom=18"    400
+# Type mismatch (model binder)
+probe "lat-type-mismatch"      "lat=fifty&lon=37.647063&zoom=18"         400
+
+echo "All probes passed."
@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Manual end-to-end probe for the region-request endpoint's strict validation
+# gate (AZ-808). Each failure call should return HTTP 400 with an
+# `application/problem+json` body whose `errors` map names the offending field
+# path. The happy path should return HTTP 200.
+#
+# Usage:
+#   API_URL=https://localhost:8080 JWT="<bearer-token>" ./scripts/probe_region_validation.sh
+#   (defaults to https://localhost:8080 with a JWT minted via PerfBootstrap --mint-only)
+
+API_URL="${API_URL:-https://localhost:8080}"
+JWT="${JWT:-}"
+PATH_REGION="${API_URL%/}/api/satellite/request"
+
+if [[ -z "${JWT}" ]]; then
+    echo "ERROR: set JWT env var to a bearer token. Mint one via:"
+    echo "  dotnet run --project SatelliteProvider.IntegrationTests -- --mint-only"
+    exit 2
+fi
+
+curl_args=(-sS -k -H "Authorization: Bearer ${JWT}" -H "Content-Type: application/json" -X POST "${PATH_REGION}")
+
+probe() {
+    local label="$1"
+    local body="$2"
+    local expected_status="$3"
+
+    echo "----- ${label} (expecting HTTP ${expected_status}) -----"
+    local response
+    response=$(curl "${curl_args[@]}" -d "${body}" -w "\nHTTP_STATUS=%{http_code}\n")
+    echo "${response}"
+    local actual_status
+    actual_status=$(echo "${response}" | tail -n 1 | sed 's/HTTP_STATUS=//')
+    if [[ "${actual_status}" != "${expected_status}" ]]; then
+        echo "FAIL: expected HTTP ${expected_status}, got ${actual_status}"
+        return 1
+    fi
+    echo "OK: HTTP ${expected_status}"
+    echo
+}
+
+# Generate a unique guid for the happy path
+HAPPY_ID="$(uuidgen)"
+
+probe "happy-path"             "{\"id\":\"${HAPPY_ID}\",\"lat\":47.461747,\"lon\":37.647063,\"sizeMeters\":200,\"zoomLevel\":18,\"stitchTiles\":false}" 200
+# Reproduces the 2026-05-22 probe that surfaced silent-Guid-coercion (pre-AZ-808)
+probe "missing-id"             '{"lat":49.94,"lon":36.31,"sizeMeters":200,"zoomLevel":18,"stitchTiles":false}' 400
+probe "zero-guid-id"           '{"id":"00000000-0000-0000-0000-000000000000","lat":47.461747,"lon":37.647063,"sizeMeters":200,"zoomLevel":18,"stitchTiles":false}' 400
+probe "missing-lat"            "{\"id\":\"$(uuidgen)\",\"lon\":37.647063,\"sizeMeters\":200,\"zoomLevel\":18,\"stitchTiles\":false}" 400
+probe "lat-out-of-range"       "{\"id\":\"$(uuidgen)\",\"lat\":91,\"lon\":37.647063,\"sizeMeters\":200,\"zoomLevel\":18,\"stitchTiles\":false}" 400
+probe "missing-lon"            "{\"id\":\"$(uuidgen)\",\"lat\":47.461747,\"sizeMeters\":200,\"zoomLevel\":18,\"stitchTiles\":false}" 400
+probe "lon-out-of-range"       "{\"id\":\"$(uuidgen)\",\"lat\":47.461747,\"lon\":181,\"sizeMeters\":200,\"zoomLevel\":18,\"stitchTiles\":false}" 400
+probe "missing-sizeMeters"     "{\"id\":\"$(uuidgen)\",\"lat\":47.461747,\"lon\":37.647063,\"zoomLevel\":18,\"stitchTiles\":false}" 400
+probe "sizeMeters-out-of-range" "{\"id\":\"$(uuidgen)\",\"lat\":47.461747,\"lon\":37.647063,\"sizeMeters\":1000000,\"zoomLevel\":18,\"stitchTiles\":false}" 400
+probe "missing-zoomLevel"      "{\"id\":\"$(uuidgen)\",\"lat\":47.461747,\"lon\":37.647063,\"sizeMeters\":200,\"stitchTiles\":false}" 400
+probe "zoomLevel-out-of-range" "{\"id\":\"$(uuidgen)\",\"lat\":47.461747,\"lon\":37.647063,\"sizeMeters\":200,\"zoomLevel\":30,\"stitchTiles\":false}" 400
+probe "missing-stitchTiles"    "{\"id\":\"$(uuidgen)\",\"lat\":47.461747,\"lon\":37.647063,\"sizeMeters\":200,\"zoomLevel\":18}" 400
+probe "lat-type-mismatch"      "{\"id\":\"$(uuidgen)\",\"lat\":\"fifty\",\"lon\":37.647063,\"sizeMeters\":200,\"zoomLevel\":18,\"stitchTiles\":false}" 400
+# Unknown root field — confirms UnmappedMemberHandling.Disallow stays active
+probe "unknown-root-field"     "{\"id\":\"$(uuidgen)\",\"lat\":47.461747,\"lon\":37.647063,\"sizeMeters\":200,\"zoomLevel\":18,\"stitchTiles\":false,\"unknownField\":1}" 400
+
+echo "All probes passed."
@@ -169,7 +169,7 @@ echo "PT-01: Tile Download Latency (cold) (threshold: 30000ms)"
 PT01_LAT="47.461347"
 PT01_LON="37.646663"
 START=$(date +%s%N)
-HTTP_CODE=$(curl "${CURL_OPTS[@]}" -s -o /dev/null -w "%{http_code}" -H "$AUTH_HEADER" "$API_URL/api/satellite/tiles/latlon?Latitude=$PT01_LAT&Longitude=$PT01_LON&ZoomLevel=18")
+HTTP_CODE=$(curl "${CURL_OPTS[@]}" -s -o /dev/null -w "%{http_code}" -H "$AUTH_HEADER" "$API_URL/api/satellite/tiles/latlon?lat=$PT01_LAT&lon=$PT01_LON&zoom=18")
 END=$(date +%s%N)
 ELAPSED_MS=$(( (END - START) / 1000000 ))
 if [[ "$HTTP_CODE" == "200" ]]; then
@@ -182,7 +182,7 @@ fi
 echo ""
 echo "PT-02: Cached Tile Retrieval Latency (threshold: 500ms)"
 START=$(date +%s%N)
-HTTP_CODE=$(curl "${CURL_OPTS[@]}" -s -o /dev/null -w "%{http_code}" -H "$AUTH_HEADER" "$API_URL/api/satellite/tiles/latlon?Latitude=47.461747&Longitude=37.647063&ZoomLevel=18")
+HTTP_CODE=$(curl "${CURL_OPTS[@]}" -s -o /dev/null -w "%{http_code}" -H "$AUTH_HEADER" "$API_URL/api/satellite/tiles/latlon?lat=47.461747&lon=37.647063&zoom=18")
 END=$(date +%s%N)
 ELAPSED_MS=$(( (END - START) / 1000000 ))