azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-22 06:31:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-809] Strict validation for POST /api/satellite/route

Browse Source 
Third concrete child of AZ-795 (cycle 8 batch 3). FluentValidation +
[JsonRequired] + UnmappedMemberHandling.Disallow combine to reject every
malformed payload at the API boundary with RFC 7807 ValidationProblemDetails.

Validators (SatelliteProvider.Api/Validators/, all new)
- CreateRouteRequestValidator: id non-empty, name/description length,
  regionSizeMeters/zoomLevel ranges, points count [2, 500], cross-field
  createTilesZip => requestMaps. Chains RoutePointValidator (per-point)
  and GeofencePolygonValidator (per-polygon, guarded by When(Geofences != null)).
  OverridePropertyName("geofences.polygons") on the geofences chain so
  FluentValidation's default leaf-only key policy doesn't drop the parent
  path on deep expressions like req.Geofences!.Polygons.
- RoutePointValidator: lat/lon ranges; OverridePropertyName("lat"/"lon")
  chained AFTER InclusiveBetween (the extension is defined on
  IRuleBuilderOptions<T, TProperty>, so the generic type is only
  inferable after the first concrete rule) so error keys match the
  wire format (`points[i].lat`) rather than the C# property name
  (`points[i].latitude`).
- GeofencePolygonValidator: per-corner range checks via private nested
  GeoCornerValidator; cross-field NW.Lat > SE.Lat and NW.Lon < SE.Lon
  invariants emit at errors["geofences.polygons[i].northWest"].

DTOs (SatelliteProvider.Common/DTO/, [JsonRequired] additions only)
- CreateRouteRequest: id, name, regionSizeMeters, zoomLevel, points,
  requestMaps, createTilesZip
- RoutePoint: Latitude, Longitude
- GeofencePolygon: NorthWest, SouthEast; Geofences: Polygons
- GeoPoint: Lat, Lon

Tests
- Unit: 26 methods total — 16 in CreateRouteRequestValidatorTests, 6 in
  GeofencePolygonValidatorTests, 4 in RoutePointValidatorTests. Each
  RuleFor/RuleForEach chain has at least one positive + one negative case.
- Integration: CreateRouteValidationTests.cs — 16 methods (happy + 15
  failure modes) wired into smoke + full suites. Covers empty body,
  missing/zero id, empty name, out-of-range regionSizeMeters/zoomLevel,
  points count < 2, per-point lat/lon out-of-range, geofence invariants,
  missing requestMaps, cross-field createTilesZip, unknown root field,
  nested type mismatch.
- Manual probe: scripts/probe_route_validation.sh curl-exercises every
  failure mode end-to-end + happy path.

Docs
- New contract _docs/02_document/contracts/api/route-creation.md v1.0.0
  with nested DTO chain, invariants, per-field test cases table, and
  advisories on the legacy service-layer RouteValidator + the
  input/output RoutePoint vs RoutePointDto naming asymmetry.
- system-flows.md F4 sequence diagram extended with the validation-filter
  branch; preconditions + error scenarios reference the new contract.
- modules/api_program.md: CreateRoute handler section added; Api/Validators
  bumped to AZ-808/AZ-809/AZ-811.
- modules/common_dtos.md: DTO descriptions updated with [JsonRequired]
  annotations and constraint summaries.
- tests/blackbox-tests.md BT-06/BT-N03/BT-N04/BT-N05 align with the new
  wire format and named error keys.
- tests/security-tests.md SEC-04 references GlobalExceptionHandler's
  JsonException branch + AZ-353 correlationId.
- _docs/03_implementation/batch_03_cycle8_report.md + reviews/batch_03_cycle8_review.md
  (PASS_WITH_NOTES — F1 Low: OverridePropertyName documented inline,
  F2 + F3 Info: pre-existing advisories for follow-up).

Smoke green (mode=smoke, exit 0). AZ-809 transitioned to In Testing on Jira.
Task file moved to _docs/02_tasks/done/.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-05-22 17:49:48 +03:00
parent 34ee1e0b83
commit 5e056b2334
24 changed files with 1929 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SatelliteProvider.Tests/Validators/CreateRouteRequestValidatorTests.cs
+282
View File
@@ -0,0 +1,282 @@
using FluentValidation.TestHelper;
using SatelliteProvider.Api.Validators;
using SatelliteProvider.Common.DTO;
namespace SatelliteProvider.Tests.Validators;
// AZ-809: unit tests for CreateRouteRequestValidator. Each RuleFor /
// RuleForEach in the root validator has at least one passing case + one
// failing case. Required-field detection lives at the deserializer layer
// ([JsonRequired] + UnmappedMemberHandling.Disallow), covered separately
// at the integration layer in CreateRouteValidationTests.
public class CreateRouteRequestValidatorTests
{
private readonly CreateRouteRequestValidator _validator;
public CreateRouteRequestValidatorTests()
{
GlobalValidatorConfig.ApplyOnce();
_validator = new CreateRouteRequestValidator();
}
private static CreateRouteRequest ValidRequest()
{
return new CreateRouteRequest
{
Id = Guid.NewGuid(),
Name = "derkachi-flight-1",
Description = "AZ-777 Phase 2 seed route",
RegionSizeMeters = 1000.0,
ZoomLevel = 18,
Points = new List<RoutePoint>
{
new() { Latitude = 50.10, Longitude = 36.10 },
new() { Latitude = 50.11, Longitude = 36.11 },
},
RequestMaps = true,
CreateTilesZip = false,
};
}
[Fact]
public void Validate_AllValid_Passes()
{
// Arrange
var request = ValidRequest();
// Act
var result = _validator.TestValidate(request);
// Assert
result.ShouldNotHaveAnyValidationErrors();
}
[Fact]
public void Validate_IdEmpty_FailsNotEmptyRule()
{
// Arrange — reproduces the 2026-05-22 probe finding (silent zero-Guid).
var request = ValidRequest();
request.Id = Guid.Empty;
// Act
var result = _validator.TestValidate(request);
// Assert
result.ShouldHaveValidationErrorFor("id")
.WithErrorMessage("`id` must be a non-zero GUID (the caller's idempotency key).");
}
[Theory]
[InlineData("")]
[InlineData(" ")]
public void Validate_NameMissing_FailsNotEmptyRule(string name)
{
// Arrange
var request = ValidRequest();
request.Name = name;
// Act
var result = _validator.TestValidate(request);
// Assert
result.ShouldHaveValidationErrorFor("name");
}
[Fact]
public void Validate_NameTooLong_FailsLengthRule()
{
// Arrange — name length 201 (cap is 200).
var request = ValidRequest();
request.Name = new string('a', 201);
// Act
var result = _validator.TestValidate(request);
// Assert
result.ShouldHaveValidationErrorFor("name");
}
[Fact]
public void Validate_DescriptionTooLong_FailsLengthRule()
{
// Arrange — description length 1001 (cap is 1000).
var request = ValidRequest();
request.Description = new string('d', 1001);
// Act
var result = _validator.TestValidate(request);
// Assert
result.ShouldHaveValidationErrorFor("description");
}
[Theory]
[InlineData(99.999)]
[InlineData(0.0)]
[InlineData(10000.001)]
[InlineData(100000.0)]
public void Validate_RegionSizeMetersOutOfRange_FailsRangeRule(double size)
{
// Arrange
var request = ValidRequest();
request.RegionSizeMeters = size;
// Act
var result = _validator.TestValidate(request);
// Assert
result.ShouldHaveValidationErrorFor("regionSizeMeters");
}
[Theory]
[InlineData(-1)]
[InlineData(23)]
[InlineData(100)]
public void Validate_ZoomLevelOutOfRange_FailsRangeRule(int zoom)
{
// Arrange
var request = ValidRequest();
request.ZoomLevel = zoom;
// Act
var result = _validator.TestValidate(request);
// Assert
result.ShouldHaveValidationErrorFor("zoomLevel");
}
[Fact]
public void Validate_PointsTooFew_FailsCountRule()
{
// Arrange — only 1 point; min is 2 (Flow F4 precondition).
var request = ValidRequest();
request.Points = new List<RoutePoint>
{
new() { Latitude = 50.10, Longitude = 36.10 },
};
// Act
var result = _validator.TestValidate(request);
// Assert
result.ShouldHaveValidationErrorFor("points");
}
[Fact]
public void Validate_PointsTooMany_FailsCountRule()
{
// Arrange — 501 points; max is 500.
var request = ValidRequest();
request.Points = Enumerable
.Range(0, 501)
.Select(_ => new RoutePoint { Latitude = 50.10, Longitude = 36.10 })
.ToList();
// Act
var result = _validator.TestValidate(request);
// Assert
result.ShouldHaveValidationErrorFor("points");
}
[Fact]
public void Validate_PointLatOutOfRange_FailsChildRule()
{
// Arrange — second point's lat is out of range
var request = ValidRequest();
request.Points[1].Latitude = 91.0;
// Act
var result = _validator.TestValidate(request);
// Assert
result.ShouldHaveValidationErrorFor("points[1].lat");
}
[Fact]
public void Validate_PointLonOutOfRange_FailsChildRule()
{
// Arrange — second point's lon is out of range
var request = ValidRequest();
request.Points[1].Longitude = 181.0;
// Act
var result = _validator.TestValidate(request);
// Assert
result.ShouldHaveValidationErrorFor("points[1].lon");
}
[Fact]
public void Validate_GeofencePolygonNwSwapped_FailsChildInvariant()
{
// Arrange — NW.Lat <= SE.Lat (NW not north-of SE)
var request = ValidRequest();
request.Geofences = new Geofences
{
Polygons = new List<GeofencePolygon>
{
new()
{
NorthWest = new GeoPoint(50.05, 36.05),
SouthEast = new GeoPoint(50.05, 36.15),
}
}
};
// Act
var result = _validator.TestValidate(request);
// Assert — the GeofencePolygonValidator child-validator's `.WithName("northWest")`
// is prefixed with the RuleForEach path which we OverridePropertyName to
// "geofences.polygons", producing the full wire path
// `geofences.polygons[0].northWest`.
result.ShouldHaveValidationErrorFor("geofences.polygons[0].northWest");
}
[Fact]
public void Validate_GeofencesPresentButEmpty_FailsNotEmptyRule()
{
// Arrange — geofences object exists, polygons list is empty
var request = ValidRequest();
request.Geofences = new Geofences { Polygons = new List<GeofencePolygon>() };
// Act
var result = _validator.TestValidate(request);
// Assert — OverridePropertyName makes the empty-list rule fire at the
// wire-format path `geofences.polygons` instead of the leaf-only `polygons`.
result.ShouldHaveValidationErrorFor("geofences.polygons");
}
[Fact]
public void Validate_CreateTilesZipWithoutRequestMaps_FailsCrossFieldRule()
{
// Arrange — cannot zip what wasn't downloaded
var request = ValidRequest();
request.RequestMaps = false;
request.CreateTilesZip = true;
// Act
var result = _validator.TestValidate(request);
// Assert
result.ShouldHaveValidationErrorFor("createTilesZip")
.WithErrorMessage("`createTilesZip` requires `requestMaps` to be true (can't zip what wasn't downloaded).");
}
[Fact]
public void Validate_CreateTilesZipWithRequestMaps_Passes()
{
// Arrange — both true is valid
var request = ValidRequest();
request.RequestMaps = true;
request.CreateTilesZip = true;
// Act
var result = _validator.TestValidate(request);
// Assert
result.ShouldNotHaveValidationErrorFor("createTilesZip");
}
}
SatelliteProvider.Tests/Validators/GeofencePolygonValidatorTests.cs
+132
View File
@@ -0,0 +1,132 @@
using FluentValidation.TestHelper;
using SatelliteProvider.Api.Validators;
using SatelliteProvider.Common.DTO;
namespace SatelliteProvider.Tests.Validators;
// AZ-809: unit tests for GeofencePolygonValidator. Covers (a) presence of
// both corners, (b) range checks per corner, and (c) the cross-field
// invariant `NW north-of SE` AND `NW west-of SE`.
public class GeofencePolygonValidatorTests
{
private readonly GeofencePolygonValidator _validator;
public GeofencePolygonValidatorTests()
{
GlobalValidatorConfig.ApplyOnce();
_validator = new GeofencePolygonValidator();
}
private static GeofencePolygon ValidPolygon() => new()
{
NorthWest = new GeoPoint(50.15, 36.05),
SouthEast = new GeoPoint(50.05, 36.15),
};
[Fact]
public void Validate_AllValid_Passes()
{
// Arrange
var polygon = ValidPolygon();
// Act
var result = _validator.TestValidate(polygon);
// Assert
result.ShouldNotHaveAnyValidationErrors();
}
[Fact]
public void Validate_NorthWestNull_FailsNotNullRule()
{
// Arrange
var polygon = ValidPolygon();
polygon.NorthWest = null;
// Act
var result = _validator.TestValidate(polygon);
// Assert
result.ShouldHaveValidationErrorFor("northWest")
.WithErrorMessage("`northWest` corner is required.");
}
[Fact]
public void Validate_SouthEastNull_FailsNotNullRule()
{
// Arrange
var polygon = ValidPolygon();
polygon.SouthEast = null;
// Act
var result = _validator.TestValidate(polygon);
// Assert
result.ShouldHaveValidationErrorFor("southEast")
.WithErrorMessage("`southEast` corner is required.");
}
[Theory]
[InlineData(-90.001)]
[InlineData(90.001)]
public void Validate_NorthWestLatOutOfRange_FailsRangeRule(double lat)
{
// Arrange
var polygon = ValidPolygon();
polygon.NorthWest = new GeoPoint(lat, 36.05);
// Act
var result = _validator.TestValidate(polygon);
// Assert
result.ShouldHaveValidationErrorFor("northWest.lat");
}
[Theory]
[InlineData(-180.001)]
[InlineData(180.001)]
public void Validate_SouthEastLonOutOfRange_FailsRangeRule(double lon)
{
// Arrange
var polygon = ValidPolygon();
polygon.SouthEast = new GeoPoint(50.05, lon);
// Act
var result = _validator.TestValidate(polygon);
// Assert
result.ShouldHaveValidationErrorFor("southEast.lon");
}
[Fact]
public void Validate_NorthWestLatNotGreaterThanSouthEast_FailsInvariant()
{
// Arrange — NW.Lat <= SE.Lat → invariant violation
var polygon = ValidPolygon();
polygon.NorthWest = new GeoPoint(50.05, 36.05);
polygon.SouthEast = new GeoPoint(50.05, 36.15);
// Act
var result = _validator.TestValidate(polygon);
// Assert
result.ShouldHaveValidationErrorFor("northWest")
.WithErrorMessage("`northWest.lat` must be greater than `southEast.lat` (NW is north-of SE).");
}
[Fact]
public void Validate_NorthWestLonNotLessThanSouthEast_FailsInvariant()
{
// Arrange — NW.Lon >= SE.Lon → invariant violation
var polygon = ValidPolygon();
polygon.NorthWest = new GeoPoint(50.15, 36.15);
polygon.SouthEast = new GeoPoint(50.05, 36.15);
// Act
var result = _validator.TestValidate(polygon);
// Assert
result.ShouldHaveValidationErrorFor("northWest")
.WithErrorMessage("`northWest.lon` must be less than `southEast.lon` (NW is west-of SE).");
}
}
SatelliteProvider.Tests/Validators/RoutePointValidatorTests.cs
+86
View File
@@ -0,0 +1,86 @@
using FluentValidation.TestHelper;
using SatelliteProvider.Api.Validators;
using SatelliteProvider.Common.DTO;
namespace SatelliteProvider.Tests.Validators;
// AZ-809: unit tests for RoutePointValidator. Lat/lon range checks live on
// `RoutePoint.Latitude` / `RoutePoint.Longitude` (C# names); the validator's
// OverridePropertyName aligns FluentValidation error keys with the wire
// format (`lat` / `lon`) so callers see what they posted.
public class RoutePointValidatorTests
{
private readonly RoutePointValidator _validator;
public RoutePointValidatorTests()
{
GlobalValidatorConfig.ApplyOnce();
_validator = new RoutePointValidator();
}
[Theory]
[InlineData(-90.001)]
[InlineData(90.001)]
[InlineData(180.0)]
public void Validate_LatOutOfRange_FailsRangeRule(double lat)
{
// Arrange
var point = new RoutePoint { Latitude = lat, Longitude = 37.647063 };
// Act
var result = _validator.TestValidate(point);
// Assert
result.ShouldHaveValidationErrorFor("lat");
}
[Theory]
[InlineData(-90.0)]
[InlineData(0.0)]
[InlineData(47.461747)]
[InlineData(90.0)]
public void Validate_LatAtOrInsideBounds_Passes(double lat)
{
// Arrange
var point = new RoutePoint { Latitude = lat, Longitude = 37.647063 };
// Act
var result = _validator.TestValidate(point);
// Assert
result.ShouldNotHaveValidationErrorFor("lat");
}
[Theory]
[InlineData(-180.001)]
[InlineData(180.001)]
[InlineData(360.0)]
public void Validate_LonOutOfRange_FailsRangeRule(double lon)
{
// Arrange
var point = new RoutePoint { Latitude = 47.461747, Longitude = lon };
// Act
var result = _validator.TestValidate(point);
// Assert
result.ShouldHaveValidationErrorFor("lon");
}
[Theory]
[InlineData(-180.0)]
[InlineData(0.0)]
[InlineData(37.647063)]
[InlineData(180.0)]
public void Validate_LonAtOrInsideBounds_Passes(double lon)
{
// Arrange
var point = new RoutePoint { Latitude = 47.461747, Longitude = lon };
// Act
var result = _validator.TestValidate(point);
// Assert
result.ShouldNotHaveValidationErrorFor("lon");
}
}