azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-22 13:51:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-794] [AZ-795] [AZ-796] Strict input validation + z/x/y rename
ci/woodpecker/push/01-test Pipeline was successful
Details
ci/woodpecker/push/02-build-push Pipeline was successful
Details

Browse Source 
AZ-794: rename inventory wire fields tileZoom/tileX/tileY -> z/x/y
to match the slippy-map URL convention. Contract bumped to v2.0.0.

AZ-795: shared validation infrastructure -- FluentValidation +
ValidationEndpointFilter + GlobalValidatorConfig (camelCase paths).
GlobalExceptionHandler now converts JsonException (UnmappedMember +
JsonRequired) into RFC 7807 ValidationProblemDetails. JSON layer
hardened with UnmappedMemberHandling.Disallow + camelCase naming
policy. New error-shape.md contract.

AZ-796: InventoryRequestValidator covers 9 rules (XOR tiles vs
locationHashes, cap 1000, z 0..22, x/y in slippy bounds, hash
length/charset). 16 unit tests + 16 integration tests + a manual
curl probe script.

Adjacent fixes uncovered by the new strict layer:
- IdempotentPostTests RoutePoint payload corrected to lat/lon
  (the DTO has used JsonPropertyName for ages; previously silently
  ignored under PascalCase fallback).
- TileInventoryTests slippy x/y reduced to fit z=18 bounds.
- docker-compose.yml host port for Postgres moved 5432 -> 5433 to
  avoid sibling-project conflict; appsettings.Development + README
  + AGENTS + architecture + containerization docs aligned.

New coderule (suite + repo): API consumer-facing OpenAPI
descriptions must not contain task IDs, contract filenames, or
version-bump history -- internal change tracking belongs in
commits/contract docs/changelogs. Existing offending descriptions
in Program.cs cleaned up.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-05-22 10:02:02 +03:00
parent dceaddc436
commit 865dfdb3b9
33 changed files with 1824 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SatelliteProvider.IntegrationTests/IdempotentPostTests.cs
+2 -2
View File
@@ -103,8 +103,8 @@ public static class IdempotentPostTests
createTilesZip = false,
points = new[]
{
new { latitude = 47.4617, longitude = 37.6470 },
new { latitude = 47.4630, longitude = 37.6485 },
new { lat = 47.4617, lon = 37.6470 },
new { lat = 47.4630, lon = 37.6485 },
},
});
SatelliteProvider.IntegrationTests/ProblemDetailsAssertions.cs
+102
View File
@@ -0,0 +1,102 @@
using System.Text.Json;
namespace SatelliteProvider.IntegrationTests;
// AZ-795: shared ProblemDetails / ValidationProblemDetails assertion helper
// for integration tests. Every endpoint that emits a 4xx error MUST produce
// a body matching the contract in
// `_docs/02_document/contracts/api/error-shape.md` (v1.0.0). Tests use this
// helper instead of re-deriving the shape per call site.
public static class ProblemDetailsAssertions
{
private static readonly JsonSerializerOptions JsonOptions = new()
{
PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
PropertyNameCaseInsensitive = true
};
public static async Task<JsonElement> ReadProblemDetailsAsync(HttpResponseMessage response, string label)
{
var contentType = response.Content.Headers.ContentType?.MediaType;
if (contentType is null || !contentType.Contains("application/problem+json", StringComparison.OrdinalIgnoreCase))
{
var body = await response.Content.ReadAsStringAsync();
throw new Exception(
$"{label}: expected Content-Type 'application/problem+json', got '{contentType}'. Body: {body}");
}
var stream = await response.Content.ReadAsStreamAsync();
using var doc = await JsonDocument.ParseAsync(stream);
return doc.RootElement.Clone();
}
public static void AssertValidationProblem(
JsonElement problem,
int expectedStatus,
string label,
string? expectedErrorPath = null,
string? expectedErrorContains = null)
{
if (!problem.TryGetProperty("status", out var statusEl) || statusEl.GetInt32() != expectedStatus)
{
throw new Exception(
$"{label}: expected status={expectedStatus}, got {(statusEl.ValueKind == JsonValueKind.Number ? statusEl.GetInt32().ToString() : "missing")}");
}
if (!problem.TryGetProperty("title", out var titleEl) || string.IsNullOrEmpty(titleEl.GetString()))
{
throw new Exception($"{label}: expected non-empty 'title', got missing/empty.");
}
if (!problem.TryGetProperty("errors", out var errorsEl) || errorsEl.ValueKind != JsonValueKind.Object)
{
throw new Exception($"{label}: expected 'errors' object, got {errorsEl.ValueKind}.");
}
if (expectedErrorPath is not null)
{
if (!errorsEl.TryGetProperty(expectedErrorPath, out var fieldEl) || fieldEl.ValueKind != JsonValueKind.Array)
{
throw new Exception(
$"{label}: expected errors['{expectedErrorPath}'] array, got {(errorsEl.TryGetProperty(expectedErrorPath, out var raw) ? raw.ValueKind.ToString() : "missing")}. " +
$"Available paths: {string.Join(", ", EnumeratePaths(errorsEl))}.");
}
if (expectedErrorContains is not null)
{
var first = fieldEl.EnumerateArray().FirstOrDefault();
var firstStr = first.ValueKind == JsonValueKind.String ? first.GetString() : null;
if (firstStr is null || !firstStr.Contains(expectedErrorContains, StringComparison.OrdinalIgnoreCase))
{
throw new Exception(
$"{label}: expected errors['{expectedErrorPath}'][0] to contain '{expectedErrorContains}', got '{firstStr}'.");
}
}
}
}
public static void AssertProblemDetails(
JsonElement problem,
int expectedStatus,
string label)
{
if (!problem.TryGetProperty("status", out var statusEl) || statusEl.GetInt32() != expectedStatus)
{
throw new Exception(
$"{label}: expected status={expectedStatus}, got {(statusEl.ValueKind == JsonValueKind.Number ? statusEl.GetInt32().ToString() : "missing")}");
}
if (!problem.TryGetProperty("title", out var titleEl) || string.IsNullOrEmpty(titleEl.GetString()))
{
throw new Exception($"{label}: expected non-empty 'title', got missing/empty.");
}
}
private static IEnumerable<string> EnumeratePaths(JsonElement errorsEl)
{
foreach (var prop in errorsEl.EnumerateObject())
{
yield return prop.Name;
}
}
}
SatelliteProvider.IntegrationTests/Program.cs
+2
View File
@@ -139,6 +139,7 @@ class Program
await StubAndErrorContractTests.RunAll(httpClient);
await IdempotentPostTests.RunAll(httpClient);
await TileInventoryTests.RunAll(httpClient);
await TileInventoryValidationTests.RunAll(httpClient);
await LeafletPathIndexOnlyTests.RunAll(connectionString);
await MigrationTests.RunAll();
}
@@ -162,6 +163,7 @@ class Program
await StubAndErrorContractTests.RunAll(httpClient);
await IdempotentPostTests.RunAll(httpClient);
await TileInventoryTests.RunAll(httpClient);
await TileInventoryValidationTests.RunAll(httpClient);
await LeafletPathIndexOnlyTests.RunAll(connectionString);
await MigrationTests.RunAll();
}
SatelliteProvider.IntegrationTests/TileInventoryTests.cs
+21 -21
View File
@@ -60,10 +60,10 @@ public static class TileInventoryTests
var seed = (int)(DateTime.UtcNow.Ticks % int.MaxValue);
var random = new Random(seed);
var presentCoords = Enumerable.Range(0, 12)
.Select(i => new TileCoord { TileZoom = zoom, TileX = 600_000 + (seed % 1000) * 100 + i, TileY = 700_000 + (seed % 1000) * 100 + i })
.Select(i => new TileCoord { Z = zoom, X = 50_000 + (seed % 1000) * 100 + i, Y = 60_000 + (seed % 1000) * 100 + i })
.ToArray();
var absentCoords = Enumerable.Range(0, 13)
.Select(i => new TileCoord { TileZoom = zoom, TileX = 800_000 + (seed % 1000) * 100 + i, TileY = 900_000 + (seed % 1000) * 100 + i })
.Select(i => new TileCoord { Z = zoom, X = 80_000 + (seed % 1000) * 100 + i, Y = 100_000 + (seed % 1000) * 100 + i })
.ToArray();
// Pre-seed the present cells. Mix sources / flights to exercise the
@@ -74,7 +74,7 @@ public static class TileInventoryTests
for (var i = 0; i < presentCoords.Length; i++)
{
var coord = presentCoords[i];
var locationHash = Uuidv5.LocationHashForTile(coord.TileZoom, coord.TileX, coord.TileY);
var locationHash = Uuidv5.LocationHashForTile(coord.Z, coord.X, coord.Y);
// Seed at least one google_maps row for every present cell.
var googleId = Guid.NewGuid();
@@ -119,7 +119,7 @@ public static class TileInventoryTests
}
var presentHashes = presentCoords
.Select(c => Uuidv5.LocationHashForTile(c.TileZoom, c.TileX, c.TileY))
.Select(c => Uuidv5.LocationHashForTile(c.Z, c.X, c.Y))
.ToHashSet();
for (var i = 0; i < allCoords.Length; i++)
@@ -127,14 +127,14 @@ public static class TileInventoryTests
var requestedCoord = allCoords[i];
var entry = body.Results[i];
if (entry.TileZoom != requestedCoord.TileZoom || entry.TileX != requestedCoord.TileX || entry.TileY != requestedCoord.TileY)
if (entry.Z != requestedCoord.Z || entry.X != requestedCoord.X || entry.Y != requestedCoord.Y)
{
throw new Exception(
$"AC-1: entry {i} coords mismatch — request was ({requestedCoord.TileZoom},{requestedCoord.TileX},{requestedCoord.TileY}), " +
$"response is ({entry.TileZoom},{entry.TileX},{entry.TileY})");
$"AC-1: entry {i} coords mismatch — request was ({requestedCoord.Z},{requestedCoord.X},{requestedCoord.Y}), " +
$"response is ({entry.Z},{entry.X},{entry.Y})");
}
var expectedHash = Uuidv5.LocationHashForTile(requestedCoord.TileZoom, requestedCoord.TileX, requestedCoord.TileY);
var expectedHash = Uuidv5.LocationHashForTile(requestedCoord.Z, requestedCoord.X, requestedCoord.Y);
if (entry.LocationHash != expectedHash)
{
throw new Exception($"AC-1: entry {i} location_hash mismatch — expected {expectedHash}, got {entry.LocationHash}");
@@ -195,11 +195,11 @@ public static class TileInventoryTests
var seed = (int)(DateTime.UtcNow.Ticks % int.MaxValue);
var coord = new TileCoord
{
TileZoom = zoom,
TileX = 1_200_000 + (seed % 1000),
TileY = 1_300_000 + (seed % 1000)
Z = zoom,
X = 130_000 + (seed % 1000),
Y = 150_000 + (seed % 1000)
};
var locationHash = Uuidv5.LocationHashForTile(coord.TileZoom, coord.TileX, coord.TileY);
var locationHash = Uuidv5.LocationHashForTile(coord.Z, coord.X, coord.Y);
var googleId = Guid.NewGuid();
var googleCapturedAt = DateTime.UtcNow.AddHours(-2);
@@ -252,7 +252,7 @@ public static class TileInventoryTests
// Arrange
var request = new TileInventoryRequest
{
Tiles = new[] { new TileCoord { TileZoom = 18, TileX = 1, TileY = 1 } },
Tiles = new[] { new TileCoord { Z = 18, X = 1, Y = 1 } },
LocationHashes = new[] { Guid.NewGuid() }
};
@@ -309,7 +309,7 @@ public static class TileInventoryTests
using var anonymous = new HttpClient { BaseAddress = baseAddress, Timeout = TimeSpan.FromSeconds(30) };
var request = new TileInventoryRequest
{
Tiles = new[] { new TileCoord { TileZoom = 18, TileX = 1, TileY = 1 } }
Tiles = new[] { new TileCoord { Z = 18, X = 1, Y = 1 } }
};
// Act
@@ -361,7 +361,7 @@ public static class TileInventoryTests
{
var x = 100_000 + random.Next(0, 65_536);
var y = 100_000 + random.Next(0, 65_536);
coords[i] = new TileCoord { TileZoom = zoom, TileX = x, TileY = y };
coords[i] = new TileCoord { Z = zoom, X = x, Y = y };
var hash = Uuidv5.LocationHashForTile(zoom, x, y);
idP.Value = Guid.NewGuid();
zP.Value = zoom;
@@ -429,12 +429,12 @@ public static class TileInventoryTests
VALUES (@id, @z, @x, @y, @lat, @lon, 200.0, 256, 'jpg', @fp, @src, @t, @t, @t, @flight, @loc)
ON CONFLICT DO NOTHING;", conn);
cmd.Parameters.AddWithValue("id", id);
cmd.Parameters.AddWithValue("z", coord.TileZoom);
cmd.Parameters.AddWithValue("x", coord.TileX);
cmd.Parameters.AddWithValue("y", coord.TileY);
cmd.Parameters.AddWithValue("lat", 60.0 + coord.TileX * 1e-9);
cmd.Parameters.AddWithValue("lon", 30.0 + coord.TileY * 1e-9);
cmd.Parameters.AddWithValue("fp", $"tiles/seed/{coord.TileZoom}/{coord.TileX}/{coord.TileY}.jpg");
cmd.Parameters.AddWithValue("z", coord.Z);
cmd.Parameters.AddWithValue("x", coord.X);
cmd.Parameters.AddWithValue("y", coord.Y);
cmd.Parameters.AddWithValue("lat", 60.0 + coord.X * 1e-9);
cmd.Parameters.AddWithValue("lon", 30.0 + coord.Y * 1e-9);
cmd.Parameters.AddWithValue("fp", $"tiles/seed/{coord.Z}/{coord.X}/{coord.Y}.jpg");
cmd.Parameters.AddWithValue("src", source);
// schema column is TIMESTAMP (no tz); Npgsql v6+ refuses to bind a
// Kind=Utc DateTime into a plain timestamp column. Callers pass UTC
SatelliteProvider.IntegrationTests/TileInventoryValidationTests.cs
+430
View File
@@ -0,0 +1,430 @@
using System.Net;
using System.Net.Http.Json;
using System.Text;
using System.Text.Json;
namespace SatelliteProvider.IntegrationTests;
// AZ-796: end-to-end coverage for the inventory endpoint's strict input
// validation. Each test exercises one rule from the validator (FluentValidation
// for business rules, JsonSerializerOptions for wire-format rules) and asserts
// the response body conforms to the RFC 7807 ValidationProblemDetails contract
// in `_docs/02_document/contracts/api/error-shape.md` v1.0.0.
public static class TileInventoryValidationTests
{
private const string InventoryPath = "/api/satellite/tiles/inventory";
public static async Task RunAll(HttpClient httpClient)
{
RouteTestHelpers.PrintTestHeader("Test: Inventory endpoint strict validation (AZ-796)");
await HappyPath_Returns200(httpClient);
// Rule 1: body present
await EmptyBody_Returns400(httpClient);
// Rule 2: tiles required (one of tiles/locationHashes must be populated)
await NeitherPopulated_Returns400(httpClient);
await BothPopulated_Returns400(httpClient);
// Rule 3: tiles non-empty
await EmptyTilesArray_Returns400(httpClient);
// Rule 4: tiles max size
await TilesOverCap_Returns400(httpClient);
// Rule 5: each entry has z, x, y
await MissingZ_Returns400WithFieldPath(httpClient);
await MissingXAndY_Returns400(httpClient);
// Rule 6: non-negative integer fields
await NegativeAxis_Returns400(httpClient);
await TypeMismatch_Returns400(httpClient);
// Rule 7: z within supported zoom range
await ZoomOutOfRange_Returns400WithFieldPath(httpClient);
// Rule 8: x / y within tile-axis bounds
await XBeyondZoomBounds_Returns400(httpClient);
await YBeyondZoomBounds_Returns400(httpClient);
// Rule 9: unknown fields rejected
await UnknownRootField_Returns400(httpClient);
await UnknownNestedField_Returns400(httpClient);
await OldV1FieldName_Returns400(httpClient);
Console.WriteLine("✓ Inventory validation tests: PASSED");
}
private static async Task HappyPath_Returns200(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796: well-formed request with z/x/y triple → HTTP 200");
// Arrange
const string body = """{"tiles":[{"z":18,"x":1,"y":1}]}""";
// Act
var response = await PostJsonAsync(httpClient, body);
// Assert
if (response.StatusCode != HttpStatusCode.OK)
{
var errorBody = await response.Content.ReadAsStringAsync();
throw new Exception($"AZ-796 happy path: expected 200, got {(int)response.StatusCode}. Body: {errorBody}");
}
Console.WriteLine(" ✓ Valid {z, x, y} request returns HTTP 200");
}
private static async Task EmptyBody_Returns400(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796 rule 1: empty body → HTTP 400");
// Arrange — POST with zero-byte body and JSON content type. The framework
// rejects the missing required body parameter before any handler/filter
// runs, so the response is basic RFC 7807 ProblemDetails with no `errors`
// map (vs. ValidationProblemDetails on field-level violations).
var content = new StringContent(string.Empty, Encoding.UTF8, "application/json");
// Act
var response = await httpClient.PostAsync(InventoryPath, content);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 empty body");
// Assert
ProblemDetailsAssertions.AssertProblemDetails(problem, expectedStatus: 400, label: "AZ-796 empty body");
Console.WriteLine(" ✓ Empty body rejected with HTTP 400 + ProblemDetails");
}
private static async Task NeitherPopulated_Returns400(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796 rule 2: neither tiles nor locationHashes populated → HTTP 400");
// Arrange
const string body = """{}""";
// Act
var response = await PostJsonAsync(httpClient, body);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 neither populated");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(
problem,
expectedStatus: 400,
label: "AZ-796 neither populated",
expectedErrorPath: "$");
Console.WriteLine(" ✓ Empty object rejected with errors[\"$\"] (XOR rule)");
}
private static async Task BothPopulated_Returns400(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796 rule 2: both tiles and locationHashes populated → HTTP 400");
// Arrange
const string body = """{"tiles":[{"z":18,"x":1,"y":1}],"locationHashes":["00000000-0000-0000-0000-000000000000"]}""";
// Act
var response = await PostJsonAsync(httpClient, body);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 both populated");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(
problem,
expectedStatus: 400,
label: "AZ-796 both populated",
expectedErrorPath: "$");
Console.WriteLine(" ✓ Both populated rejected with errors[\"$\"] (XOR rule)");
}
private static async Task EmptyTilesArray_Returns400(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796 rule 3: empty tiles array → HTTP 400");
// Arrange — XOR rule treats empty arrays as not-populated
const string body = """{"tiles":[]}""";
// Act
var response = await PostJsonAsync(httpClient, body);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 empty tiles array");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(
problem,
expectedStatus: 400,
label: "AZ-796 empty tiles array",
expectedErrorPath: "$");
Console.WriteLine(" ✓ Empty tiles array rejected with HTTP 400");
}
private static async Task TilesOverCap_Returns400(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796 rule 4: > 5000 tile entries → HTTP 400");
// Arrange — TileInventoryLimits.MaxEntriesPerRequest is 5000
var sb = new StringBuilder();
sb.Append("""{"tiles":[""");
for (var i = 0; i < 5001; i++)
{
if (i > 0) sb.Append(',');
sb.Append("""{"z":18,"x":1,"y":1}""");
}
sb.Append("]}");
// Act
var response = await PostJsonAsync(httpClient, sb.ToString());
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 over cap");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(
problem,
expectedStatus: 400,
label: "AZ-796 over cap",
expectedErrorPath: "tiles");
Console.WriteLine(" ✓ 5001-entry tiles array rejected with errors[\"tiles\"]");
}
private static async Task MissingZ_Returns400WithFieldPath(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796: missing `z` → HTTP 400 with structured errors map");
// Arrange — JsonRequired on TileCoord.Z catches this at the deserializer layer.
const string body = """{"tiles":[{"x":1,"y":1}]}""";
// Act
var response = await PostJsonAsync(httpClient, body);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 missing z");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-796 missing z");
AssertErrorsContainsMention(problem, expectedMention: "z", label: "AZ-796 missing z");
Console.WriteLine(" ✓ Missing `z` rejected with errors map mentioning the field");
}
private static async Task MissingXAndY_Returns400(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796: missing `x` and `y` → HTTP 400");
// Arrange
const string body = """{"tiles":[{"z":18}]}""";
// Act
var response = await PostJsonAsync(httpClient, body);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 missing x/y");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-796 missing x/y");
Console.WriteLine(" ✓ Missing `x` and `y` rejected with HTTP 400");
}
private static async Task ZoomOutOfRange_Returns400WithFieldPath(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796: z out of slippy-map range → HTTP 400 with errors[\"tiles[0].z\"]");
// Arrange — z=30 is beyond the supported max of 22
const string body = """{"tiles":[{"z":30,"x":0,"y":0}]}""";
// Act
var response = await PostJsonAsync(httpClient, body);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 z=30");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(
problem,
expectedStatus: 400,
label: "AZ-796 z=30",
expectedErrorPath: "tiles[0].z",
expectedErrorContains: "between 0 and 22");
Console.WriteLine(" ✓ z=30 rejected with errors[\"tiles[0].z\"] mentioning range");
}
private static async Task XBeyondZoomBounds_Returns400(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796: x ≥ 2^z → HTTP 400");
// Arrange — at z=2, valid x is 0..3; x=4 is invalid
const string body = """{"tiles":[{"z":2,"x":4,"y":0}]}""";
// Act
var response = await PostJsonAsync(httpClient, body);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 x=4 z=2");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(
problem,
expectedStatus: 400,
label: "AZ-796 x=4 z=2",
expectedErrorPath: "tiles[0].x");
Console.WriteLine(" ✓ x=4 at z=2 rejected with errors[\"tiles[0].x\"]");
}
private static async Task YBeyondZoomBounds_Returns400(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796: y ≥ 2^z → HTTP 400");
// Arrange — at z=0, valid y is 0..0; y=1 is invalid
const string body = """{"tiles":[{"z":0,"x":0,"y":1}]}""";
// Act
var response = await PostJsonAsync(httpClient, body);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 y=1 z=0");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(
problem,
expectedStatus: 400,
label: "AZ-796 y=1 z=0",
expectedErrorPath: "tiles[0].y");
Console.WriteLine(" ✓ y=1 at z=0 rejected with errors[\"tiles[0].y\"]");
}
private static async Task NegativeAxis_Returns400(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796: negative coordinate → HTTP 400");
// Arrange
const string body = """{"tiles":[{"z":18,"x":-1,"y":0}]}""";
// Act
var response = await PostJsonAsync(httpClient, body);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 x=-1");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(
problem,
expectedStatus: 400,
label: "AZ-796 x=-1",
expectedErrorPath: "tiles[0].x");
Console.WriteLine(" ✓ x=-1 rejected with errors[\"tiles[0].x\"]");
}
private static async Task UnknownRootField_Returns400(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796: unknown root field → HTTP 400 (UnmappedMemberHandling.Disallow)");
// Arrange
const string body = """{"unknownField":42,"tiles":[{"z":18,"x":1,"y":1}]}""";
// Act
var response = await PostJsonAsync(httpClient, body);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 unknown root field");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-796 unknown root field");
AssertErrorsContainsMention(problem, expectedMention: "unknownField", label: "AZ-796 unknown root field");
Console.WriteLine(" ✓ Unknown root field rejected; errors map names the field");
}
private static async Task UnknownNestedField_Returns400(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796: unknown nested field on tile entry → HTTP 400");
// Arrange
const string body = """{"tiles":[{"z":18,"x":1,"y":1,"foo":42}]}""";
// Act
var response = await PostJsonAsync(httpClient, body);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 unknown nested field");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-796 unknown nested field");
AssertErrorsContainsMention(problem, expectedMention: "foo", label: "AZ-796 unknown nested field");
Console.WriteLine(" ✓ Unknown nested field rejected; errors map names the field");
}
private static async Task OldV1FieldName_Returns400(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-794 + AZ-796: legacy `tileZoom`/`tileX`/`tileY` field name → HTTP 400");
// Arrange — exact AZ-777 Phase 1 reproduction; v1 callers must now fail explicitly
// instead of silently coercing to (0,0,0).
const string body = """{"tiles":[{"tileZoom":18,"tileX":1,"tileY":1}]}""";
// Act
var response = await PostJsonAsync(httpClient, body);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-794 legacy field");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-794 legacy field");
AssertErrorsContainsMention(problem, expectedMention: "tileZoom", label: "AZ-794 legacy field");
Console.WriteLine(" ✓ Legacy v1.x field names rejected with explicit error (no silent coercion)");
}
private static async Task TypeMismatch_Returns400(HttpClient httpClient)
{
Console.WriteLine();
Console.WriteLine("AZ-796: type mismatch (string where integer expected) → HTTP 400");
// Arrange
const string body = """{"tiles":[{"z":"eighteen","x":1,"y":1}]}""";
// Act
var response = await PostJsonAsync(httpClient, body);
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 type mismatch");
// Assert
ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-796 type mismatch");
Console.WriteLine(" ✓ String-where-int rejected with HTTP 400");
}
private static Task<HttpResponseMessage> PostJsonAsync(HttpClient httpClient, string body)
{
var content = new StringContent(body, Encoding.UTF8, "application/json");
return httpClient.PostAsync(InventoryPath, content);
}
private static void AssertErrorsContainsMention(JsonElement problem, string expectedMention, string label)
{
if (!problem.TryGetProperty("errors", out var errorsEl) || errorsEl.ValueKind != JsonValueKind.Object)
{
throw new Exception($"{label}: expected 'errors' object in ProblemDetails body.");
}
var found = false;
foreach (var prop in errorsEl.EnumerateObject())
{
if (prop.Name.Contains(expectedMention, StringComparison.OrdinalIgnoreCase))
{
found = true;
break;
}
foreach (var msg in prop.Value.EnumerateArray())
{
if (msg.GetString()?.Contains(expectedMention, StringComparison.OrdinalIgnoreCase) == true)
{
found = true;
break;
}
}
if (found) break;
}
if (!found)
{
var paths = string.Join(", ", errorsEl.EnumerateObject().Select(p => p.Name));
throw new Exception($"{label}: expected '{expectedMention}' to appear in errors keys or messages. Available paths: {paths}.");
}
}
}