mirror of
https://github.com/azaion/satellite-provider.git
synced 2026-06-21 10:11:13 +00:00
Oleksandr Bezdieniezhnykh
865dfdb3b9
AZ-794: rename inventory wire fields tileZoom/tileX/tileY -> z/x/y to match the slippy-map URL convention. Contract bumped to v2.0.0. AZ-795: shared validation infrastructure -- FluentValidation + ValidationEndpointFilter + GlobalValidatorConfig (camelCase paths). GlobalExceptionHandler now converts JsonException (UnmappedMember + JsonRequired) into RFC 7807 ValidationProblemDetails. JSON layer hardened with UnmappedMemberHandling.Disallow + camelCase naming policy. New error-shape.md contract. AZ-796: InventoryRequestValidator covers 9 rules (XOR tiles vs locationHashes, cap 1000, z 0..22, x/y in slippy bounds, hash length/charset). 16 unit tests + 16 integration tests + a manual curl probe script. Adjacent fixes uncovered by the new strict layer: - IdempotentPostTests RoutePoint payload corrected to lat/lon (the DTO has used JsonPropertyName for ages; previously silently ignored under PascalCase fallback). - TileInventoryTests slippy x/y reduced to fit z=18 bounds. - docker-compose.yml host port for Postgres moved 5432 -> 5433 to avoid sibling-project conflict; appsettings.Development + README + AGENTS + architecture + containerization docs aligned. New coderule (suite + repo): API consumer-facing OpenAPI descriptions must not contain task IDs, contract filenames, or version-bump history -- internal change tracking belongs in commits/contract docs/changelogs. Existing offending descriptions in Program.cs cleaned up. Co-authored-by: Cursor <cursoragent@cursor.com>
431 lines
17 KiB
C#
431 lines
17 KiB
C#
using System.Net;
|
|
using System.Net.Http.Json;
|
|
using System.Text;
|
|
using System.Text.Json;
|
|
|
|
namespace SatelliteProvider.IntegrationTests;
|
|
|
|
// AZ-796: end-to-end coverage for the inventory endpoint's strict input
|
|
// validation. Each test exercises one rule from the validator (FluentValidation
|
|
// for business rules, JsonSerializerOptions for wire-format rules) and asserts
|
|
// the response body conforms to the RFC 7807 ValidationProblemDetails contract
|
|
// in `_docs/02_document/contracts/api/error-shape.md` v1.0.0.
|
|
public static class TileInventoryValidationTests
|
|
{
|
|
private const string InventoryPath = "/api/satellite/tiles/inventory";
|
|
|
|
public static async Task RunAll(HttpClient httpClient)
|
|
{
|
|
RouteTestHelpers.PrintTestHeader("Test: Inventory endpoint strict validation (AZ-796)");
|
|
|
|
await HappyPath_Returns200(httpClient);
|
|
|
|
// Rule 1: body present
|
|
await EmptyBody_Returns400(httpClient);
|
|
// Rule 2: tiles required (one of tiles/locationHashes must be populated)
|
|
await NeitherPopulated_Returns400(httpClient);
|
|
await BothPopulated_Returns400(httpClient);
|
|
// Rule 3: tiles non-empty
|
|
await EmptyTilesArray_Returns400(httpClient);
|
|
// Rule 4: tiles max size
|
|
await TilesOverCap_Returns400(httpClient);
|
|
// Rule 5: each entry has z, x, y
|
|
await MissingZ_Returns400WithFieldPath(httpClient);
|
|
await MissingXAndY_Returns400(httpClient);
|
|
// Rule 6: non-negative integer fields
|
|
await NegativeAxis_Returns400(httpClient);
|
|
await TypeMismatch_Returns400(httpClient);
|
|
// Rule 7: z within supported zoom range
|
|
await ZoomOutOfRange_Returns400WithFieldPath(httpClient);
|
|
// Rule 8: x / y within tile-axis bounds
|
|
await XBeyondZoomBounds_Returns400(httpClient);
|
|
await YBeyondZoomBounds_Returns400(httpClient);
|
|
// Rule 9: unknown fields rejected
|
|
await UnknownRootField_Returns400(httpClient);
|
|
await UnknownNestedField_Returns400(httpClient);
|
|
await OldV1FieldName_Returns400(httpClient);
|
|
|
|
Console.WriteLine("✓ Inventory validation tests: PASSED");
|
|
}
|
|
|
|
private static async Task HappyPath_Returns200(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796: well-formed request with z/x/y triple → HTTP 200");
|
|
|
|
// Arrange
|
|
const string body = """{"tiles":[{"z":18,"x":1,"y":1}]}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
|
|
// Assert
|
|
if (response.StatusCode != HttpStatusCode.OK)
|
|
{
|
|
var errorBody = await response.Content.ReadAsStringAsync();
|
|
throw new Exception($"AZ-796 happy path: expected 200, got {(int)response.StatusCode}. Body: {errorBody}");
|
|
}
|
|
|
|
Console.WriteLine(" ✓ Valid {z, x, y} request returns HTTP 200");
|
|
}
|
|
|
|
private static async Task EmptyBody_Returns400(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796 rule 1: empty body → HTTP 400");
|
|
|
|
// Arrange — POST with zero-byte body and JSON content type. The framework
|
|
// rejects the missing required body parameter before any handler/filter
|
|
// runs, so the response is basic RFC 7807 ProblemDetails with no `errors`
|
|
// map (vs. ValidationProblemDetails on field-level violations).
|
|
var content = new StringContent(string.Empty, Encoding.UTF8, "application/json");
|
|
|
|
// Act
|
|
var response = await httpClient.PostAsync(InventoryPath, content);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 empty body");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertProblemDetails(problem, expectedStatus: 400, label: "AZ-796 empty body");
|
|
|
|
Console.WriteLine(" ✓ Empty body rejected with HTTP 400 + ProblemDetails");
|
|
}
|
|
|
|
private static async Task NeitherPopulated_Returns400(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796 rule 2: neither tiles nor locationHashes populated → HTTP 400");
|
|
|
|
// Arrange
|
|
const string body = """{}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 neither populated");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(
|
|
problem,
|
|
expectedStatus: 400,
|
|
label: "AZ-796 neither populated",
|
|
expectedErrorPath: "$");
|
|
|
|
Console.WriteLine(" ✓ Empty object rejected with errors[\"$\"] (XOR rule)");
|
|
}
|
|
|
|
private static async Task BothPopulated_Returns400(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796 rule 2: both tiles and locationHashes populated → HTTP 400");
|
|
|
|
// Arrange
|
|
const string body = """{"tiles":[{"z":18,"x":1,"y":1}],"locationHashes":["00000000-0000-0000-0000-000000000000"]}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 both populated");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(
|
|
problem,
|
|
expectedStatus: 400,
|
|
label: "AZ-796 both populated",
|
|
expectedErrorPath: "$");
|
|
|
|
Console.WriteLine(" ✓ Both populated rejected with errors[\"$\"] (XOR rule)");
|
|
}
|
|
|
|
private static async Task EmptyTilesArray_Returns400(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796 rule 3: empty tiles array → HTTP 400");
|
|
|
|
// Arrange — XOR rule treats empty arrays as not-populated
|
|
const string body = """{"tiles":[]}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 empty tiles array");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(
|
|
problem,
|
|
expectedStatus: 400,
|
|
label: "AZ-796 empty tiles array",
|
|
expectedErrorPath: "$");
|
|
|
|
Console.WriteLine(" ✓ Empty tiles array rejected with HTTP 400");
|
|
}
|
|
|
|
private static async Task TilesOverCap_Returns400(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796 rule 4: > 5000 tile entries → HTTP 400");
|
|
|
|
// Arrange — TileInventoryLimits.MaxEntriesPerRequest is 5000
|
|
var sb = new StringBuilder();
|
|
sb.Append("""{"tiles":[""");
|
|
for (var i = 0; i < 5001; i++)
|
|
{
|
|
if (i > 0) sb.Append(',');
|
|
sb.Append("""{"z":18,"x":1,"y":1}""");
|
|
}
|
|
sb.Append("]}");
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, sb.ToString());
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 over cap");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(
|
|
problem,
|
|
expectedStatus: 400,
|
|
label: "AZ-796 over cap",
|
|
expectedErrorPath: "tiles");
|
|
|
|
Console.WriteLine(" ✓ 5001-entry tiles array rejected with errors[\"tiles\"]");
|
|
}
|
|
|
|
private static async Task MissingZ_Returns400WithFieldPath(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796: missing `z` → HTTP 400 with structured errors map");
|
|
|
|
// Arrange — JsonRequired on TileCoord.Z catches this at the deserializer layer.
|
|
const string body = """{"tiles":[{"x":1,"y":1}]}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 missing z");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-796 missing z");
|
|
AssertErrorsContainsMention(problem, expectedMention: "z", label: "AZ-796 missing z");
|
|
|
|
Console.WriteLine(" ✓ Missing `z` rejected with errors map mentioning the field");
|
|
}
|
|
|
|
private static async Task MissingXAndY_Returns400(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796: missing `x` and `y` → HTTP 400");
|
|
|
|
// Arrange
|
|
const string body = """{"tiles":[{"z":18}]}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 missing x/y");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-796 missing x/y");
|
|
|
|
Console.WriteLine(" ✓ Missing `x` and `y` rejected with HTTP 400");
|
|
}
|
|
|
|
private static async Task ZoomOutOfRange_Returns400WithFieldPath(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796: z out of slippy-map range → HTTP 400 with errors[\"tiles[0].z\"]");
|
|
|
|
// Arrange — z=30 is beyond the supported max of 22
|
|
const string body = """{"tiles":[{"z":30,"x":0,"y":0}]}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 z=30");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(
|
|
problem,
|
|
expectedStatus: 400,
|
|
label: "AZ-796 z=30",
|
|
expectedErrorPath: "tiles[0].z",
|
|
expectedErrorContains: "between 0 and 22");
|
|
|
|
Console.WriteLine(" ✓ z=30 rejected with errors[\"tiles[0].z\"] mentioning range");
|
|
}
|
|
|
|
private static async Task XBeyondZoomBounds_Returns400(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796: x ≥ 2^z → HTTP 400");
|
|
|
|
// Arrange — at z=2, valid x is 0..3; x=4 is invalid
|
|
const string body = """{"tiles":[{"z":2,"x":4,"y":0}]}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 x=4 z=2");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(
|
|
problem,
|
|
expectedStatus: 400,
|
|
label: "AZ-796 x=4 z=2",
|
|
expectedErrorPath: "tiles[0].x");
|
|
|
|
Console.WriteLine(" ✓ x=4 at z=2 rejected with errors[\"tiles[0].x\"]");
|
|
}
|
|
|
|
private static async Task YBeyondZoomBounds_Returns400(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796: y ≥ 2^z → HTTP 400");
|
|
|
|
// Arrange — at z=0, valid y is 0..0; y=1 is invalid
|
|
const string body = """{"tiles":[{"z":0,"x":0,"y":1}]}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 y=1 z=0");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(
|
|
problem,
|
|
expectedStatus: 400,
|
|
label: "AZ-796 y=1 z=0",
|
|
expectedErrorPath: "tiles[0].y");
|
|
|
|
Console.WriteLine(" ✓ y=1 at z=0 rejected with errors[\"tiles[0].y\"]");
|
|
}
|
|
|
|
private static async Task NegativeAxis_Returns400(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796: negative coordinate → HTTP 400");
|
|
|
|
// Arrange
|
|
const string body = """{"tiles":[{"z":18,"x":-1,"y":0}]}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 x=-1");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(
|
|
problem,
|
|
expectedStatus: 400,
|
|
label: "AZ-796 x=-1",
|
|
expectedErrorPath: "tiles[0].x");
|
|
|
|
Console.WriteLine(" ✓ x=-1 rejected with errors[\"tiles[0].x\"]");
|
|
}
|
|
|
|
private static async Task UnknownRootField_Returns400(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796: unknown root field → HTTP 400 (UnmappedMemberHandling.Disallow)");
|
|
|
|
// Arrange
|
|
const string body = """{"unknownField":42,"tiles":[{"z":18,"x":1,"y":1}]}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 unknown root field");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-796 unknown root field");
|
|
AssertErrorsContainsMention(problem, expectedMention: "unknownField", label: "AZ-796 unknown root field");
|
|
|
|
Console.WriteLine(" ✓ Unknown root field rejected; errors map names the field");
|
|
}
|
|
|
|
private static async Task UnknownNestedField_Returns400(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796: unknown nested field on tile entry → HTTP 400");
|
|
|
|
// Arrange
|
|
const string body = """{"tiles":[{"z":18,"x":1,"y":1,"foo":42}]}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 unknown nested field");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-796 unknown nested field");
|
|
AssertErrorsContainsMention(problem, expectedMention: "foo", label: "AZ-796 unknown nested field");
|
|
|
|
Console.WriteLine(" ✓ Unknown nested field rejected; errors map names the field");
|
|
}
|
|
|
|
private static async Task OldV1FieldName_Returns400(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-794 + AZ-796: legacy `tileZoom`/`tileX`/`tileY` field name → HTTP 400");
|
|
|
|
// Arrange — exact AZ-777 Phase 1 reproduction; v1 callers must now fail explicitly
|
|
// instead of silently coercing to (0,0,0).
|
|
const string body = """{"tiles":[{"tileZoom":18,"tileX":1,"tileY":1}]}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-794 legacy field");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-794 legacy field");
|
|
AssertErrorsContainsMention(problem, expectedMention: "tileZoom", label: "AZ-794 legacy field");
|
|
|
|
Console.WriteLine(" ✓ Legacy v1.x field names rejected with explicit error (no silent coercion)");
|
|
}
|
|
|
|
private static async Task TypeMismatch_Returns400(HttpClient httpClient)
|
|
{
|
|
Console.WriteLine();
|
|
Console.WriteLine("AZ-796: type mismatch (string where integer expected) → HTTP 400");
|
|
|
|
// Arrange
|
|
const string body = """{"tiles":[{"z":"eighteen","x":1,"y":1}]}""";
|
|
|
|
// Act
|
|
var response = await PostJsonAsync(httpClient, body);
|
|
var problem = await ProblemDetailsAssertions.ReadProblemDetailsAsync(response, "AZ-796 type mismatch");
|
|
|
|
// Assert
|
|
ProblemDetailsAssertions.AssertValidationProblem(problem, expectedStatus: 400, label: "AZ-796 type mismatch");
|
|
|
|
Console.WriteLine(" ✓ String-where-int rejected with HTTP 400");
|
|
}
|
|
|
|
private static Task<HttpResponseMessage> PostJsonAsync(HttpClient httpClient, string body)
|
|
{
|
|
var content = new StringContent(body, Encoding.UTF8, "application/json");
|
|
return httpClient.PostAsync(InventoryPath, content);
|
|
}
|
|
|
|
private static void AssertErrorsContainsMention(JsonElement problem, string expectedMention, string label)
|
|
{
|
|
if (!problem.TryGetProperty("errors", out var errorsEl) || errorsEl.ValueKind != JsonValueKind.Object)
|
|
{
|
|
throw new Exception($"{label}: expected 'errors' object in ProblemDetails body.");
|
|
}
|
|
|
|
var found = false;
|
|
foreach (var prop in errorsEl.EnumerateObject())
|
|
{
|
|
if (prop.Name.Contains(expectedMention, StringComparison.OrdinalIgnoreCase))
|
|
{
|
|
found = true;
|
|
break;
|
|
}
|
|
|
|
foreach (var msg in prop.Value.EnumerateArray())
|
|
{
|
|
if (msg.GetString()?.Contains(expectedMention, StringComparison.OrdinalIgnoreCase) == true)
|
|
{
|
|
found = true;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (found) break;
|
|
}
|
|
|
|
if (!found)
|
|
{
|
|
var paths = string.Join(", ", errorsEl.EnumerateObject().Select(p => p.Name));
|
|
throw new Exception($"{label}: expected '{expectedMention}' to appear in errors keys or messages. Available paths: {paths}.");
|
|
}
|
|
}
|
|
}
|