mirror of
https://github.com/azaion/satellite-provider.git
synced 2026-06-21 22:31:14 +00:00
Oleksandr Bezdieniezhnykh
5e056b2334
Third concrete child of AZ-795 (cycle 8 batch 3). FluentValidation +
[JsonRequired] + UnmappedMemberHandling.Disallow combine to reject every
malformed payload at the API boundary with RFC 7807 ValidationProblemDetails.
Validators (SatelliteProvider.Api/Validators/, all new)
- CreateRouteRequestValidator: id non-empty, name/description length,
regionSizeMeters/zoomLevel ranges, points count [2, 500], cross-field
createTilesZip => requestMaps. Chains RoutePointValidator (per-point)
and GeofencePolygonValidator (per-polygon, guarded by When(Geofences != null)).
OverridePropertyName("geofences.polygons") on the geofences chain so
FluentValidation's default leaf-only key policy doesn't drop the parent
path on deep expressions like req.Geofences!.Polygons.
- RoutePointValidator: lat/lon ranges; OverridePropertyName("lat"/"lon")
chained AFTER InclusiveBetween (the extension is defined on
IRuleBuilderOptions<T, TProperty>, so the generic type is only
inferable after the first concrete rule) so error keys match the
wire format (`points[i].lat`) rather than the C# property name
(`points[i].latitude`).
- GeofencePolygonValidator: per-corner range checks via private nested
GeoCornerValidator; cross-field NW.Lat > SE.Lat and NW.Lon < SE.Lon
invariants emit at errors["geofences.polygons[i].northWest"].
DTOs (SatelliteProvider.Common/DTO/, [JsonRequired] additions only)
- CreateRouteRequest: id, name, regionSizeMeters, zoomLevel, points,
requestMaps, createTilesZip
- RoutePoint: Latitude, Longitude
- GeofencePolygon: NorthWest, SouthEast; Geofences: Polygons
- GeoPoint: Lat, Lon
Tests
- Unit: 26 methods total — 16 in CreateRouteRequestValidatorTests, 6 in
GeofencePolygonValidatorTests, 4 in RoutePointValidatorTests. Each
RuleFor/RuleForEach chain has at least one positive + one negative case.
- Integration: CreateRouteValidationTests.cs — 16 methods (happy + 15
failure modes) wired into smoke + full suites. Covers empty body,
missing/zero id, empty name, out-of-range regionSizeMeters/zoomLevel,
points count < 2, per-point lat/lon out-of-range, geofence invariants,
missing requestMaps, cross-field createTilesZip, unknown root field,
nested type mismatch.
- Manual probe: scripts/probe_route_validation.sh curl-exercises every
failure mode end-to-end + happy path.
Docs
- New contract _docs/02_document/contracts/api/route-creation.md v1.0.0
with nested DTO chain, invariants, per-field test cases table, and
advisories on the legacy service-layer RouteValidator + the
input/output RoutePoint vs RoutePointDto naming asymmetry.
- system-flows.md F4 sequence diagram extended with the validation-filter
branch; preconditions + error scenarios reference the new contract.
- modules/api_program.md: CreateRoute handler section added; Api/Validators
bumped to AZ-808/AZ-809/AZ-811.
- modules/common_dtos.md: DTO descriptions updated with [JsonRequired]
annotations and constraint summaries.
- tests/blackbox-tests.md BT-06/BT-N03/BT-N04/BT-N05 align with the new
wire format and named error keys.
- tests/security-tests.md SEC-04 references GlobalExceptionHandler's
JsonException branch + AZ-353 correlationId.
- _docs/03_implementation/batch_03_cycle8_report.md + reviews/batch_03_cycle8_review.md
(PASS_WITH_NOTES — F1 Low: OverridePropertyName documented inline,
F2 + F3 Info: pre-existing advisories for follow-up).
Smoke green (mode=smoke, exit 0). AZ-809 transitioned to In Testing on Jira.
Task file moved to _docs/02_tasks/done/.
Co-authored-by: Cursor <cursoragent@cursor.com>
91 lines
4.4 KiB
C#
91 lines
4.4 KiB
C#
using FluentValidation;
|
|
using SatelliteProvider.Common.DTO;
|
|
|
|
namespace SatelliteProvider.Api.Validators;
|
|
|
|
// AZ-809: FluentValidation rules for POST /api/satellite/route. Wired
|
|
// through ValidationEndpointFilter<CreateRouteRequest> at endpoint
|
|
// registration time (.WithValidation<CreateRouteRequest>() in Program.cs).
|
|
// Failures are converted to RFC 7807 ValidationProblemDetails per
|
|
// _docs/02_document/contracts/api/error-shape.md v1.0.0.
|
|
//
|
|
// Required-field detection is handled at the deserializer level via
|
|
// [JsonRequired] on CreateRouteRequest, RoutePoint, GeofencePolygon, and
|
|
// GeoPoint, plus JsonSerializerOptions.UnmappedMemberHandling.Disallow
|
|
// (AZ-795 global). This validator covers post-deserialization business
|
|
// rules: non-zero id, name + description length, range checks on size /
|
|
// zoom / points-count, per-point lat/lon ranges (via RoutePointValidator),
|
|
// per-polygon corner ranges + NW-of-SE invariant (via GeofencePolygonValidator),
|
|
// and the cross-field createTilesZip-implies-requestMaps rule.
|
|
public sealed class CreateRouteRequestValidator : AbstractValidator<CreateRouteRequest>
|
|
{
|
|
private const double MinRegionSizeMeters = 100.0;
|
|
private const double MaxRegionSizeMeters = 10000.0;
|
|
private const int MinZoom = 0;
|
|
private const int MaxZoom = 22;
|
|
private const int MinPoints = 2;
|
|
private const int MaxPoints = 500;
|
|
private const int MaxNameLength = 200;
|
|
private const int MaxDescriptionLength = 1000;
|
|
|
|
public CreateRouteRequestValidator()
|
|
{
|
|
RuleFor(req => req.Id)
|
|
.NotEmpty()
|
|
.WithMessage("`id` must be a non-zero GUID (the caller's idempotency key).");
|
|
|
|
RuleFor(req => req.Name)
|
|
.NotEmpty()
|
|
.WithMessage("`name` is required and must not be empty or whitespace.")
|
|
.MaximumLength(MaxNameLength)
|
|
.WithMessage($"`name` must be at most {MaxNameLength} characters.");
|
|
|
|
RuleFor(req => req.Description)
|
|
.MaximumLength(MaxDescriptionLength)
|
|
.When(req => req.Description is not null)
|
|
.WithMessage($"`description` must be at most {MaxDescriptionLength} characters.");
|
|
|
|
RuleFor(req => req.RegionSizeMeters)
|
|
.InclusiveBetween(MinRegionSizeMeters, MaxRegionSizeMeters)
|
|
.WithMessage($"`regionSizeMeters` must be between {MinRegionSizeMeters} and {MaxRegionSizeMeters} meters.");
|
|
|
|
RuleFor(req => req.ZoomLevel)
|
|
.InclusiveBetween(MinZoom, MaxZoom)
|
|
.WithMessage($"`zoomLevel` must be between {MinZoom} and {MaxZoom} (slippy-map range).");
|
|
|
|
RuleFor(req => req.Points)
|
|
.NotNull().WithMessage("`points` is required.")
|
|
.Must(p => p is null || p.Count >= MinPoints)
|
|
.WithMessage($"`points` must contain at least {MinPoints} entries.")
|
|
.Must(p => p is null || p.Count <= MaxPoints)
|
|
.WithMessage($"`points` must contain at most {MaxPoints} entries.");
|
|
|
|
RuleForEach(req => req.Points)
|
|
.SetValidator(new RoutePointValidator());
|
|
|
|
// Geofences are optional; per-polygon rules apply only when present.
|
|
// FluentValidation's default property-name policy drops the parent
|
|
// chain on deep expressions like `req.Geofences!.Polygons` — it emits
|
|
// only the leaf `polygons`. We OverridePropertyName explicitly so the
|
|
// wire-format error keys match the JSON path callers actually post:
|
|
// `errors["geofences.polygons"]` and `errors["geofences.polygons[i].…"]`.
|
|
When(req => req.Geofences is not null, () =>
|
|
{
|
|
RuleFor(req => req.Geofences!.Polygons)
|
|
.NotNull().WithMessage("`geofences.polygons` is required when `geofences` is present.")
|
|
.NotEmpty().WithMessage("`geofences.polygons` must contain at least 1 polygon when `geofences` is present.")
|
|
.OverridePropertyName("geofences.polygons");
|
|
|
|
RuleForEach(req => req.Geofences!.Polygons)
|
|
.SetValidator(new GeofencePolygonValidator())
|
|
.OverridePropertyName("geofences.polygons");
|
|
});
|
|
|
|
// Cross-field invariant: cannot zip what wasn't downloaded.
|
|
RuleFor(req => req)
|
|
.Must(req => !(req.CreateTilesZip && !req.RequestMaps))
|
|
.WithName("createTilesZip")
|
|
.WithMessage("`createTilesZip` requires `requestMaps` to be true (can't zip what wasn't downloaded).");
|
|
}
|
|
}
|