azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-21 22:11:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8fca6e02092efd5c917fcd6a3a93daca676aeac6
satellite-provider/SatelliteProvider.Api/Validators/UavTileMetadataValidator.cs
T
Oleksandr Bezdieniezhnykh 490902c80a [AZ-810] Strict validation for POST /api/satellite/upload metadata 
Adds the per-endpoint child of AZ-795 ("Strict Input Validation Epic")
for the UAV upload multipart endpoint. Three new validators land under
SatelliteProvider.Api/Validators/:

- UavTileBatchMetadataPayloadValidator: items NotNull + NotEmpty +
  count <= MaxBatchSize + RuleForEach dispatching to the per-item
  validator.
- UavTileMetadataValidator: lat / lon / tileZoom range, tileSizeMeters
  > 0, capturedAt within [now - MaxAgeDays, now + future-skew]; uses an
  injectable TimeProvider so unit tests can drive a fixed clock.
- UavUploadValidationFilter: IEndpointFilter that reads the multipart
  `metadata` form field, deserializes it with the strict global
  JsonSerializerOptions (so UnmappedMemberHandling.Disallow +
  [JsonRequired] from AZ-795 are honored), runs the FluentValidation
  chain, and enforces the cross-field `items.Count == files.Count`
  envelope rule. FluentValidation errors are prefixed with `metadata.`
  so wire keys look like `errors["metadata.items[0].latitude"]`.

[JsonRequired] is added to every non-optional axis on
UavTileMetadata and UavTileBatchMetadataPayload; FlightId stays
nullable per AZ-503 anonymous-flight semantics.

Coverage: 13 unit tests + 16 integration tests + 1 curl probe script
exercise the happy path and every failure mode. All 9 ACs covered;
no regression in AZ-488 UavUploadTests payloads (traced against the
new rules).

Documentation: uav-tile-upload.md bumped v1.1.0 -> v1.2.0 with the
new validation rules section + 400-shape examples + changelog entry.
api_program.md updated to describe the three new validators + filter
+ the AddTransient<UavUploadValidationFilter>() DI registration.

Reports: batch_04_cycle8_report.md + reviews/batch_04_cycle8_review.md
record the PASS_WITH_WARNINGS verdict (2 Low DRY-in-tests findings:
FixedTimeProvider duplication crossed the cycle-2 "promote to shared"
threshold; PostBatch helper duplicated between two integration
suites). Both deferred to follow-up PBIs.

Task spec archived: _docs/02_tasks/todo/AZ-810... -> done/.
Jira: AZ-810 transitioned In Progress -> In Testing.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-23 13:32:19 +03:00

68 lines
3.3 KiB
C#
Raw Blame History

using FluentValidation;
using Microsoft.Extensions.Options;
using SatelliteProvider.Common.Configs;
using SatelliteProvider.Common.DTO;
namespace SatelliteProvider.Api.Validators;
// AZ-810: per-item metadata validator for the UAV upload endpoint. Runs as
// a `RuleForEach.SetValidator(...)` chain child of `UavTileBatchMetadataPayloadValidator`,
// so error keys come out as `errors.metadata.items[i].latitude`, `…tileZoom`,
// `…capturedAt`, etc. once the `UavUploadValidationFilter` prefixes the result.
//
// CapturedAt freshness (rule 11) is the same window that
// `IUavTileQualityGate.Validate` enforces; running the same check at the API
// boundary lets us short-circuit before any file bytes are inspected. The
// gate remains as a defence-in-depth backstop for unit tests of the gate
// itself and for the unlikely path of a caller invoking
// `IUavTileUploadHandler` directly (bypassing the filter).
public sealed class UavTileMetadataValidator : AbstractValidator<UavTileMetadata>
{
private const double MinLat = -90.0;
private const double MaxLat = 90.0;
private const double MinLon = -180.0;
private const double MaxLon = 180.0;
private const int MinZoom = 0;
private const int MaxZoom = 22;
public UavTileMetadataValidator(IOptions<UavQualityConfig> qualityConfig, TimeProvider? timeProvider = null)
{
ArgumentNullException.ThrowIfNull(qualityConfig);
var cfg = qualityConfig.Value;
var tp = timeProvider ?? TimeProvider.System;
var maxAgeDays = cfg.MaxAgeDays;
var futureSkewSeconds = cfg.CapturedAtFutureSkewSeconds;
RuleFor(m => m.Latitude)
.InclusiveBetween(MinLat, MaxLat)
.WithMessage($"`latitude` must be between {MinLat} and {MaxLat}.");
RuleFor(m => m.Longitude)
.InclusiveBetween(MinLon, MaxLon)
.WithMessage($"`longitude` must be between {MinLon} and {MaxLon}.");
RuleFor(m => m.TileZoom)
.InclusiveBetween(MinZoom, MaxZoom)
.WithMessage($"`tileZoom` must be between {MinZoom} and {MaxZoom} (slippy-map range).");
RuleFor(m => m.TileSizeMeters)
.GreaterThan(0.0)
.WithMessage("`tileSizeMeters` must be greater than 0.");
// Freshness window: capturedAt ∈ [now - MaxAgeDays, now + CapturedAtFutureSkewSeconds].
// `Must` lambdas close over `tp` so the comparison fetches fresh
// time per call (rule executes at validation time, not constructor
// time). Equivalent to AZ-488 Rule 4 in UavTileQualityGate.
RuleFor(m => m.CapturedAt)
.Must(capturedAt => capturedAt.ToUniversalTime() <= tp.GetUtcNow().UtcDateTime.AddSeconds(futureSkewSeconds))
.WithMessage($"`capturedAt` must be within {futureSkewSeconds}s of the current time (no future-dated tiles).")
.Must(capturedAt => capturedAt.ToUniversalTime() >= tp.GetUtcNow().UtcDateTime.AddDays(-maxAgeDays))
.WithMessage($"`capturedAt` must be within the last {maxAgeDays} days.");
// `FlightId` is intentionally not validated beyond JSON shape — AZ-503
// anonymous-flight semantics require null/missing to be a valid case.
// System.Text.Json already rejects malformed UUID strings at the
// deserializer with `JsonException` → 400 via GlobalExceptionHandler.
}
}
Reference in New Issue View Git Blame Copy Permalink