Add coordinate validation and ESLint integration

- Add explicit latitude/longitude validation in location submissions - Implement ESLint with TypeScript support and flat config - Auto-fix 621 formatting issues across codebase - Add comprehensive tests for coordinate validation - Update documentation with lint scripts and validation rules - Maintain 128 passing tests with enhanced security 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-05 22:12:37 -04:00 · 2025-07-05 22:12:37 -04:00 · 30fdd72cc5
commit 30fdd72cc5
parent 5176636f6d
20 changed files with 2171 additions and 599 deletions
--- a/tests/integration/routes/admin.test.ts
+++ b/tests/integration/routes/admin.test.ts
@ -35,12 +35,12 @@ describe('Admin API Routes', () => {
      if (!authHeader) {
        return res.status(401).json({ error: 'Access denied' });
      }
-      
+
      const token = authHeader.split(' ')[1];
      if (!token || !authHeader.startsWith('Bearer ')) {
        return res.status(401).json({ error: 'Access denied' });
      }
-      
+
      // Simple token validation for testing
      if (token === authToken) {
        next();
@ -59,7 +59,7 @@ describe('Admin API Routes', () => {
    const loginResponse = await request(app)
      .post('/api/admin/login')
      .send({ password: 'test_admin_password' });
-    
+
    authToken = loginResponse.body.token;
  });

@ -69,7 +69,7 @@ describe('Admin API Routes', () => {
      closedCount++;
      if (closedCount === 2) done();
    };
-    
+
    db.close(checkBothClosed);
    profanityDb.close(checkBothClosed);
  });
@ -481,7 +481,7 @@ describe('Admin API Routes', () => {
      // Create a new app with broken database to simulate error
      const brokenApp = express();
      brokenApp.use(express.json());
-      
+
      // Create a broken location model that throws errors
      const brokenLocationModel = {
        getAll: jest.fn().mockRejectedValue(new Error('Database error'))
@ -497,7 +497,7 @@ describe('Admin API Routes', () => {
      const loginResponse = await request(brokenApp)
        .post('/api/admin/login')
        .send({ password: 'test_admin_password' });
-      
+
      const brokenAuthToken = loginResponse.body.token;

      const response = await request(brokenApp)
@ -554,7 +554,7 @@ describe('Admin API Routes', () => {

    it('should handle expired/tampered tokens gracefully', async () => {
      const tamperedToken = authToken.slice(0, -5) + 'XXXXX';
-      
+
      const response = await request(app)
        .get('/api/admin/locations')
        .set('Authorization', `Bearer ${tamperedToken}`)
--- a/tests/integration/routes/public.test.ts
+++ b/tests/integration/routes/public.test.ts
@ -121,7 +121,7 @@ describe('Public API Routes', () => {
      // Create a new app with broken database to simulate error
      const brokenApp = express();
      brokenApp.use(express.json());
-      
+
      // Create a broken location model that throws errors
      const brokenLocationModel = {
        getActive: jest.fn().mockRejectedValue(new Error('Database error'))
@ -341,9 +341,9 @@ describe('Public API Routes', () => {

      const response = await request(app)
        .post('/api/locations')
-        .send({ 
+        .send({
          address: 'Test Address',
-          description: longDescription 
+          description: longDescription
        })
        .expect(400);

@ -372,5 +372,64 @@ describe('Public API Routes', () => {

      expect(response.body.address).toBe(unicodeAddress);
    });
+
+    it('should reject invalid latitude values', async () => {
+      const invalidLatitudes = [91, -91, 'invalid', null, true, []];
+
+      for (const latitude of invalidLatitudes) {
+        const response = await request(app)
+          .post('/api/locations')
+          .send({
+            address: 'Test Address',
+            latitude: latitude,
+            longitude: -85.6681
+          })
+          .expect(400);
+
+        expect(response.body).toHaveProperty('error');
+        expect(response.body.error).toBe('Latitude must be a number between -90 and 90');
+      }
+    });
+
+    it('should reject invalid longitude values', async () => {
+      const invalidLongitudes = [181, -181, 'invalid', null, true, []];
+
+      for (const longitude of invalidLongitudes) {
+        const response = await request(app)
+          .post('/api/locations')
+          .send({
+            address: 'Test Address',
+            latitude: 42.9634,
+            longitude: longitude
+          })
+          .expect(400);
+
+        expect(response.body).toHaveProperty('error');
+        expect(response.body.error).toBe('Longitude must be a number between -180 and 180');
+      }
+    });
+
+    it('should accept valid latitude and longitude values', async () => {
+      const validCoordinates = [
+        { latitude: 0, longitude: 0 },
+        { latitude: 90, longitude: 180 },
+        { latitude: -90, longitude: -180 },
+        { latitude: 42.9634, longitude: -85.6681 }
+      ];
+
+      for (const coords of validCoordinates) {
+        const response = await request(app)
+          .post('/api/locations')
+          .send({
+            address: 'Test Address',
+            latitude: coords.latitude,
+            longitude: coords.longitude
+          })
+          .expect(200);
+
+        expect(response.body.latitude).toBe(coords.latitude);
+        expect(response.body.longitude).toBe(coords.longitude);
+      }
+    });
  });
 });