lat lon validation

backend/routes/forum.js

@@ -2,6 +2,7 @@ const express = require('express');
 const { Op } = require('sequelize');
 const { ForumPost, ForumComment, PostTag, User } = require('../models');
 const { authenticateToken, requireAdmin, optionalAuth } = require('../middleware/auth');
+const { validateCoordinatesBody, handleValidationErrors } = require('../middleware/validation');
 const logger = require('../utils/logger');
 const emailServices = require('../services/email');
 const googleMapsService = require('../services/googleMapsService');
@@ -239,7 +240,7 @@ router.get('/posts/:id', optionalAuth, async (req, res, next) => {
 });
 
 // POST /api/forum/posts - Create new post
-router.post('/posts', authenticateToken, async (req, res, next) => {
+router.post('/posts', authenticateToken, ...validateCoordinatesBody, handleValidationErrors, async (req, res, next) => {
   try {
     // Require email verification
     if (!req.user.isVerified) {

backend/routes/items.js

@@ -2,6 +2,7 @@ const express = require("express");
 const { Op, Sequelize } = require("sequelize");
 const { Item, User, Rental, sequelize } = require("../models"); // Import from models/index.js to get models with associations
 const { authenticateToken, requireVerifiedEmail, requireAdmin, optionalAuth } = require("../middleware/auth");
+const { validateCoordinatesQuery, validateCoordinatesBody, handleValidationErrors } = require("../middleware/validation");
 const logger = require("../utils/logger");
 const { validateS3Keys } = require("../utils/s3KeyValidator");
 const { IMAGE_LIMITS } = require("../config/imageLimits");
@@ -53,7 +54,7 @@ function extractAllowedFields(body) {
   return result;
 }
 
-router.get("/", async (req, res, next) => {
+router.get("/", validateCoordinatesQuery, async (req, res, next) => {
   try {
     const {
       minPrice,
@@ -327,7 +328,7 @@ router.get("/:id", optionalAuth, async (req, res, next) => {
   }
 });
 
-router.post("/", authenticateToken, requireVerifiedEmail, async (req, res, next) => {
+router.post("/", authenticateToken, requireVerifiedEmail, ...validateCoordinatesBody, handleValidationErrors, async (req, res, next) => {
   try {
     // Extract only allowed fields (prevents mass assignment)
     const allowedData = extractAllowedFields(req.body);
@@ -435,7 +436,7 @@ router.post("/", authenticateToken, requireVerifiedEmail, async (req, res, next)
   }
 });
 
-router.put("/:id", authenticateToken, async (req, res, next) => {
+router.put("/:id", authenticateToken, ...validateCoordinatesBody, handleValidationErrors, async (req, res, next) => {
   try {
     const item = await Item.findByPk(req.params.id);
 

backend/routes/users.js

@@ -1,6 +1,7 @@
 const express = require('express');
 const { User, UserAddress } = require('../models'); // Import from models/index.js to get models with associations
 const { authenticateToken, optionalAuth, requireAdmin } = require('../middleware/auth');
+const { validateCoordinatesBody, handleValidationErrors } = require('../middleware/validation');
 const logger = require('../utils/logger');
 const userService = require('../services/UserService');
 const { validateS3Keys } = require('../utils/s3KeyValidator');
@@ -109,7 +110,7 @@ router.get('/addresses', authenticateToken, async (req, res, next) => {
   }
 });
 
-router.post('/addresses', authenticateToken, async (req, res, next) => {
+router.post('/addresses', authenticateToken, ...validateCoordinatesBody, handleValidationErrors, async (req, res, next) => {
   try {
     // Extract only allowed fields (prevents mass assignment)
     const allowedData = extractAllowedAddressFields(req.body);
@@ -128,7 +129,7 @@ router.post('/addresses', authenticateToken, async (req, res, next) => {
   }
 });
 
-router.put('/addresses/:id', authenticateToken, async (req, res, next) => {
+router.put('/addresses/:id', authenticateToken, ...validateCoordinatesBody, handleValidationErrors, async (req, res, next) => {
   try {
     // Extract only allowed fields (prevents mass assignment)
     const allowedData = extractAllowedAddressFields(req.body);