lat lon validation

backend/routes/items.js

@@ -2,6 +2,7 @@ const express = require("express");
 const { Op, Sequelize } = require("sequelize");
 const { Item, User, Rental, sequelize } = require("../models"); // Import from models/index.js to get models with associations
 const { authenticateToken, requireVerifiedEmail, requireAdmin, optionalAuth } = require("../middleware/auth");
+const { validateCoordinatesQuery, validateCoordinatesBody, handleValidationErrors } = require("../middleware/validation");
 const logger = require("../utils/logger");
 const { validateS3Keys } = require("../utils/s3KeyValidator");
 const { IMAGE_LIMITS } = require("../config/imageLimits");
@@ -53,7 +54,7 @@ function extractAllowedFields(body) {
   return result;
 }
 
-router.get("/", async (req, res, next) => {
+router.get("/", validateCoordinatesQuery, async (req, res, next) => {
   try {
     const {
       minPrice,
@@ -327,7 +328,7 @@ router.get("/:id", optionalAuth, async (req, res, next) => {
   }
 });
 
-router.post("/", authenticateToken, requireVerifiedEmail, async (req, res, next) => {
+router.post("/", authenticateToken, requireVerifiedEmail, ...validateCoordinatesBody, handleValidationErrors, async (req, res, next) => {
   try {
     // Extract only allowed fields (prevents mass assignment)
     const allowedData = extractAllowedFields(req.body);
@@ -435,7 +436,7 @@ router.post("/", authenticateToken, requireVerifiedEmail, async (req, res, next)
   }
 });
 
-router.put("/:id", authenticateToken, async (req, res, next) => {
+router.put("/:id", authenticateToken, ...validateCoordinatesBody, handleValidationErrors, async (req, res, next) => {
   try {
     const item = await Item.findByPk(req.params.id);