Implement Request Validation Middleware (#112)

[Adedayo-Data]

Overview

Closes #112 — adds comprehensive request validation across all backend endpoints using Joi schemas and a centralized validation middleware.

What Was Already Done

• middleware/validation.js existed with validate, validateQuery, validateParams helpers
• schemas/auth.js had basic register/login schemas (wired correctly)
• schemas/payment.js had a comprehensive processPaymentSchema
• routes/auth.js was correctly wired with validation

What This PR Fixes & Adds

middleware/validation.js

• Set abortEarly: false so all field errors are returned at once instead of just the first
• Standardised error response shape to { errors: [{ field, message }] } across all three validators (validate, validateQuery, validateParams)

schemas/auth.js

• Added password strength enforcement (min 8 chars, requires uppercase, lowercase, digit, special char)
• Added .messages() with user-friendly text on all fields
• Added alphanumeric pattern constraint on tag

schemas/balance.js

• Replaced all Joi.any() fields with properly typed validators (string, number, etc.)
• Added positive/min constraints and meaningful error messages

schemas/transaction.js

• Replaced all Joi.any() fields in transactionSchema with typed, validated fields
• Added enum validation for type and status fields
• Enhanced transactionQuerySchema with .messages()

schemas/kyc.js (was completely empty)

• Implemented kycCreateSchema — all required identity fields (first_name, last_name, dob, country, id_type, id_number)
• Implemented kycUpdateSchema — partial update schema (minimum 1 field required)

schemas/user.js (new)

• editProfileSchema — validates the profile edit endpoint; whitelists only safe fields (tag, phone, avatar_url, full_name), preventing mass assignment

schemas/wallet.js (new)

• sendToTagSchema — validates tag format, positive amount, and balance ID
• sendToWalletSchema — validates receiver address, positive amount, and balance ID

Route Wiring

Route	Change
POST /transactions/payment	Added validate(processPaymentSchema) — was missing
POST /kycs/	Added validate(kycCreateSchema)
PUT /kycs/:id	Added validate(kycUpdateSchema)
POST /balances/	Added validate(balanceCreateSchema)
POST /users/profile	Added validate(editProfileSchema)
POST /wallets/send-to-tag	Added validate(sendToTagSchema)
POST /wallets/send-to-wallet	Added validate(sendToWalletSchema)

Tests (tests/validation.test.js) (new)

• 30+ test cases using Jest + Supertest against a minimal Express app (no database required)
• Covers: auth register/login, payment body, KYC create, wallet send-to-tag, wallet send-to-wallet, transaction query params, balance create, user profile edit
• Each schema tested for: missing required fields, invalid formats, boundary values, and valid pass-through

Files Changed

backend/middleware/validation.js — modified
backend/schemas/auth.js — modified
backend/schemas/balance.js — modified
backend/schemas/transaction.js — modified
backend/schemas/kyc.js — modified (was empty)
backend/schemas/user.js — new
backend/schemas/wallet.js — new
backend/routes/transactions.js — modified
backend/routes/kycs.js — modified
backend/routes/balances.js — modified
backend/routes/users.js — modified
backend/routes/wallets.js — modified
backend/tests/validation.test.js — new
backend/package.json — added jest + supertest dev deps, test script

How to Run Tests

cd backend
pnpm install
pnpm test

Validation Error Response Format

All validation failures now return a consistent shape:

{
  "errors": [
    { "field": "email", "message": "Please provide a valid email address" },
    { "field": "password", "message": "Password must be at least 8 characters long" }
  ]
}

[netlify]

👷 Deploy request for taggedpay pending review.

Visit the deploys page to approve it

Name	Link
🔨 Latest commit	d549801

[vercel]

@Adedayo-Data is attempting to deploy a commit to the llinsomoudu-gmailcom's projects Team on Vercel.

A member of the Team first needs to authorize it.