hedgequantx 1.8.48 → 2.3.0

package/src/security/validation.js

@@ -3,10 +3,16 @@
  * @module security/validation
  */
 
+const { VALIDATION, SECURITY } = require('../config/settings');
+
 /**
- * Validation error class
+ * Validation error class with field information
  */
 class ValidationError extends Error {
+  /**
+   * @param {string} message - Error message
+   * @param {string} [field] - Field that failed validation
+   */
   constructor(message, field = null) {
     super(message);
     this.name = 'ValidationError';
@@ -15,45 +21,63 @@ class ValidationError extends Error {
 }
 
 /**
- * Validates username format
- * @param {string} username - Username to validate
- * @returns {boolean} True if valid
- * @throws {ValidationError} If invalid
+ * Validates a string against constraints
+ * @param {*} value - Value to validate
+ * @param {Object} opts - Validation options
+ * @returns {string} Validated and trimmed string
+ * @throws {ValidationError}
+ * @private
  */
-const validateUsername = (username) => {
-  if (!username || typeof username !== 'string') {
-    throw new ValidationError('Username is required', 'username');
+const validateString = (value, { field, min, max, pattern, patternMsg }) => {
+  if (!value || typeof value !== 'string') {
+    throw new ValidationError(`${field} is required`, field);
   }
   
-  const trimmed = username.trim();
+  const trimmed = value.trim();
   
-  if (trimmed.length < 3) {
-    throw new ValidationError('Username must be at least 3 characters', 'username');
+  if (trimmed.length < min) {
+    throw new ValidationError(`${field} must be at least ${min} characters`, field);
   }
   
-  if (trimmed.length > 50) {
-    throw new ValidationError('Username must be less than 50 characters', 'username');
+  if (trimmed.length > max) {
+    throw new ValidationError(`${field} must be less than ${max} characters`, field);
   }
   
-  // Allow alphanumeric, dots, underscores, hyphens, and @ for emails
-  if (!/^[a-zA-Z0-9._@-]+$/.test(trimmed)) {
-    throw new ValidationError('Username contains invalid characters', 'username');
+  if (pattern && !pattern.test(trimmed)) {
+    throw new ValidationError(patternMsg || `${field} contains invalid characters`, field);
   }
   
-  return true;
+  return trimmed;
 };
 
+/**
+ * Validates username format
+ * @param {string} username - Username to validate
+ * @returns {string} Validated username
+ * @throws {ValidationError}
+ */
+const validateUsername = (username) => validateString(username, {
+  field: 'Username',
+  min: VALIDATION.USERNAME_MIN,
+  max: VALIDATION.USERNAME_MAX,
+  pattern: VALIDATION.USERNAME_PATTERN,
+  patternMsg: 'Username contains invalid characters (allowed: letters, numbers, . _ @ -)',
+});
+
 /**
  * Validates password strength
  * @param {string} password - Password to validate
- * @param {Object} [options] - Validation options
- * @param {number} [options.minLength=6] - Minimum length
- * @param {boolean} [options.requireSpecial=false] - Require special character
+ * @param {Object} [options] - Override default requirements
  * @returns {boolean} True if valid
- * @throws {ValidationError} If invalid
+ * @throws {ValidationError}
  */
 const validatePassword = (password, options = {}) => {
-  const { minLength = 6, requireSpecial = false } = options;
+  const {
+    minLength = SECURITY.PASSWORD_MIN_LENGTH,
+    requireUppercase = SECURITY.PASSWORD_REQUIRE_UPPERCASE,
+    requireNumber = SECURITY.PASSWORD_REQUIRE_NUMBER,
+    requireSpecial = SECURITY.PASSWORD_REQUIRE_SPECIAL,
+  } = options;
   
   if (!password || typeof password !== 'string') {
     throw new ValidationError('Password is required', 'password');
@@ -63,8 +87,16 @@ const validatePassword = (password, options = {}) => {
     throw new ValidationError(`Password must be at least ${minLength} characters`, 'password');
   }
   
-  if (password.length > 128) {
-    throw new ValidationError('Password must be less than 128 characters', 'password');
+  if (password.length > SECURITY.PASSWORD_MAX_LENGTH) {
+    throw new ValidationError(`Password must be less than ${SECURITY.PASSWORD_MAX_LENGTH} characters`, 'password');
+  }
+  
+  if (requireUppercase && !/[A-Z]/.test(password)) {
+    throw new ValidationError('Password must contain at least one uppercase letter', 'password');
+  }
+  
+  if (requireNumber && !/\d/.test(password)) {
+    throw new ValidationError('Password must contain at least one number', 'password');
   }
   
   if (requireSpecial && !/[!@#$%^&*(),.?":{}|<>]/.test(password)) {
@@ -77,37 +109,21 @@ const validatePassword = (password, options = {}) => {
 /**
  * Validates API key format
  * @param {string} apiKey - API key to validate
- * @returns {boolean} True if valid
- * @throws {ValidationError} If invalid
+ * @returns {string} Validated API key
+ * @throws {ValidationError}
  */
-const validateApiKey = (apiKey) => {
-  if (!apiKey || typeof apiKey !== 'string') {
-    throw new ValidationError('API key is required', 'apiKey');
-  }
-  
-  const trimmed = apiKey.trim();
-  
-  if (trimmed.length < 10) {
-    throw new ValidationError('API key is too short', 'apiKey');
-  }
-  
-  if (trimmed.length > 256) {
-    throw new ValidationError('API key is too long', 'apiKey');
-  }
-  
-  // Allow alphanumeric and common API key characters
-  if (!/^[a-zA-Z0-9_-]+$/.test(trimmed)) {
-    throw new ValidationError('API key contains invalid characters', 'apiKey');
-  }
-  
-  return true;
-};
+const validateApiKey = (apiKey) => validateString(apiKey, {
+  field: 'API key',
+  min: VALIDATION.API_KEY_MIN,
+  max: VALIDATION.API_KEY_MAX,
+  pattern: VALIDATION.API_KEY_PATTERN,
+});
 
 /**
  * Validates account ID
  * @param {number|string} accountId - Account ID to validate
  * @returns {number} Validated account ID as integer
- * @throws {ValidationError} If invalid
+ * @throws {ValidationError}
  */
 const validateAccountId = (accountId) => {
   const id = parseInt(accountId, 10);
@@ -116,7 +132,7 @@ const validateAccountId = (accountId) => {
     throw new ValidationError('Invalid account ID', 'accountId');
   }
   
-  if (id > Number.MAX_SAFE_INTEGER) {
+  if (id > VALIDATION.ACCOUNT_ID_MAX) {
     throw new ValidationError('Account ID is too large', 'accountId');
   }
   
@@ -127,13 +143,11 @@ const validateAccountId = (accountId) => {
  * Validates order quantity
  * @param {number|string} quantity - Quantity to validate
  * @param {Object} [options] - Validation options
- * @param {number} [options.min=1] - Minimum quantity
- * @param {number} [options.max=1000] - Maximum quantity
  * @returns {number} Validated quantity as integer
- * @throws {ValidationError} If invalid
+ * @throws {ValidationError}
  */
 const validateQuantity = (quantity, options = {}) => {
-  const { min = 1, max = 1000 } = options;
+  const { min = VALIDATION.QUANTITY_MIN, max = VALIDATION.QUANTITY_MAX } = options;
   const qty = parseInt(quantity, 10);
   
   if (isNaN(qty)) {
@@ -155,7 +169,7 @@ const validateQuantity = (quantity, options = {}) => {
  * Validates price
  * @param {number|string} price - Price to validate
  * @returns {number} Validated price as float
- * @throws {ValidationError} If invalid
+ * @throws {ValidationError}
  */
 const validatePrice = (price) => {
   const p = parseFloat(price);
@@ -164,11 +178,11 @@ const validatePrice = (price) => {
     throw new ValidationError('Price must be a number', 'price');
   }
   
-  if (p < 0) {
+  if (p < VALIDATION.PRICE_MIN) {
     throw new ValidationError('Price cannot be negative', 'price');
   }
   
-  if (p > 1000000) {
+  if (p > VALIDATION.PRICE_MAX) {
     throw new ValidationError('Price is too large', 'price');
   }
   
@@ -179,28 +193,26 @@ const validatePrice = (price) => {
  * Validates symbol format
  * @param {string} symbol - Symbol to validate
  * @returns {string} Validated symbol (uppercase, trimmed)
- * @throws {ValidationError} If invalid
+ * @throws {ValidationError}
  */
 const validateSymbol = (symbol) => {
-  if (!symbol || typeof symbol !== 'string') {
-    throw new ValidationError('Symbol is required', 'symbol');
-  }
-  
-  const trimmed = symbol.trim().toUpperCase();
+  const validated = validateString(symbol, {
+    field: 'Symbol',
+    min: VALIDATION.SYMBOL_MIN,
+    max: VALIDATION.SYMBOL_MAX,
+  });
   
-  if (trimmed.length < 1 || trimmed.length > 20) {
-    throw new ValidationError('Invalid symbol length', 'symbol');
-  }
+  const upper = validated.toUpperCase();
   
-  if (!/^[A-Z0-9]+$/.test(trimmed)) {
+  if (!VALIDATION.SYMBOL_PATTERN.test(upper)) {
     throw new ValidationError('Symbol contains invalid characters', 'symbol');
   }
   
-  return trimmed;
+  return upper;
 };
 
 /**
- * Sanitizes a string by removing potentially dangerous characters
+ * Sanitizes a string by removing dangerous characters
  * @param {string} input - Input to sanitize
  * @returns {string} Sanitized string
  */
@@ -209,9 +221,9 @@ const sanitizeString = (input) => {
   
   return input
     .trim()
-    .replace(/[<>]/g, '') // Remove HTML brackets
-    .replace(/[\x00-\x1F\x7F]/g, '') // Remove control characters
-    .substring(0, 1000); // Limit length
+    .replace(/[<>]/g, '')                    // Remove HTML brackets
+    .replace(/[\x00-\x1F\x7F]/g, '')          // Remove control characters
+    .slice(0, VALIDATION.STRING_MAX_LENGTH);  // Limit length
 };
 
 /**
@@ -219,20 +231,22 @@ const sanitizeString = (input) => {
  * @param {Object} data - Data object to validate
  * @param {Object} schema - Validation schema
  * @returns {Object} Validated data
- * @throws {ValidationError} If any field is invalid
+ * @throws {ValidationError}
  */
 const validateObject = (data, schema) => {
   const result = {};
   
-  for (const [field, validator] of Object.entries(schema)) {
+  for (const [field, config] of Object.entries(schema)) {
     const value = data[field];
     
-    if (typeof validator === 'function') {
-      result[field] = validator(value);
-    } else if (validator.required && (value === undefined || value === null)) {
+    if (typeof config === 'function') {
+      result[field] = config(value);
+    } else if (config.required && (value === undefined || value === null)) {
       throw new ValidationError(`${field} is required`, field);
+    } else if (value !== undefined && value !== null && config.validate) {
+      result[field] = config.validate(value);
     } else if (value !== undefined && value !== null) {
-      result[field] = validator.validate ? validator.validate(value) : value;
+      result[field] = value;
     }
   }
   
@@ -249,5 +263,5 @@ module.exports = {
   validatePrice,
   validateSymbol,
   sanitizeString,
-  validateObject
+  validateObject,
 };