Skip to content

feat(geolocation): implement address sanitization and caching to prev…#278

Open
Opulencechuks wants to merge 2 commits into
NOVUS-X:mainfrom
Opulencechuks:feature/geocoding-security
Open

feat(geolocation): implement address sanitization and caching to prev…#278
Opulencechuks wants to merge 2 commits into
NOVUS-X:mainfrom
Opulencechuks:feature/geocoding-security

Conversation

@Opulencechuks
Copy link
Copy Markdown

@Opulencechuks Opulencechuks commented Apr 26, 2026

This PR closes #206
PR Description

Title: feat(geolocation): implement address sanitization and caching

Description:
This PR addresses security and cost concerns in the geocoding service by implementing input sanitization and result caching.

Key Changes:

  • Sanitization: Added a sanitization layer to geocode_address that cleans and validates raw address strings, preventing injection and rejecting invalid inputs (e.g., pure numbers, too short/long).
  • Caching: Integrated Redis caching (24h TTL) for geocoding results, significantly reducing redundant external API calls.
  • Error Handling: Improved resilience for both API and cache failures.

How to Test:
1.Sanitization Check:

  • Call the geocode_address method (or use the artisan profile update endpoint) with various "bad" strings like:
    • New York (should be trimmed)
    • 1234567 (should be rejected)
    • <script>alert(1)</script> (should be sanitized/rejected)
  • Verify that invalid inputs return None without hitting the Nominatim API.
    2.Caching Check:
  • Geocode a valid address (e.g., "Paris, France").
  • Check Redis keys: keys geocode: should show a new entry.
  • Geocode the same address again (case-insensitive, e.g., "paris, france").
  • Verify that the second call is significantly faster and returns the cached result (no external API call made).
    3.Automated Test:
  • Run the provided test script: python backend/scratch/test_geocoding_improvements.py (requires local environment setup).

Acceptance Criteria:

  • Implement address validation before calling geocoding APIs.
  • Add caching for common locations to reduce API costs.

@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented Apr 26, 2026

@Opulencechuks Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@gabito1451
Copy link
Copy Markdown
Collaborator

gabito1451 commented Apr 28, 2026

@Opulencechuks , U MIGHT WANT TO LOOK IN TO CI , ITS FAILING

@Opulencechuks
Copy link
Copy Markdown
Author

Opulencechuks commented Apr 28, 2026

please merge this issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security: Sanitize and Validate Geocoding Inputs

2 participants

@Opulencechuks @gabito1451