From c19a70a7c624a82288bd30f828700e8c4bd764bd Mon Sep 17 00:00:00 2001
From: ash1shkumar <rashishkumar2006@gmail.com>
Date: Sat, 6 Jun 2026 01:15:38 +0530
Subject: [PATCH] refactor: centralize task lifecycle validation

---
 backend/middleware/validation.middleware.js | 178 ++++++++++++++++----
 1 file changed, 147 insertions(+), 31 deletions(-)

diff --git a/backend/middleware/validation.middleware.js b/backend/middleware/validation.middleware.js
index ce2a325..e58df34 100644
--- a/backend/middleware/validation.middleware.js
+++ b/backend/middleware/validation.middleware.js
@@ -1,84 +1,181 @@
 import validator from "validator";
 import xss from "xss";
 
-const VALID_TASK_STATUS = ["todo", "in_progress", "done"];
+const VALID_TASK_STATUS = [
+  "todo",
+  "in_progress",
+  "done",
+];
 
 function sanitizeText(value = "") {
   return xss(String(value).trim());
 }
 
-export function validateTask(req, res, next) {
-  const { title, description, status, position } = req.body;
+function validateTaskStatus(
+  status
+) {
+  return (
+    !status ||
+    VALID_TASK_STATUS.includes(
+      status
+    )
+  );
+}
+
+function validateTaskPosition(
+  position
+) {
+  return (
+    position === undefined ||
+    (Number.isInteger(position) &&
+      position >= 0)
+  );
+}
+
+export function validateTask(
+  req,
+  res,
+  next
+) {
+  const {
+    title,
+    description,
+    status,
+    position,
+  } = req.body;
 
-  if (!title || !validator.isLength(title.trim(), { min: 1, max: 120 })) {
+  if (
+    !title ||
+    !validator.isLength(
+      title.trim(),
+      {
+        min: 1,
+        max: 120,
+      }
+    )
+  ) {
     return res.status(400).json({
-      error: "Task title must be between 1 and 120 characters",
+      error:
+        "Task title must be between 1 and 120 characters",
     });
   }
 
   if (
     description &&
-    !validator.isLength(description.trim(), { max: 1000 })
+    !validator.isLength(
+      description.trim(),
+      { max: 1000 }
+    )
   ) {
     return res.status(400).json({
-      error: "Description too long",
+      error:
+        "Description too long",
     });
   }
 
-  if (status && !VALID_TASK_STATUS.includes(status)) {
+  if (
+    !validateTaskStatus(
+      status
+    )
+  ) {
     return res.status(400).json({
-      error: "Invalid task status",
+      error:
+        "Invalid task status",
     });
   }
 
   if (
-    position !== undefined &&
-    (!Number.isInteger(position) || position < 0)
+    !validateTaskPosition(
+      position
+    )
   ) {
     return res.status(400).json({
-      error: "Invalid task position",
+      error:
+        "Invalid task position",
     });
   }
 
-  req.body.title = sanitizeText(title);
-  req.body.description = sanitizeText(description || "");
+  req.body.title =
+    sanitizeText(title);
+
+  req.body.description =
+    sanitizeText(
+      description || ""
+    );
 
   next();
 }
 
-export function validateMessage(req, res, next) {
-  const { text, username } = req.body;
+export function validateMessage(
+  req,
+  res,
+  next
+) {
+  const {
+    text,
+    username,
+  } = req.body;
 
   if (
     username &&
-    !validator.isLength(username.trim(), { min: 2, max: 40 })
+    !validator.isLength(
+      username.trim(),
+      {
+        min: 2,
+        max: 40,
+      }
+    )
   ) {
     return res.status(400).json({
-      error: "Invalid username length",
+      error:
+        "Invalid username length",
     });
   }
 
   if (
     text &&
-    !validator.isLength(text.trim(), { max: 2000 })
+    !validator.isLength(
+      text.trim(),
+      { max: 2000 }
+    )
   ) {
     return res.status(400).json({
-      error: "Message too long",
+      error:
+        "Message too long",
     });
   }
 
-  req.body.username = sanitizeText(username || "");
-  req.body.text = sanitizeText(text || "");
+  req.body.username =
+    sanitizeText(
+      username || ""
+    );
+
+  req.body.text =
+    sanitizeText(text || "");
 
   next();
 }
 
-export function validateFeedItem(req, res, next) {
-  const { title, body, type } = req.body;
+export function validateFeedItem(
+  req,
+  res,
+  next
+) {
+  const {
+    title,
+    body,
+    type,
+  } = req.body;
 
   if (
     !title ||
-    !validator.isLength(title.trim(), { min: 1, max: 120 })
+    !validator.isLength(
+      title.trim(),
+      {
+        min: 1,
+        max: 120,
+      }
+    )
   ) {
     return res.status(400).json({
       error: "Invalid title",
@@ -87,23 +184,42 @@ export function validateFeedItem(req, res, next) {
 
   if (
     !body ||
-    !validator.isLength(body.trim(), { min: 1, max: 1500 })
+    !validator.isLength(
+      body.trim(),
+      {
+        min: 1,
+        max: 1500,
+      }
+    )
   ) {
     return res.status(400).json({
       error: "Invalid body",
     });
   }
 
-  const allowedTypes = ["discussion", "code", "milestone"];
+  const allowedTypes = [
+    "discussion",
+    "code",
+    "milestone",
+  ];
 
-  if (type && !allowedTypes.includes(type)) {
+  if (
+    type &&
+    !allowedTypes.includes(
+      type
+    )
+  ) {
     return res.status(400).json({
-      error: "Invalid feed type",
+      error:
+        "Invalid feed type",
     });
   }
 
-  req.body.title = sanitizeText(title);
-  req.body.body = sanitizeText(body);
+  req.body.title =
+    sanitizeText(title);
+
+  req.body.body =
+    sanitizeText(body);
 
   next();
 }
\ No newline at end of file