3e72d6c0ba
Fixed code quality issues from Task 2 review: 1. Added ID validation in PUT endpoint: - Validates req.params.id is a valid positive integer - Returns 400 for invalid IDs (non-numeric, negative, zero, decimals) - Prevents SQL injection attempts 2. Added path validation in POST and PUT endpoints: - Validates projectPath is absolute path - Normalizes and resolves paths - Detects and blocks path traversal attempts (e.g., ../../../etc) - Returns 400 for invalid paths 3. Fixed UNIQUE constraint in database schema: - Removed UNIQUE constraint from name column - Allows creating projects with same name as deleted projects - Application-level duplicate checking remains for active projects - Added table migration to drop and recreate schema Files modified: - server.js: Added validateProjectId() and validateProjectPath() helpers - services/database.js: Removed UNIQUE constraint, added migration All validation tested and working correctly. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
3e72d6c0ba
·
2026-01-19 16:51:46 +00:00
History