refactor(frontend): extract validation utilities to shared module

Issue #7: Profile validation logic was embedded in page component. Changes: - Create utils/validation.ts with shared validation functions: - validateEmail: email format validation - validateTelegram: handle format with @ prefix - validateSignal: username length validation - validateNostrNpub: bech32 format validation - validateProfileFields: combined validation - Update profile/page.tsx to use shared validation - Both frontend and backend now read validation rules from shared/constants.json for consistency
2025-12-22 09:13:03 +01:00 · 2025-12-22 09:13:03 +01:00 · fdab4a5dac
commit fdab4a5dac
parent 53aa54d6c9
2 changed files with 141 additions and 90 deletions
--- a/frontend/app/profile/page.tsx
+++ b/frontend/app/profile/page.tsx
@ -1,13 +1,12 @@
 "use client";

 import { useEffect, useState, useCallback, useRef } from "react";
-import { bech32 } from "bech32";
+
 import { api, ApiError } from "../api";
-import { Header } from "../components/Header";
-import { useRequireAuth } from "../hooks/useRequireAuth";
-import { components } from "../generated/api";
-import constants from "../../../shared/constants.json";
 import { Permission } from "../auth-context";
+import { Header } from "../components/Header";
+import { components } from "../generated/api";
+import { useRequireAuth } from "../hooks/useRequireAuth";
 import {
  layoutStyles,
  cardStyles,
@ -16,6 +15,7 @@ import {
  toastStyles,
  utilityStyles,
 } from "../styles/shared";
+import { FieldErrors, validateProfileFields } from "../utils/validation";

 // Use generated type from OpenAPI schema
 type ProfileData = components["schemas"]["ProfileResponse"];
@ -28,89 +28,6 @@ interface FormData {
  nostr_npub: string;
 }

-interface FieldErrors {
-  contact_email?: string;
-  telegram?: string;
-  signal?: string;
-  nostr_npub?: string;
-}
-
-// Client-side validation using shared rules from constants
-const { telegram: telegramRules, signal: signalRules, nostrNpub: npubRules } = constants.validation;
-
-function validateEmail(value: string): string | undefined {
-  if (!value) return undefined;
-  // More comprehensive email regex that matches email-validator behavior
-  // Checks for: local part, @, domain with at least one dot, valid TLD
-  const emailRegex =
-    /^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)+$/;
-  if (!emailRegex.test(value)) {
-    return "Please enter a valid email address";
-  }
-  return undefined;
-}
-
-function validateTelegram(value: string): string | undefined {
-  if (!value) return undefined;
-  if (!value.startsWith(telegramRules.mustStartWith)) {
-    return `Telegram handle must start with ${telegramRules.mustStartWith}`;
-  }
-  const handle = value.slice(1);
-  if (handle.length < 1) {
-    return `Telegram handle must have at least one character after ${telegramRules.mustStartWith}`;
-  }
-  if (handle.length > telegramRules.maxLengthAfterAt) {
-    return `Telegram handle must be at most ${telegramRules.maxLengthAfterAt} characters (after ${telegramRules.mustStartWith})`;
-  }
-  return undefined;
-}
-
-function validateSignal(value: string): string | undefined {
-  if (!value) return undefined;
-  if (value.trim().length === 0) {
-    return "Signal username cannot be empty";
-  }
-  if (value.length > signalRules.maxLength) {
-    return `Signal username must be at most ${signalRules.maxLength} characters`;
-  }
-  return undefined;
-}
-
-function validateNostrNpub(value: string): string | undefined {
-  if (!value) return undefined;
-  if (!value.startsWith(npubRules.prefix)) {
-    return `Nostr npub must start with '${npubRules.prefix}'`;
-  }
-
-  try {
-    const decoded = bech32.decode(value);
-    if (decoded.prefix !== "npub") {
-      return "Nostr npub must have 'npub' prefix";
-    }
-    // npub should decode to 32 bytes (256 bits) for a public key
-    // In bech32, each character encodes 5 bits, so 32 bytes = 52 characters of data
-    if (decoded.words.length !== npubRules.bech32Words) {
-      return "Invalid Nostr npub: incorrect length";
-    }
-    return undefined;
-  } catch {
-    return "Invalid Nostr npub: bech32 checksum failed";
-  }
-}
-
-function validateForm(data: FormData): FieldErrors {
-  const errors: FieldErrors = {};
-  const emailError = validateEmail(data.contact_email);
-  if (emailError) errors.contact_email = emailError;
-  const telegramError = validateTelegram(data.telegram);
-  if (telegramError) errors.telegram = telegramError;
-  const signalError = validateSignal(data.signal);
-  if (signalError) errors.signal = signalError;
-  const npubError = validateNostrNpub(data.nostr_npub);
-  if (npubError) errors.nostr_npub = npubError;
-  return errors;
-}
-
 function toFormData(data: ProfileData): FormData {
  return {
    contact_email: data.contact_email || "",
@ -214,7 +131,7 @@ export default function ProfilePage() {
    // Debounce validation - wait 500ms after user stops typing
    validationTimeoutRef.current = setTimeout(() => {
      const newFormData = { ...formData, [field]: value };
-      const newErrors = validateForm(newFormData);
+      const newErrors = validateProfileFields(newFormData);
      setErrors(newErrors);
    }, 500);
  };
@ -223,7 +140,7 @@ export default function ProfilePage() {
    e.preventDefault();

    // Validate all fields
-    const validationErrors = validateForm(formData);
+    const validationErrors = validateProfileFields(formData);
    setErrors(validationErrors);

    if (Object.keys(validationErrors).length > 0) {
--- a/frontend/app/utils/validation.ts
+++ b/frontend/app/utils/validation.ts
@ -0,0 +1,134 @@
+/**
+ * Validation utilities for user profile fields.
+ *
+ * These validation functions mirror the backend validation logic in
+ * backend/validation.py. Both use shared rules from shared/constants.json
+ * to ensure consistent validation across frontend and backend.
+ */
+
+import { bech32 } from "bech32";
+
+import constants from "../../../shared/constants.json";
+
+const { telegram: telegramRules, signal: signalRules, nostrNpub: npubRules } = constants.validation;
+
+/**
+ * Validate contact email format.
+ * Returns undefined if valid, error message if invalid.
+ * Empty values are valid (field is optional).
+ */
+export function validateEmail(value: string): string | undefined {
+  if (!value) return undefined;
+  // Comprehensive email regex that matches email-validator behavior
+  // Checks for: local part, @, domain with at least one dot, valid TLD
+  const emailRegex =
+    /^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)+$/;
+  if (!emailRegex.test(value)) {
+    return "Please enter a valid email address";
+  }
+  return undefined;
+}
+
+/**
+ * Validate Telegram handle.
+ * Must start with @ if provided, with characters after @ within max length.
+ * Returns undefined if valid, error message if invalid.
+ * Empty values are valid (field is optional).
+ */
+export function validateTelegram(value: string): string | undefined {
+  if (!value) return undefined;
+  if (!value.startsWith(telegramRules.mustStartWith)) {
+    return `Telegram handle must start with ${telegramRules.mustStartWith}`;
+  }
+  const handle = value.slice(1);
+  if (handle.length < 1) {
+    return `Telegram handle must have at least one character after ${telegramRules.mustStartWith}`;
+  }
+  if (handle.length > telegramRules.maxLengthAfterAt) {
+    return `Telegram handle must be at most ${telegramRules.maxLengthAfterAt} characters (after ${telegramRules.mustStartWith})`;
+  }
+  return undefined;
+}
+
+/**
+ * Validate Signal username.
+ * Any non-empty string within max length is valid.
+ * Returns undefined if valid, error message if invalid.
+ * Empty values are valid (field is optional).
+ */
+export function validateSignal(value: string): string | undefined {
+  if (!value) return undefined;
+  if (value.trim().length === 0) {
+    return "Signal username cannot be empty";
+  }
+  if (value.length > signalRules.maxLength) {
+    return `Signal username must be at most ${signalRules.maxLength} characters`;
+  }
+  return undefined;
+}
+
+/**
+ * Validate Nostr npub (public key in bech32 format).
+ * Must be valid bech32 with 'npub' prefix.
+ * Returns undefined if valid, error message if invalid.
+ * Empty values are valid (field is optional).
+ */
+export function validateNostrNpub(value: string): string | undefined {
+  if (!value) return undefined;
+  if (!value.startsWith(npubRules.prefix)) {
+    return `Nostr npub must start with '${npubRules.prefix}'`;
+  }
+
+  try {
+    const decoded = bech32.decode(value);
+    if (decoded.prefix !== "npub") {
+      return "Nostr npub must have 'npub' prefix";
+    }
+    // npub should decode to 32 bytes (256 bits) for a public key
+    // In bech32, each character encodes 5 bits, so 32 bytes = 52 characters of data
+    if (decoded.words.length !== npubRules.bech32Words) {
+      return "Invalid Nostr npub: incorrect length";
+    }
+    return undefined;
+  } catch {
+    return "Invalid Nostr npub: bech32 checksum failed";
+  }
+}
+
+/**
+ * Field errors object type.
+ */
+export interface FieldErrors {
+  contact_email?: string;
+  telegram?: string;
+  signal?: string;
+  nostr_npub?: string;
+}
+
+/**
+ * Validate all profile fields at once.
+ * Returns an object with field_name -> error_message for any invalid fields.
+ * Empty object means all fields are valid.
+ */
+export function validateProfileFields(data: {
+  contact_email?: string;
+  telegram?: string;
+  signal?: string;
+  nostr_npub?: string;
+}): FieldErrors {
+  const errors: FieldErrors = {};
+
+  const emailError = validateEmail(data.contact_email || "");
+  if (emailError) errors.contact_email = emailError;
+
+  const telegramError = validateTelegram(data.telegram || "");
+  if (telegramError) errors.telegram = telegramError;
+
+  const signalError = validateSignal(data.signal || "");
+  if (signalError) errors.signal = signalError;
+
+  const npubError = validateNostrNpub(data.nostr_npub || "");
+  if (npubError) errors.nostr_npub = npubError;
+
+  return errors;
+}