fix(gateway): security hardening — auth guards, ownership checks, validation, rate limiting

2026-03-13 08:25:57 -05:00
parent 9eb48e1d9b
commit 180604661e
22 changed files with 696 additions and 74 deletions
--- a/apps/gateway/src/missions/missions.dto.ts
+++ b/apps/gateway/src/missions/missions.dto.ts
@@ -1,14 +1,46 @@
-export interface CreateMissionDto {
-  name: string;
+import { IsIn, IsObject, IsOptional, IsString, IsUUID, MaxLength } from 'class-validator';
+
+const missionStatuses = ['planning', 'active', 'paused', 'completed', 'failed'] as const;
+
+export class CreateMissionDto {
+  @IsString()
+  @MaxLength(255)
+  name!: string;
+
+  @IsOptional()
+  @IsString()
+  @MaxLength(10_000)
  description?: string;
+
+  @IsOptional()
+  @IsUUID()
  projectId?: string;
+
+  @IsOptional()
+  @IsIn(missionStatuses)
  status?: 'planning' | 'active' | 'paused' | 'completed' | 'failed';
 }

-export interface UpdateMissionDto {
+export class UpdateMissionDto {
+  @IsOptional()
+  @IsString()
+  @MaxLength(255)
  name?: string;
+
+  @IsOptional()
+  @IsString()
+  @MaxLength(10_000)
  description?: string | null;
+
+  @IsOptional()
+  @IsUUID()
  projectId?: string | null;
+
+  @IsOptional()
+  @IsIn(missionStatuses)
  status?: 'planning' | 'active' | 'paused' | 'completed' | 'failed';
+
+  @IsOptional()
+  @IsObject()
  metadata?: Record<string, unknown> | null;
 }