Description
src/routes/payouts.ts enforces allowlists for status, sortBy, sortOrder, and a MAX_LIMIT of 100, but these guards need tests proving invalid values are rejected with 400 and that pagination cannot be abused for large result sets. Expand src/routes/payouts.test.ts to cover the validation surface.
Requirements and context
- Must be secure, tested, and documented
- Should be efficient and easy to review
- Relevant code:
src/routes/payouts.ts, src/routes/payouts.test.ts
- Out-of-allowlist
sortBy must never reach a SQL query (injection prevention)
Suggested execution
- Fork the repo and create a branch
git checkout -b test/payouts-filter-pagination- Implement changes
- Add tests for invalid
status, sortBy, sortOrder returning 400
- Assert
limit above MAX_LIMIT is clamped or rejected
- Assert default
limit of 20 applied when omitted
- Validate security and correctness assumptions
Test and commit
- Run tests
- Cover edge cases
limit=0, negative offset, sortBy=created_at;DROP, non-numeric limit
- Include test output and notes
Example commit message
test: cover payouts filter and pagination guards
Guidelines
- Minimum 95 percent test coverage
- Clear documentation
- Timeframe: 96 hours
Description
src/routes/payouts.tsenforces allowlists forstatus,sortBy,sortOrder, and aMAX_LIMITof 100, but these guards need tests proving invalid values are rejected with 400 and that pagination cannot be abused for large result sets. Expandsrc/routes/payouts.test.tsto cover the validation surface.Requirements and context
src/routes/payouts.ts,src/routes/payouts.test.tssortBymust never reach a SQL query (injection prevention)Suggested execution
git checkout -b test/payouts-filter-paginationstatus,sortBy,sortOrderreturning 400limitaboveMAX_LIMITis clamped or rejectedlimitof 20 applied when omittedTest and commit
npm testlimit=0, negative offset,sortBy=created_at;DROP, non-numeric limitExample commit message
test: cover payouts filter and pagination guardsGuidelines