Problem
POST /api/messages currently forwards req.body directly into sendMessage(). This accepts incomplete message payloads with missing required fields from the message model such as senderId, receiverId, and body. The service also creates a server id and then spreads the caller payload afterward, so a request body can overwrite the generated msg_* id.
Expected behavior
- Add a focused message creation validator.
- Require
senderId, receiverId, and body before writing to the service layer.
- Return a structured
400 response for invalid message payloads.
- Preserve the generated
msg_* id even if callers submit an id field.
- Add route/service regression coverage for missing receiver, blank body, and caller-supplied id overrides.
This issue is limited only to the creator of this issue. This means that only the issue author can attempt to solve this issue. If you would like to work on it, please create another issue with the same contents and refer to issue #743 for more information.
Problem
POST /api/messagescurrently forwardsreq.bodydirectly intosendMessage(). This accepts incomplete message payloads with missing required fields from the message model such assenderId,receiverId, andbody. The service also creates a server id and then spreads the caller payload afterward, so a request body can overwrite the generatedmsg_*id.Expected behavior
senderId,receiverId, andbodybefore writing to the service layer.400response for invalid message payloads.msg_*id even if callers submit anidfield.This issue is limited only to the creator of this issue. This means that only the issue author can attempt to solve this issue. If you would like to work on it, please create another issue with the same contents and refer to issue #743 for more information.