Refactor: Add comprehensive config validation #119
Description
Problem
Only SSL config is validated in src/config.js:
// Lines 226-238 - only validation that exists
if ((config.sslKey && !config.sslCert) || (!config.sslKey && config.sslCert)) {
throw new Error('Both --ssl-key and --ssl-cert must be provided together');
}Other configs have NO validation:
port- no range check (could be negative or >65535)baseDomain- only checked when used (server.js:158), not at startupmashlibVersion- no format validationnostrMaxEvents- no bounds checking (could be 0 or negative)defaultQuota- no limits validation
Proposed Solution
Add validation layer in src/config.js:
const validators = {
port: (v) => {
if (v < 1 || v > 65535) return 'Port must be 1-65535';
return null;
},
nostrMaxEvents: (v) => {
if (v <= 0) return 'nostrMaxEvents must be positive';
return null;
},
defaultQuota: (v) => {
if (v < 0) return 'defaultQuota must be non-negative';
return null;
},
baseDomain: (v) => {
if (v && !/^[a-z0-9.-]+\.[a-z]{2,}$/i.test(v)) {
return 'Invalid domain format';
}
return null;
},
mashlibVersion: (v) => {
if (v && !/^\d+\.\d+\.\d+$/.test(v)) {
return 'mashlibVersion must be semver (e.g., 2.0.0)';
}
return null;
}
};
function validateConfig(config) {
for (const [key, validator] of Object.entries(validators)) {
if (config[key] !== undefined) {
const error = validator(config[key]);
if (error) throw new Error(`Invalid config "${key}": ${error}`);
}
}
}Benefits
- Fail fast on invalid config
- Clear error messages
- Prevents runtime surprises
- Documents valid ranges
Files Affected
src/config.js- add validators object and validateConfig()
Priority
P1 - Improves robustness and developer experience