point model property validation in api's

[ddfridley]

We are deliberately loose on validity checks in the point model, but in the api calls is where we have the most vulnerability to hacks - (people deliberately inserting bad stuff).

We need to create methods for strong validity checks for the properties in model/point.js and export them so that the api's can use them.

See Joi an it's methods for validity checking in undebate-ssp/app/socket-apis/find-and-set-election-doc

In app/models/point.js Create and export validity checks for:

• [ ] _id
• [ ] title
• [ ] description
• [ ] parentId
• [ ] category
• [ ] round
• [ ] others to be determined
• [ ] create jest tests for each of the above, with one passing and one failing case apply the validity tests, for required, and optional fields if present, and create an additional jest test for failing
• [ ] socket-apis/upsert-point
• [ ] socket-apis/upsert-why

The name of the validity test should match the name of the property. Even better to consider if there is some shorthand way using joi or just an object to make the code clean and minimal in the apis.

[ddfridley]

@edmundj0 how is this going? Thanks.

[edmundj0]

just created a draft pr, should be done soon, but let me know if I'm not going in the right direction!