fix: validate acceptedAssets to prevent silent malformed input (#9)

[CodeMayor]

parseAcceptedAssets previously silenced malformed asset strings by returning null and filtering them out, causing campaigns to silently fall back to native XLM acceptance without any error to the creator. This fix adds proper validation at both the DTO and service boundary levels.

What I've Built

✅ AcceptedAssetInput DTO (src/campaigns/dto/accepted-asset-input.dto.ts)

• New reusable input class replacing raw string[]
• @MaxLength(100) prevents oversized payloads
• @Matches regex enforces XLM or CODE:ISSUER format at intake
• Malformed inputs rejected with 400 before reaching service logic

✅ Updated CreateCampaignDto (src/campaigns/dto/create-campaign.dto.ts)

• acceptedAssets now typed as AcceptedAssetInput[]
• @ValidateNested({ each: true }) ensures per-entry validation
• @ArrayMaxSize(10) guards against array flooding attacks

✅ Hardened parseAcceptedAssets (src/campaigns/campaigns.service.ts)

• Throws BadRequestException for empty values, missing code, missing issuer, wrong separator format
• Post-trim empty check catches whitespace-only strings
• Error messages are generic no user input echoed back
• Array size re-validated at service boundary as second line of defense

Security Implementation

• Two layer validation: DTO layer + service boundary
• No user input reflected in error responses
• Whitespace-only strings caught after trimming
• Array size capped at both DTO and service levels to prevent flooding

Testing

✅ 14 unit tests (src/campaigns/tests/parse-accepted-assets.spec.ts)

• Valid XLM and credit asset parsing
• Case-insensitive XLM handling
• Empty value, whitespace-only, missing code, missing issuer
• Wrong separator format, too many colons
• Array size limit enforcement
• Fail-fast on first invalid entry in mixed array

Files Changed

• src/campaigns/dto/accepted-asset-input.dto.ts New hardened input DTO
• src/campaigns/dto/create-campaign.dto.ts Updated to use structured asset input
• src/campaigns/campaigns.service.ts parseAcceptedAssets now throws on malformed input
• src/campaigns/tests/parse-accepted-assets.spec.ts 14 passing unit tests

[CodeMayor]

Hi there! I've submitted this PR to address the acceptedAssets malformed input validation. All the core checks (build, lint, formatting, and unit tests) are passing successfully.

It looks like the CI / Test (e2e) workflow hit a timeout and was automatically cancelled after 360m, which seems like a CI glitch. Could you take a look at the implementation when you have a moment and let me know if you have any feedback or if any changes are needed? Thanks

[CodeMayor]

@Alqku any update ?