Address review comments

Author: stevebux

lambdas/api-handler/src/config/deps.ts

@@ -33,8 +33,7 @@ function createMIRepository(documentClient: DynamoDBDocumentClient, log: pino.Lo
   const ddbClient = new DynamoDBClient({});
   const docClient = DynamoDBDocumentClient.from(ddbClient);
   const config = {
-    miTableName: envVars.MI_TABLE_NAME,
-    ttlHours: envVars.LETTER_TTL_HOURS
+    miTableName: envVars.MI_TABLE_NAME
   };
 
   return new MIRepository(docClient, log, config);

lambdas/api-handler/src/contracts/mi.ts

@@ -14,16 +14,8 @@ export const PostMIRequestResourceSchema = z.object({
 }).strict();
 
 export const PostMIResponseResourceSchema = z.object({
-  type: z.literal('ManagementInformation'),
   id: z.string(),
-  attributes: z.object({
-    lineItem: z.string(),
-    timestamp: z.string(),
-    quantity: z.number(),
-    specificationId: z.string().optional(),
-    groupId: z.string().optional(),
-    stockRemaining: z.number().optional(),
-  }).strict()
+  ...PostMIRequestResourceSchema.shape,
 }).strict();
 
 export const PostMIRequestSchema = makeDocumentSchema(PostMIRequestResourceSchema);

lambdas/api-handler/src/handlers/__tests__/post-mi.test.ts

@@ -27,10 +27,10 @@ const postMIRequest : PostMIRequest = {
 const requestBody = JSON.stringify(postMIRequest, null, 2);
 
     const postMIResponse : PostMIResponse = {
-        data: {
-          id: 'id1',
-          ...postMIRequest.data
-        }
+      data: {
+        id: 'id1',
+        ...postMIRequest.data
+      }
     };
 
 const mockedPostMIOperation = jest.mocked(miService.postMI);
@@ -72,11 +72,9 @@ describe('postMI API Handler', () => {
   });
 
 
-  it.each([['not a date string', false], ['2025-10-16T00:00:00', false], ['2025-16-10T00:00:00Z', false],
-            ['2025-10-16T00:00:00Z', true], ['2025-10-16T00:00:00.000000Z', true]])
-    ('validates the timestamp', async (timestamp: string, valid: boolean) => {
+  it('rejects invalid timestamps', async() => {
     const modifiedRequest = JSON.parse(requestBody);
-    modifiedRequest['data']['attributes']['timestamp'] = timestamp;
+    modifiedRequest['data']['attributes']['timestamp'] = '2025-02-31T00:00:00Z';
     const event = makeApiGwEvent({
       path: '/mi',
       body: JSON.stringify(modifiedRequest),
@@ -87,7 +85,7 @@ describe('postMI API Handler', () => {
     const result = await postMI(event,  mockDeep<Context>(), jest.fn());
 
     expect(result).toEqual(expect.objectContaining({
-      statusCode: valid? 201: 400
+      statusCode: 400
     }));
   });
 

lambdas/api-handler/src/handlers/post-mi.ts

@@ -3,7 +3,7 @@ import { postMI as postMIOperation } from '../services/mi-operations';
 import { ApiErrorDetail } from "../contracts/errors";
 import { ValidationError } from "../errors";
 import { mapErrorToResponse } from "../mappers/error-mapper";
-import { assertNotEmpty, validateCommonHeaders } from "../utils/validation";
+import { assertNotEmpty, validateCommonHeaders, validateIso8601Timestamp } from "../utils/validation";
 import { PostMIRequest, PostMIRequestSchema } from "../contracts/mi";
 import { mapToMI } from "../mappers/mi-mapper";
 import { Deps } from "../config/deps";
@@ -44,13 +44,4 @@ export function createPostMIHandler(deps: Deps): APIGatewayProxyHandler {
       return mapErrorToResponse(error, commonHeadersResult.value.correlationId, deps.logger);
     }
   }
-
-  function validateIso8601Timestamp(timestamp: string) {
-
-    // If timestamp looks like a date, but is not valid (e.g. 2025-02-31T13:45:56Z), then new Date(timestamp).valueOf()
-    // will return NaN
-    if (! /\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(.\d+)?Z/.test(timestamp) || Number.isNaN(new Date(timestamp).valueOf())) {
-      throw new ValidationError(ApiErrorDetail.InvalidRequestTimestamp);
-    }
-  }
 };

lambdas/api-handler/src/utils/__tests__/validation.test.ts

@@ -1,4 +1,5 @@
-import { assertNotEmpty, lowerCaseKeys } from "../validation";
+import { ValidationError } from "../../errors";
+import { assertNotEmpty, lowerCaseKeys, validateIso8601Timestamp } from "../validation";
 
 describe("assertNotEmpty", () => {
   const error = new Error();
@@ -65,3 +66,16 @@ describe("lowerCaseKeys", () => {
     expect(result).toEqual({});
   });
 });
+
+describe('validateIso8601Timestamp', () => {
+  it.each([['2025-10-16T00:00:00.000Z'], ['2025-10-16T00:00:00Z'], ['2025-10-16T00:00:00.0Z'], ['2025-10-16T00:00:00.999999Z']])
+    ('permits valid timestamps', (timestamp: string) => {
+    validateIso8601Timestamp(timestamp);
+  });
+
+  it.each([['not a date string'], ['2025-10-16T00:00:00'], ['2025-16-10T00:00:00Z'], ['2025-02-31T00:00:00Z']])
+    ('rejects invalid timestamps', (timestamp: string) => {
+    expect(() => validateIso8601Timestamp(timestamp)).toThrow(ValidationError);
+  });
+
+});

lambdas/api-handler/src/utils/validation.ts

@@ -60,3 +60,27 @@ export function validateCommonHeaders(headers: APIGatewayProxyEventHeaders, deps
 
   return { ok: true, value: { correlationId, supplierId } };
 }
+
+export function validateIso8601Timestamp(timestamp: string) {
+
+  function normalisePrecision([_, mainPart, fractionalPart='.000']: string[]) : string {
+    if (fractionalPart.length < 4) {
+      return mainPart + fractionalPart + '0'.repeat(4 - fractionalPart.length) + 'Z';
+    } else {
+      return mainPart + fractionalPart.slice(0, 4) + 'Z';
+    }
+  }
+
+  const groups = timestamp.match(/(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2})(.\d+)?Z/);
+  if (!groups)  {
+    throw new ValidationError(ApiErrorDetail.InvalidRequestTimestamp);
+  }
+  const date = new Date(timestamp);
+  // An invalid month (e.g. '2025-16-10T00:00:00Z') will result in new Date(timestamp).valueOf() returning NaN.
+  // An invalid day of month (e.g. '2025-02-31T00:00:00Z') will roll over into the following month, but we can
+  // detect that by comparing date.toISOString() with the original timestamp string. We need to normalise the
+  // original string to millisecond precision to make this work.
+  if (Number.isNaN(new Date(timestamp).valueOf()) || date.toISOString() != normalisePrecision(groups)) {
+      throw new ValidationError(ApiErrorDetail.InvalidRequestTimestamp);
+  }
+}