fix(gateway): unify entity validation across handlers

- Add validate_entity_for_route() helper in HandlerContext that combines
  entity_id validation, path-based type extraction, and entity lookup
- Refactor data_handlers.cpp (3 handlers) to use unified validation
- Refactor config_handlers.cpp (7 handlers) to use unified validation
- Refactor fault_handlers.cpp (5 handlers) to use unified validation
- Refactor operation_handlers.cpp (3 handlers) to use unified validation
- Net reduction of ~270 lines of duplicated validation code

Addresses review comments from mfaferek93 on PR #160

Author: bburda

src/ros2_medkit_gateway/include/ros2_medkit_gateway/http/handlers/handler_context.hpp

@@ -176,7 +176,24 @@ class HandlerContext {
   static std::optional<std::string> validate_collection_access(const EntityInfo & entity,
                                                                ResourceCollection collection);
 
-
+  /**
+   * @brief Validate entity exists and matches expected route type
+   *
+   * Unified validation helper that:
+   * 1. Validates entity ID format
+   * 2. Looks up entity in the expected collection (based on route path)
+   * 3. Sends appropriate error responses:
+   *    - 400 with "invalid-parameter" if ID format is invalid
+   *    - 400 with "invalid-parameter" if entity exists but wrong type for route
+   *    - 404 with "entity-not-found" if entity doesn't exist
+   *
+   * @param req HTTP request (used to extract expected type from path)
+   * @param res HTTP response (error responses sent here)
+   * @param entity_id Entity ID to validate
+   * @return EntityInfo if valid, std::nullopt if error response was sent
+   */
+  std::optional<EntityInfo> validate_entity_for_route(const httplib::Request & req, httplib::Response & res,
+                                                      const std::string & entity_id) const;
 
   /**
    * @brief Set CORS headers on response if origin is allowed

src/ros2_medkit_gateway/src/http/handlers/config_handlers.cpp

@@ -221,35 +221,14 @@ void ConfigHandlers::handle_list_configurations(const httplib::Request & req, ht
 
     entity_id = req.matches[1];
 
-    auto entity_validation = ctx_.validate_entity_id(entity_id);
-    if (!entity_validation) {
-      HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER, "Invalid entity ID",
-                                 {{"details", entity_validation.error()}, {"entity_id", entity_id}});
-      return;
-    }
-
-    // First, verify that the entity actually exists in the cache
-    const auto & cache = ctx_.node()->get_thread_safe_cache();
-    auto entity_ref = cache.find_entity(entity_id);
-    if (!entity_ref) {
-      HandlerContext::send_error(res, StatusCode::NotFound_404, ERR_ENTITY_NOT_FOUND, "Entity not found",
-                                 {{"entity_id", entity_id}});
-      return;
-    }
-
-    // Validate entity type matches the route path
-    auto expected_type = extract_entity_type_from_path(req.path);
-    if (expected_type != SovdEntityType::UNKNOWN && entity_ref->type != expected_type) {
-      HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER,
-                                 "Invalid entity type for route: expected " + to_string(expected_type) + ", got " +
-                                     to_string(entity_ref->type),
-                                 {{"entity_id", entity_id},
-                                  {"expected_type", to_string(expected_type)},
-                                  {"actual_type", to_string(entity_ref->type)}});
-      return;
+    // Validate entity ID and type for this route
+    auto entity_opt = ctx_.validate_entity_for_route(req, res, entity_id);
+    if (!entity_opt) {
+      return;  // Error response already sent
     }
 
     // Get aggregated configurations info for this entity
+    const auto & cache = ctx_.node()->get_thread_safe_cache();
     auto agg_configs = cache.get_entity_configurations(entity_id);
 
     // If no nodes to query, return empty result
@@ -384,11 +363,10 @@ void ConfigHandlers::handle_get_configuration(const httplib::Request & req, http
     entity_id = req.matches[1];
     param_id = req.matches[2];
 
-    auto entity_validation = ctx_.validate_entity_id(entity_id);
-    if (!entity_validation) {
-      HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER, "Invalid entity ID",
-                                 {{"details", entity_validation.error()}, {"entity_id", entity_id}});
-      return;
+    // Validate entity ID and type for this route
+    auto entity_opt = ctx_.validate_entity_for_route(req, res, entity_id);
+    if (!entity_opt) {
+      return;  // Error response already sent
     }
 
     // Parameter ID may be prefixed with app_id: for aggregated configs
@@ -398,28 +376,8 @@ void ConfigHandlers::handle_get_configuration(const httplib::Request & req, http
       return;
     }
 
-    // Verify entity exists
-    const auto & cache = ctx_.node()->get_thread_safe_cache();
-    auto entity_ref = cache.find_entity(entity_id);
-    if (!entity_ref) {
-      HandlerContext::send_error(res, StatusCode::NotFound_404, ERR_ENTITY_NOT_FOUND, "Entity not found",
-                                 {{"entity_id", entity_id}});
-      return;
-    }
-
-    // Validate entity type matches the route path
-    auto expected_type = extract_entity_type_from_path(req.path);
-    if (expected_type != SovdEntityType::UNKNOWN && entity_ref->type != expected_type) {
-      HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER,
-                                 "Invalid entity type for route: expected " + to_string(expected_type) + ", got " +
-                                     to_string(entity_ref->type),
-                                 {{"entity_id", entity_id},
-                                  {"expected_type", to_string(expected_type)},
-                                  {"actual_type", to_string(entity_ref->type)}});
-      return;
-    }
-
     // Get aggregated configurations info
+    const auto & cache = ctx_.node()->get_thread_safe_cache();
     auto agg_configs = cache.get_entity_configurations(entity_id);
 
     if (agg_configs.nodes.empty()) {
@@ -533,11 +491,10 @@ void ConfigHandlers::handle_set_configuration(const httplib::Request & req, http
     entity_id = req.matches[1];
     param_id = req.matches[2];
 
-    auto entity_validation = ctx_.validate_entity_id(entity_id);
-    if (!entity_validation) {
-      HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER, "Invalid entity ID",
-                                 {{"details", entity_validation.error()}, {"entity_id", entity_id}});
-      return;
+    // Validate entity ID and type for this route
+    auto entity_opt = ctx_.validate_entity_for_route(req, res, entity_id);
+    if (!entity_opt) {
+      return;  // Error response already sent
     }
 
     if (param_id.empty() || param_id.length() > MAX_AGGREGATED_PARAM_ID_LENGTH) {
@@ -568,28 +525,8 @@ void ConfigHandlers::handle_set_configuration(const httplib::Request & req, http
       return;
     }
 
-    // Verify entity exists
-    const auto & cache = ctx_.node()->get_thread_safe_cache();
-    auto entity_ref = cache.find_entity(entity_id);
-    if (!entity_ref) {
-      HandlerContext::send_error(res, StatusCode::NotFound_404, ERR_ENTITY_NOT_FOUND, "Entity not found",
-                                 {{"entity_id", entity_id}});
-      return;
-    }
-
-    // Validate entity type matches the route path
-    auto expected_type = extract_entity_type_from_path(req.path);
-    if (expected_type != SovdEntityType::UNKNOWN && entity_ref->type != expected_type) {
-      HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER,
-                                 "Invalid entity type for route: expected " + to_string(expected_type) + ", got " +
-                                     to_string(entity_ref->type),
-                                 {{"entity_id", entity_id},
-                                  {"expected_type", to_string(expected_type)},
-                                  {"actual_type", to_string(entity_ref->type)}});
-      return;
-    }
-
     // Get aggregated configurations info
+    const auto & cache = ctx_.node()->get_thread_safe_cache();
     auto agg_configs = cache.get_entity_configurations(entity_id);
 
     if (agg_configs.nodes.empty()) {
@@ -678,35 +615,14 @@ void ConfigHandlers::handle_delete_configuration(const httplib::Request & req, h
     entity_id = req.matches[1];
     param_id = req.matches[2];
 
-    auto entity_validation = ctx_.validate_entity_id(entity_id);
-    if (!entity_validation) {
-      HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER, "Invalid entity ID",
-                                 {{"details", entity_validation.error()}, {"entity_id", entity_id}});
-      return;
-    }
-
-    // Verify entity exists
-    const auto & cache = ctx_.node()->get_thread_safe_cache();
-    auto entity_ref = cache.find_entity(entity_id);
-    if (!entity_ref) {
-      HandlerContext::send_error(res, StatusCode::NotFound_404, ERR_ENTITY_NOT_FOUND, "Entity not found",
-                                 {{"entity_id", entity_id}});
-      return;
-    }
-
-    // Validate entity type matches the route path
-    auto expected_type = extract_entity_type_from_path(req.path);
-    if (expected_type != SovdEntityType::UNKNOWN && entity_ref->type != expected_type) {
-      HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER,
-                                 "Invalid entity type for route: expected " + to_string(expected_type) + ", got " +
-                                     to_string(entity_ref->type),
-                                 {{"entity_id", entity_id},
-                                  {"expected_type", to_string(expected_type)},
-                                  {"actual_type", to_string(entity_ref->type)}});
-      return;
+    // Validate entity ID and type for this route
+    auto entity_opt = ctx_.validate_entity_for_route(req, res, entity_id);
+    if (!entity_opt) {
+      return;  // Error response already sent
     }
 
     // Get aggregated configurations info
+    const auto & cache = ctx_.node()->get_thread_safe_cache();
     auto agg_configs = cache.get_entity_configurations(entity_id);
 
     if (agg_configs.nodes.empty()) {
@@ -779,35 +695,14 @@ void ConfigHandlers::handle_delete_all_configurations(const httplib::Request & r
 
     entity_id = req.matches[1];
 
-    auto entity_validation = ctx_.validate_entity_id(entity_id);
-    if (!entity_validation) {
-      HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER, "Invalid entity ID",
-                                 {{"details", entity_validation.error()}, {"entity_id", entity_id}});
-      return;
-    }
-
-    // Verify entity exists
-    const auto & cache = ctx_.node()->get_thread_safe_cache();
-    auto entity_ref = cache.find_entity(entity_id);
-    if (!entity_ref) {
-      HandlerContext::send_error(res, StatusCode::NotFound_404, ERR_ENTITY_NOT_FOUND, "Entity not found",
-                                 {{"entity_id", entity_id}});
-      return;
-    }
-
-    // Validate entity type matches the route path
-    auto expected_type = extract_entity_type_from_path(req.path);
-    if (expected_type != SovdEntityType::UNKNOWN && entity_ref->type != expected_type) {
-      HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER,
-                                 "Invalid entity type for route: expected " + to_string(expected_type) + ", got " +
-                                     to_string(entity_ref->type),
-                                 {{"entity_id", entity_id},
-                                  {"expected_type", to_string(expected_type)},
-                                  {"actual_type", to_string(entity_ref->type)}});
-      return;
+    // Validate entity ID and type for this route
+    auto entity_opt = ctx_.validate_entity_for_route(req, res, entity_id);
+    if (!entity_opt) {
+      return;  // Error response already sent
     }
 
     // Get aggregated configurations info
+    const auto & cache = ctx_.node()->get_thread_safe_cache();
     auto agg_configs = cache.get_entity_configurations(entity_id);
 
     if (agg_configs.nodes.empty()) {

src/ros2_medkit_gateway/src/http/handlers/data_handlers.cpp

@@ -38,39 +38,15 @@ void DataHandlers::handle_list_data(const httplib::Request & req, httplib::Respo
 
     entity_id = req.matches[1];
 
-    auto validation_result = ctx_.validate_entity_id(entity_id);
-    if (!validation_result) {
-      HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER, "Invalid entity ID",
-                                 {{"details", validation_result.error()}, {"entity_id", entity_id}});
-      return;
-    }
-
-    // First, verify that the entity actually exists in the cache
-    const auto & cache = ctx_.node()->get_thread_safe_cache();
-
-    // Get expected type from route and look up entity in that specific collection
-    auto expected_type = extract_entity_type_from_path(req.path);
-    auto entity_info = ctx_.get_entity_info(entity_id, expected_type);
-    if (entity_info.type == EntityType::UNKNOWN) {
-      // Check if entity exists in ANY collection (for better error message)
-      auto any_entity = ctx_.get_entity_info(entity_id);
-      if (any_entity.type != EntityType::UNKNOWN) {
-        // Entity exists but wrong type -> 400
-        HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER,
-                                   "Invalid entity type for route: expected " + to_string(expected_type) + ", got " +
-                                       to_string(any_entity.sovd_type()),
-                                   {{"entity_id", entity_id},
-                                    {"expected_type", to_string(expected_type)},
-                                    {"actual_type", to_string(any_entity.sovd_type())}});
-      } else {
-        // Entity doesn't exist at all -> 404
-        HandlerContext::send_error(res, StatusCode::NotFound_404, ERR_ENTITY_NOT_FOUND, "Entity not found",
-                                   {{"entity_id", entity_id}});
-      }
-      return;
+    // Validate entity ID and type for this route
+    auto entity_opt = ctx_.validate_entity_for_route(req, res, entity_id);
+    if (!entity_opt) {
+      return;  // Error response already sent
     }
+    auto entity_info = *entity_opt;
 
     // Use unified cache method to get aggregated data
+    const auto & cache = ctx_.node()->get_thread_safe_cache();
     auto aggregated = cache.get_entity_data(entity_id);
 
     // Get data access manager for type introspection
@@ -145,33 +121,10 @@ void DataHandlers::handle_get_data_item(const httplib::Request & req, httplib::R
     // cpp-httplib automatically decodes percent-encoded characters in URL path
     topic_name = req.matches[2];
 
-    auto validation_result = ctx_.validate_entity_id(entity_id);
-    if (!validation_result) {
-      HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER, "Invalid entity ID",
-                                 {{"details", validation_result.error()}, {"entity_id", entity_id}});
-      return;
-    }
-
-    // Verify entity exists in the correct collection for this route
-    auto expected_type = extract_entity_type_from_path(req.path);
-    auto entity_info = ctx_.get_entity_info(entity_id, expected_type);
-    if (entity_info.type == EntityType::UNKNOWN) {
-      // Check if entity exists in ANY collection (for better error message)
-      auto any_entity = ctx_.get_entity_info(entity_id);
-      if (any_entity.type != EntityType::UNKNOWN) {
-        // Entity exists but wrong type -> 400
-        HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER,
-                                   "Invalid entity type for route: expected " + to_string(expected_type) + ", got " +
-                                       to_string(any_entity.sovd_type()),
-                                   {{"entity_id", entity_id},
-                                    {"expected_type", to_string(expected_type)},
-                                    {"actual_type", to_string(any_entity.sovd_type())}});
-      } else {
-        // Entity doesn't exist at all -> 404
-        HandlerContext::send_error(res, StatusCode::NotFound_404, ERR_ENTITY_NOT_FOUND, "Entity not found",
-                                   {{"entity_id", entity_id}});
-      }
-      return;
+    // Validate entity ID and type for this route
+    auto entity_opt = ctx_.validate_entity_for_route(req, res, entity_id);
+    if (!entity_opt) {
+      return;  // Error response already sent
     }
 
     // Determine the full ROS topic path
@@ -250,11 +203,10 @@ void DataHandlers::handle_put_data_item(const httplib::Request & req, httplib::R
     entity_id = req.matches[1];
     topic_name = req.matches[2];
 
-    auto validation_result = ctx_.validate_entity_id(entity_id);
-    if (!validation_result) {
-      HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER, "Invalid entity ID",
-                                 {{"details", validation_result.error()}, {"entity_id", entity_id}});
-      return;
+    // Validate entity ID and type for this route
+    auto entity_opt = ctx_.validate_entity_for_route(req, res, entity_id);
+    if (!entity_opt) {
+      return;  // Error response already sent
     }
 
     // Parse request body
@@ -297,28 +249,6 @@ void DataHandlers::handle_put_data_item(const httplib::Request & req, httplib::R
       return;
     }
 
-    // Verify entity exists in the correct collection for this route
-    auto expected_type = extract_entity_type_from_path(req.path);
-    auto entity_info = ctx_.get_entity_info(entity_id, expected_type);
-    if (entity_info.type == EntityType::UNKNOWN) {
-      // Check if entity exists in ANY collection (for better error message)
-      auto any_entity = ctx_.get_entity_info(entity_id);
-      if (any_entity.type != EntityType::UNKNOWN) {
-        // Entity exists but wrong type -> 400
-        HandlerContext::send_error(res, StatusCode::BadRequest_400, ERR_INVALID_PARAMETER,
-                                   "Invalid entity type for route: expected " + to_string(expected_type) + ", got " +
-                                       to_string(any_entity.sovd_type()),
-                                   {{"entity_id", entity_id},
-                                    {"expected_type", to_string(expected_type)},
-                                    {"actual_type", to_string(any_entity.sovd_type())}});
-      } else {
-        // Entity doesn't exist at all -> 404
-        HandlerContext::send_error(res, StatusCode::NotFound_404, ERR_ENTITY_NOT_FOUND, "Entity not found",
-                                   {{"entity_id", entity_id}});
-      }
-      return;
-    }
-
     // Build full topic path (mirror GET logic: only prefix '/' when needed)
     std::string full_topic_path = topic_name;
     if (!full_topic_path.empty() && full_topic_path.front() != '/') {