[WIP] Add validation to prevent zero or negative amounts and rates

[Copilot]

• Analyze current code structure and test infrastructure
• Add validation for amount > 0 in InitiatePaymentOrder
• Add validation for rate > 0 in InitiatePaymentOrder
• Add test case: should reject zero amount
• Add test case: should reject negative amount
• Add test case: should reject zero rate
• Add test case: should reject negative rate
• Run all tests to ensure no breaking changes
• Request code review
• Run security scanning with CodeQL

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Add validation to prevent zero or negative amounts and rates</issue_title>
<issue_description>## Problem
The InitiatePaymentOrder endpoint in controllers/sender/sender.go currently accepts zero or negative values for both amount and rate fields. While the smart contract uses uint256 (which inherently prevents negative values), the API should fail fast and provide clear error messages before expensive operations like blockchain interactions occur.

Current Behavior

• The API only validates that amount and rate are "required" (not empty)
• Zero values (amount: "0", rate: "0") are accepted
• Negative values (amount: "-100", rate: "-750") are accepted
• These invalid requests proceed through the entire flow until they fail at the smart contract level

Expected Behavior

• Reject requests with amount <= 0 immediately after payload binding
• Reject requests with rate <= 0 immediately after payload binding
• Return HTTP 400 Bad Request with descriptive error messages
• Prevent wasted processing, database operations, and gas costs

Implementation Requirements

1. In controllers/sender/sender.go (InitiatePaymentOrder function):

• After binding the payload, add validation checks
• Check if payload.Amount.LessThanOrEqual(decimal.Zero)
• Check if payload.Rate.LessThanOrEqual(decimal.Zero)
• Return appropriate error responses using u.APIResponse() with:
  • Status: http.StatusBadRequest
  • Message: "Failed to validate payload"
  • Error data with Field and Message details

2. In controllers/sender/sender_test.go (TestSender suite):

• Add test case: "should reject zero amount"
• Add test case: "should reject negative amount"
• Add test case: "should reject zero rate"
• Add test case: "should reject negative rate"
• Each test should verify HTTP 400 response
• Each test should verify error message contains "Failed to validate payload"
• Ensure existing tests continue to pass

Testing

• All 4 new validation tests must pass
• All existing tests (33+) must continue passing
• Run: go test ./controllers/sender -v

Acceptance Criteria

• Amount must be greater than zero
• Rate must be greater than zero
• Clear error messages returned for each validation failure
• Comprehensive test coverage for all edge cases
• No breaking changes to existing functionality
  </issue_description>

<agent_instructions>Create a new branch that will reflect the fix to this issue, and let pr be raised againstthe main branch</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes Add validation to prevent zero or negative amounts and rates #581

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}