New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce zod for server-side validations #4397
Conversation
53d0477
to
198d3b8
Compare
I don't think we want this, the validated payload needs to be specific to each endpoint. |
I'm not sure if this is already the case but we should make sure that the |
Thought of doing this earlier, but not pursuing it now. Makes sense to keep it to individual routes. |
be13eba
to
70b47bb
Compare
f0933d9
to
2c11b47
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is great work 🙏
server/routes/api/types.ts
Outdated
@@ -0,0 +1,284 @@ | |||
import { isEmpty } from "lodash"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets move this file into @shared
, we can then use it to ensure that requests from the frontend are also valid at some point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are two things - types and schemas. I assume you're referring to move only types
? Not sure if it's required to move schemas into @shared
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did mean both but it would just be to keep them colocated in that case, as you say I doubt schema would be needed on frontend
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we decide to restructure /api
as follows, for example,
/api
\--/attachments
\--index.ts
\--attachments.ts
\--attachments.test.ts
\--schema.ts
and if we also decide to share the types with frontend, it'd entail separating schemas and their types.
I say we keep them colocated under schema.ts
and think about the frontend sharing part later. It's probably overengineering at this point. Thoughts @tommoor ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, works for me 👍 - one improvement at a time
server/routes/api/types.ts
Outdated
sort: z | ||
.string() | ||
.refine((val) => | ||
[...Object.keys(Document.rawAttributes), "index"].includes(val) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moving to @shared
will mean removing the import of Document
but that's okay, we should probably be more selective over which attributes can be used for sorting here anyway. Lets start with createdAt
, updatedAt
, and index
server/routes/api/documents.ts
Outdated
DocumentsImportReq, | ||
DocumentsCreateReqSchema, | ||
DocumentsCreateReq, | ||
} from "@server/routes/api/types"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is a case where it's better to just do something like...
import * as T from "@server/routes/api/types";
T.DocumentsListSchema
Maybe we can lose Req
as they all have it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we can lose Req as they all have it?
Didn't quite get. You mean rename, for example DocumentsCreateReqSchema
-> DocumentsCreateSchema
but keep DocumentsCreateReq
unchanged?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have Req
there purposely to distinguish with Res
, in case we have that in future, something like
APIContext<DocumentsCreateReq, DocumentsCreateRes>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rename, for example
DocumentsCreateReqSchema
->DocumentsCreateSchema
but keep DocumentsCreateReq unchanged?
Sorry, to be clear – this sounds good.
Socket Security Pull Request Report👍 No new dependency issues detected in pull request Pull request report summary
Bot CommandsTo ignore an alert, reply with a comment starting with Powered by socket.dev |
c5fde92
to
b82c22d
Compare
@SocketSecurity ignore koa-webpack-hot-middleware@1.0.3 wtf? |
Okay, I'm thankful for the extensive tests in |
7e27e60
to
9c9ff87
Compare
…outline/outline into refactor/4284/server-side-validatations
Simplify import
it("should return published document for urlId", async () => { | ||
const { user, document } = await seed(); | ||
const res = await server.post("/api/documents.info", { | ||
body: { | ||
token: user.getJwtToken(), | ||
id: document.urlId, | ||
}, | ||
}); | ||
const body = await res.json(); | ||
expect(res.status).toEqual(200); | ||
expect(body.data.id).toEqual(document.id); | ||
}); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missed this! Thanks for adding 🙏
Todo
DocumentSchema
in favor of separateinput
schemas for each of the routesdocuments.list
documents.archived
documents.deleted
documents.viewed
documents.drafts
documents.info
documents.export
documents.restore
documents.search_titles
documents.search
documents.templatize
documents.update
documents.move
documents.archive
documents.delete
documents.unpublish
documents.import
documents.create
input
input
ctx
in route handlers to accommodateinput
ctx.request.body
refs withctx.input
in all of the route handlers/api
to accommodate document schemaTowards #4284