Introduce zod for server-side validations #4397
Conversation
apoorv-mishra
force-pushed
the
refactor/4284/server-side-validatations
branch
5 times, most recently
from
53d0477
to
198d3b8
Compare
I don't think we want this, the validated payload needs to be specific to each endpoint. |
|
I'm not sure if this is already the case but we should make sure that the |
Thought of doing this earlier, but not pursuing it now. Makes sense to keep it to individual routes. |
apoorv-mishra
force-pushed
the
refactor/4284/server-side-validatations
branch
from
be13eba
to
70b47bb
Compare
apoorv-mishra
changed the title
apoorv-mishra
force-pushed
the
refactor/4284/server-side-validatations
branch
from
f0933d9
to
2c11b47
Compare
server/routes/api/types.ts
Outdated
| @@ -0,0 +1,284 @@ | |||
| import { isEmpty } from "lodash"; | |||
There was a problem hiding this comment.
Lets move this file into @shared, we can then use it to ensure that requests from the frontend are also valid at some point.
There was a problem hiding this comment.
There are two things - types and schemas. I assume you're referring to move only types? Not sure if it's required to move schemas into @shared.
There was a problem hiding this comment.
I did mean both but it would just be to keep them colocated in that case, as you say I doubt schema would be needed on frontend
There was a problem hiding this comment.
If we decide to restructure /api as follows, for example,
/api
\--/attachments
\--index.ts
\--attachments.ts
\--attachments.test.ts
\--schema.ts
and if we also decide to share the types with frontend, it'd entail separating schemas and their types.
I say we keep them colocated under schema.ts and think about the frontend sharing part later. It's probably overengineering at this point. Thoughts @tommoor ?
There was a problem hiding this comment.
Okay, works for me 👍 - one improvement at a time
server/routes/api/types.ts
Outdated
| sort: z | ||
| .string() | ||
| .refine((val) => | ||
| [...Object.keys(Document.rawAttributes), "index"].includes(val) |
There was a problem hiding this comment.
Moving to @shared will mean removing the import of Document but that's okay, we should probably be more selective over which attributes can be used for sorting here anyway. Lets start with createdAt, updatedAt, and index
server/routes/api/documents.ts
Outdated
| DocumentsImportReq, | ||
| DocumentsCreateReqSchema, | ||
| DocumentsCreateReq, | ||
| } from "@server/routes/api/types"; |
There was a problem hiding this comment.
I think this is a case where it's better to just do something like...
import * as T from "@server/routes/api/types";
T.DocumentsListSchema
Maybe we can lose Req as they all have it?
There was a problem hiding this comment.
Maybe we can lose Req as they all have it?
Didn't quite get. You mean rename, for example DocumentsCreateReqSchema -> DocumentsCreateSchema but keep DocumentsCreateReq unchanged?
There was a problem hiding this comment.
I have Req there purposely to distinguish with Res, in case we have that in future, something like
APIContext<DocumentsCreateReq, DocumentsCreateRes>There was a problem hiding this comment.
rename, for example
DocumentsCreateReqSchema->DocumentsCreateSchemabut keep DocumentsCreateReq unchanged?
Sorry, to be clear – this sounds good.
Socket Security Pull Request Report👍 No new dependency issues detected in pull request Pull request report summary
Bot CommandsTo ignore an alert, reply with a comment starting with Powered by socket.dev |
apoorv-mishra
force-pushed
the
refactor/4284/server-side-validatations
branch
from
c5fde92
to
b82c22d
Compare
|
@SocketSecurity ignore koa-webpack-hot-middleware@1.0.3 wtf? |
|
Okay, I'm thankful for the extensive tests in |
apoorv-mishra
force-pushed
the
refactor/4284/server-side-validatations
branch
from
7e27e60
to
9c9ff87
Compare
…outline/outline into refactor/4284/server-side-validatations
Simplify import
| it("should return published document for urlId", async () => { | ||
| const { user, document } = await seed(); | ||
| const res = await server.post("/api/documents.info", { | ||
| body: { | ||
| token: user.getJwtToken(), | ||
| id: document.urlId, | ||
| }, | ||
| }); | ||
| const body = await res.json(); | ||
| expect(res.status).toEqual(200); | ||
| expect(body.data.id).toEqual(document.id); | ||
| }); | ||
|
|
There was a problem hiding this comment.
Missed this! Thanks for adding 🙏
delete-merged-branch
bot
deleted the
refactor/4284/server-side-validatations
branch
Todo
DocumentSchemain favor of separateinputschemas for each of the routesdocuments.listdocuments.archiveddocuments.deleteddocuments.vieweddocuments.draftsdocuments.infodocuments.exportdocuments.restoredocuments.search_titlesdocuments.searchdocuments.templatizedocuments.updatedocuments.movedocuments.archivedocuments.deletedocuments.unpublishdocuments.importdocuments.createinputinputctxin route handlers to accommodateinputctx.request.bodyrefs withctx.inputin all of the route handlers/apito accommodate document schemaTowards #4284