Skip to content

feat(access-api): validate wallet, community, and resource inputs with zod#30

Open
Dwifax wants to merge 1 commit into
Adamantine-guild:mainfrom
Dwifax:feature/issue-1-request-validation
Open

feat(access-api): validate wallet, community, and resource inputs with zod#30
Dwifax wants to merge 1 commit into
Adamantine-guild:mainfrom
Dwifax:feature/issue-1-request-validation

Conversation

@Dwifax

@Dwifax Dwifax commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Summary

Closes #1

Adds structured request validation across the four access-api routes so malformed inputs return a clear 400 with field-level errors before reaching the service layer.

Changes

  • src/validators.ts — new module with zod schemas for Stellar wallet address, communityId param, role query, and the access-check request body, plus three parse helpers (parseParams, parseQuery, parseBody) that wrap Fastify's request and return a structured 400 on failure
  • src/routes.ts — wire parse helpers into all four routes; each handler now resolves the parsed value before calling the service so a bad input short-circuits the request
  • package.json — move zod from devDependencies to dependencies (it's now a runtime dep, not a type-only one)
  • jest.config.js + test/validators.test.ts + test/parse.test.ts — 21 jest cases covering schema acceptance/rejection, edge cases (0x prefix variations, role enum, multi-field body), and the parse helper response shape

Test coverage (21 cases)

  • Stellar wallet (5): accept canonical, accept uppercase, reject missing G, reject too-short, reject non-base32
  • communityId (2): accept, reject empty
  • role (3): accept member/contributor/admin, reject unknown, reject empty
  • access-check body (4): accept minimal, accept full, reject missing required, reject unknown role
  • parseParams (2): returns parsed value, returns 400-shaped error
  • parseQuery (2): returns parsed value, returns 400-shaped error
  • parseBody (3): returns parsed value, returns 400-shaped error, surfaces multiple field errors

Verification

$ ./node_modules/.bin/jest
Test Suites: 2 passed, 2 total
Tests:       21 passed, 21 total
Time:        2.44 s

Notes

  • Pure additive change to route surface — service layer untouched
  • Field-level error array (path + message) included on 400 responses, format-compatible with Fastify's default error shape
  • Required running pnpm --filter @guildpass/shared-types build once for type resolution (already done in fork)

Checklist

feat(access-api): validate wallet/community/resource inputs with zod
7e4e096 
- Add zod schemas for Stellar wallet, communityId, role query, and access-check body
- Wire parseParams/parseQuery/parseBody helpers into all four routes so malformed
  inputs return a structured 400 with field-level errors before reaching the service
- Add jest config and unit tests for schemas and parse helpers (21 tests)
- Drop zod into runtime dependencies (was only a type-only devDep)
@Lakes41

Lakes41 commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Do resolve conflicts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add request validation for wallet, community, and resource inputs

2 participants

@Dwifax @Lakes41