Introduce centralized zod request validation middleware with a consistent error envelope#486
Merged
Conversation
- Implemented ETag generation for trust score responses using SHA-256. - Added If-None-Match support to the GET /api/trust/:address route to enable 304 Not Modified responses. - Integrated Cache-Control headers. - Added unit tests to verify ETag generation, conditional request handling, and invalidation upon score changes.
- Add reportJobParamsSchema and apply validate() to GET /api/reports/:jobId, replacing ad-hoc jobId null-check with uniform 400 envelope - Export reportJobParamsSchema + ReportJobParams from schemas barrel - Add two missing test cases to hit uncovered branches in formatZodErrors (stellar+address custom message) and query write-back path - Coverage: 93% -> 97.67% branches, 96.49% -> 98.24% statements (middleware)
Contributor
|
centralizing request validation behind one zod middleware with a consistent error envelope is exactly the chokepoint we wanted - removes a whole class of ad-hoc validation drift. merging 👍 |
Closed
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closes #474
Overview
This PR introduces a standardized, type-safe validation layer using Zod across the Express routing framework. Previously, route-level input validation was handled in an ad-hoc manner, leading to inconsistent error shapes, unchecked type assumptions inside handlers, and edge-case security risks (e.g., type-confusion, payload injection).
By implementing a unified
validate()chokepoint middleware, we guarantee that all incoming payloads, query variables, and path parameters match strict schemas before any downstream handler business logic executes.What's Changed
src/middleware/validate.ts): Built an Express validation middleware accepting Zod schemas forbody,query, andparams. It intercepts invalid inputs early, formatting field-level validation errors into a stable, system-wide 400 response envelope.reqpipeline to eliminate implicitanypatterns.GET /api/reports/:jobIdschema framework and dependencies (reportJobParamsSchema,ReportJobParams) out of isolated blocks and integrated them through a unified schema barrel export system.error_codestructure, converting Zod nested validation issues using an internal custom formatting layer (formatZodErrors).Test Coverage & Verification
jobId).stellarandaddressstructural format rules).Checklist
body,query, andparamsschemas dynamicallydocs/request-validation.mdarchitecture guide added/updatednpm run lintandnpm run buildlocally