andrewatwood
commented
3 years ago Great suggestion! Will tee this up.
Open jasonaowen opened 3 years ago
andrewatwood
commented
3 years ago Great suggestion! Will tee this up.
We want developers who use this SDK to have a good experience. In particular, we should have clear errors for problems we can detect as soon as possible: we should validate the parameters coming in from outside this codebase. This includes validating the types that we receive, because while we're writing TypeScript, users can call our SDK from JavaScript, which would not require that types match.
We're using Joi in upload-service, and it seems to meet our needs well there. Let's try using it here!
Note that I don't believe this to be a security issue; this SDK merely makes it easier to make network requests to the Permanent.org API, and does not inherently have any special privilege. Malicious users could make malformed requests directly rather than use the SDK. Parameter validation is more about helping our users use the SDK correctly and surfacing problems more quickly and clearly.
This came out of a discussion on a pull request.