Add zod validation to all API/websocket endpoints

[hkirat]

Right now very easy to send in wrong data. For eg - https://github.com/coral-xyz/backpack/blob/master/backend/native/backpack-api/src/routes/v1/friends.ts#L40 should be validated to be a uuid

[wentokay]

it might be worth looking into trpc for this https://trpc.io/docs/procedures#with-zod

[Xavek]

@hkirat I am willing to tackle this. Since you have mentioned to validate all endpoints, I am thinking of writing a middleware that would handle input/req data validation as per the baseUrl and reqPath(req.body fields mostly vary from path to path). So you could assign me if others aren't working on it

[hkirat]

Hi @gautam2002 , that’s great What’s required here is using Zod to verify input parameters A middleware sounds good but it would need to be different for every endpoint since all endpoints have different input Params Let me know if you have any questions

[Xavek]

Thanks for the concern @hkirat. I think I can leverage the req.Path provided by express js to identify and load the required zod schema based upon the endpoint and validate against either req object without mutating or extracting what input params are required to validate. Here's how: For instance, when req is made to this: /user/add middleware would extract the basepath (user) and reqPath(add) and based on these it would switch the logic of loading schema and data validation. However, this model couldn't be feasible if a new endpoint needed to be added, the dev had to make new adjustments at many places. Therefore (priority) I would try to further improve this middleware model else would write a validator function that takes schema and req object and next(to forward to err). word of suggestion would be appreciated

[hkirat]

Sounds good @gautam2002 , looking forward to seeing your implementation

[Xavek]

@hkirat drafted a pull request #2633