API Developmentintermediate
Add request validation middleware (Zod, Joi)
Request Validator
Add request validation middleware (Zod, Joi)
Add request validation middleware using Zod.
Instructions
- Install Zod:
npm install zod
- Define schemas per endpoint:
import { z } from 'zod';
export const createUserSchema = z.object({
name: z.string().min(1).max(100),
email: z.string().email(),
password: z.string().min(8).regex(/[A-Z]/, 'Must contain uppercase').regex(/[0-9]/, 'Must contain number'),
role: z.enum(['admin', 'user']).default('user'),
});
export const updateUserSchema = createUserSchema.partial().omit({ password: true });
export const querySchema = z.object({
page: z.coerce.number().int().positive().default(1),
limit: z.coerce.number().int().min(1).max(100).default(20),
search: z.string().optional(),
sort: z.enum(['name', 'createdAt', '-name', '-createdAt']).default('-createdAt'),
});
- Validate in route handler:
export async function POST(req: Request) {
const body = await req.json();
const result = createUserSchema.safeParse(body);
if (!result.success) {
return Response.json({
error: { code: 'VALIDATION_ERROR', details: result.error.flatten() }
}, { status: 400 });
}
// result.data is typed and validated
}
Rules
- Validate ALL user input at the API boundary
- Use
.transform()for sanitization (trim, lowercase email) - Reuse schemas for documentation generation (zod-to-openapi)