jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Zod validation to all API endpoints and remove debug test route

Browse source 
Adds schema-based input validation across helcim, events, members,
series, admin, and updates API endpoints. Removes the peer-support
debug test endpoint. Adds validation test coverage.
This commit is contained in:
Jennie Robinson Faber 2026-03-01 17:04:26 +00:00
parent e4813075b7
commit 025c1a180f
38 changed files with 1132 additions and 309 deletions
Download patch file Download diff file Expand all files Collapse all files

9
server/api/events/[id]/cancel-registration.post.js
View file

@ -6,16 +6,9 @@ import {
export default defineEventHandler(async (event) => {
const id = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, cancelRegistrationSchema);
const { email } = body;
if (!email) {
throw createError({
statusCode: 400,
statusMessage: "Email is required",
});
}
try {
// Check if id is a valid ObjectId or treat as slug
const isObjectId = /^[0-9a-fA-F]{24}$/.test(id);

9
server/api/events/[id]/check-registration.post.js
View file

@ -2,16 +2,9 @@ import Event from "../../../models/event";
export default defineEventHandler(async (event) => {
const id = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, checkRegistrationSchema);
const { email } = body;
if (!email) {
throw createError({
statusCode: 400,
statusMessage: "Email is required",
});
}
try {
// Check if id is a valid ObjectId or treat as slug
const isObjectId = /^[0-9a-fA-F]{24}$/.test(id);

12
server/api/events/[id]/guest-register.post.js
View file

@ -6,8 +6,8 @@ export default defineEventHandler(async (event) => {
try {
await connectDB()
const identifier = getRouterParam(event, 'id')
const body = await readBody(event)
const body = await validateBody(event, guestRegisterSchema)
if (!identifier) {
throw createError({
statusCode: 400,
@ -15,14 +15,6 @@ export default defineEventHandler(async (event) => {
})
}
// Validate required fields for guest registration
if (!body.name || !body.email) {
throw createError({
statusCode: 400,
statusMessage: 'Name and email are required'
})
}
// Fetch the event
let eventData
if (mongoose.Types.ObjectId.isValid(identifier)) {

12
server/api/events/[id]/payment.post.js
View file

@ -8,8 +8,8 @@ export default defineEventHandler(async (event) => {
try {
await connectDB()
const identifier = getRouterParam(event, 'id')
const body = await readBody(event)
const body = await validateBody(event, eventPaymentSchema)
if (!identifier) {
throw createError({
statusCode: 400,
@ -17,14 +17,6 @@ export default defineEventHandler(async (event) => {
})
}
// Validate required payment fields
if (!body.name || !body.email || !body.paymentToken) {
throw createError({
statusCode: 400,
statusMessage: 'Name, email, and payment token are required'
})
}
// Fetch the event
let eventData
if (mongoose.Types.ObjectId.isValid(identifier)) {

9
server/api/events/[id]/tickets/check-eligibility.post.js
View file

@ -9,14 +9,7 @@ import { connectDB } from "../../../../utils/mongoose.js";
export default defineEventHandler(async (event) => {
try {
await connectDB();
const body = await readBody(event);
if (!body.email) {
throw createError({
statusCode: 400,
statusMessage: "Email is required",
});
}
const body = await validateBody(event, ticketEligibilitySchema);
// Check if user is a member
const member = await Member.findOne({

10
server/api/events/[id]/tickets/purchase.post.js
View file

@ -18,7 +18,7 @@ export default defineEventHandler(async (event) => {
try {
await connectDB();
const identifier = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, ticketPurchaseSchema);
if (!identifier) {
throw createError({
@ -27,14 +27,6 @@ export default defineEventHandler(async (event) => {
});
}
// Validate required fields
if (!body.name || !body.email) {
throw createError({
statusCode: 400,
statusMessage: "Name and email are required",
});
}
// Fetch the event
let eventData;
if (mongoose.Types.ObjectId.isValid(identifier)) {

9
server/api/events/[id]/tickets/reserve.post.js
View file

@ -16,7 +16,7 @@ export default defineEventHandler(async (event) => {
try {
await connectDB();
const identifier = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, ticketReserveSchema);
if (!identifier) {
throw createError({
@ -25,13 +25,6 @@ export default defineEventHandler(async (event) => {
});
}
if (!body.email) {
throw createError({
statusCode: 400,
statusMessage: "Email is required",
});
}
// Fetch the event
let eventData;
if (mongoose.Types.ObjectId.isValid(identifier)) {

9
server/api/events/[id]/waitlist.delete.js
View file

@ -2,17 +2,10 @@ import Event from "../../../models/event";
export default defineEventHandler(async (event) => {
const id = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, waitlistDeleteSchema);
const { email } = body;
if (!email) {
throw createError({
statusCode: 400,
statusMessage: "Email is required",
});
}
try {
// Find event by ID or slug
const eventData = await Event.findOne({

9
server/api/events/[id]/waitlist.post.js
View file

@ -3,17 +3,10 @@ import Member from "../../../models/member";
export default defineEventHandler(async (event) => {
const id = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, waitlistSchema);
const { name, email, membershipLevel } = body;
if (!email) {
throw createError({
statusCode: 400,
statusMessage: "Email is required",
});
}
try {
// Find event by ID or slug
const eventData = await Event.findOne({