feat: server side validation implemented

ADARSHsri2004 · ADARSHsri2004 · commit 35142984e9a1 · 2025-11-07T01:23:41.000+05:30
diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/package.json b/backend/package.json
@@ -22,7 +22,8 @@
     "morgan": "^1.10.0",
     "nodemailer": "^7.0.9",
     "nodemon": "^3.1.10",
-    "uuid": "^13.0.0"
+    "uuid": "^13.0.0",
+    "zod": "^4.1.12"
   },
   "devDependencies": {
     "@types/bcryptjs": "^2.4.6",
diff --git a/backend/src/app.ts b/backend/src/app.ts
@@ -36,7 +36,6 @@ app.use('/api/health', healthRoutes);
 app.use("/api/products", productRoutes);
 app.use("/api/users", userRoutes);
 app.use("/api/cart", cartRoutes);
-app.use("/api/users", userRoutes);
 
 // MongoDB connect (optional)
 const mongoUri = process.env.MONGO_URI;
diff --git a/backend/src/middleware/auth.middleware.ts b/backend/src/middleware/auth.middleware.ts
diff --git a/backend/src/middleware/validateRequest.ts b/backend/src/middleware/validateRequest.ts
@@ -0,0 +1,24 @@
+// src/middleware/validateRequest.ts
+import { ZodObject } from "zod";
+import { Request, Response, NextFunction } from "express";
+
+const validateRequest =
+    (schema: ZodObject) =>
+        (req: Request, res: Response, next: NextFunction) => {
+            try {
+                schema.parse({
+                    body: req.body,
+                    query: req.query,
+                    params: req.params,
+                });
+                next();
+            } catch (err) {
+                return res.status(400).json({
+                    message: "Validation failed",
+                    err
+                    // errors: err.errors.map((e: any) => e.message),
+                });
+            }
+        };
+
+export default validateRequest;
diff --git a/backend/src/routes/cartRoutes.ts b/backend/src/routes/cartRoutes.ts
@@ -6,15 +6,23 @@ import {
   getCart,
   checkout,
 } from "../controllers/cart.controller";
-import { authenticate } from "../middleware/authMiddleware";
+import { protect } from "../middleware/authMiddleware";
+import validateRequest from "../middleware/validateRequest";
+import {
+  addItemSchema,
+  removeItemSchema,
+  updateQuantitySchema,
+  getCartSchema,
+  checkoutSchema,
+} from "../validations/cartValidation";
 
 const router: Router = express.Router();
 
 //Protected routes
-router.post("/", authenticate, addItem);
-router.patch("/:itemId", authenticate, updateQuantity);
-router.delete("/:itemId", authenticate, removeItem);
-router.get("/", authenticate, getCart);
-router.post("/checkout", authenticate, checkout);
+router.post("/add", protect, validateRequest(addItemSchema), addItem);
+router.patch("/:itemId", protect, validateRequest(updateQuantitySchema), updateQuantity);
+router.delete("/:itemId", protect, removeItem);
+router.get("/", protect, getCart);
+router.post("/checkout", protect, validateRequest(checkoutSchema), checkout);
 
 export default router;
diff --git a/backend/src/routes/product.routes.ts b/backend/src/routes/product.routes.ts
@@ -7,16 +7,22 @@ import {
     deleteProduct,
 } from "../controllers/product.controller";
 
+import {
+    createProductSchema,
+    updateProductSchema,
+    getProductByIdSchema,
+    deleteProductSchema,
+    getProductsSchema,
+} from "../validations/product.validation";
+import validateRequest from "../middleware/validateRequest";
 const router = Router();
 
-// router.post("/", verifyAuth, createProduct);
-router.post("/", createProduct);
-router.get("/", getProducts);
-router.get("/:id", getProductById);
-// router.put("/:id", verifyAuth, updateProduct);
-router.put("/:id", updateProduct);
-// router.delete("/:id", verifyAuth, deleteProduct);
-router.delete("/:id", deleteProduct);
+
+router.post("/", validateRequest(createProductSchema), createProduct);
+router.get("/", validateRequest(getProductsSchema), getProducts);
+router.get("/:id", validateRequest(getProductByIdSchema), getProductById);
+router.put("/:id", validateRequest(updateProductSchema), updateProduct);
+router.delete("/:id", validateRequest(deleteProductSchema), deleteProduct);
 
 export default router;
 
diff --git a/backend/src/routes/user.routes.ts b/backend/src/routes/user.routes.ts
@@ -2,12 +2,17 @@
 import express from "express";
 import { register, verifyEmail, login, getMe } from "../controllers/auth.controller";
 import { protect } from "../middleware/authMiddleware";
-
+import validateRequest from "../middleware/validateRequest";
+import {
+    registerSchema,
+    loginSchema,
+    verifyEmailSchema,
+} from "../validations/userValidation";
 const router = express.Router();
 
-router.post("/register", register);
-router.get("/verify/:token", verifyEmail);
-router.post("/login", login);
+router.post("/register", validateRequest(registerSchema), register);
+router.get("/verify/:token", validateRequest(verifyEmailSchema), verifyEmail);
+router.post("/login", validateRequest(loginSchema), login);
 router.get("/me", protect, getMe);
 
 export default router;
diff --git a/backend/src/validations/cartValidation.ts b/backend/src/validations/cartValidation.ts
@@ -0,0 +1,29 @@
+import { z } from "zod";
+
+export const addItemSchema = z.object({
+    body: z.object({
+        productId: z.string().min(1, "Product ID is required"),
+        name: z.string().min(2, "Product name is required"),
+        price: z.number().positive("Price must be positive"),
+        quantity: z.number().int().positive("Quantity must be a positive integer"),
+    }),
+});
+
+export const removeItemSchema = z.object({
+    params: z.object({
+        itemId: z.string().min(1, "Item ID is required"),
+    }),
+});
+
+export const updateQuantitySchema = z.object({
+    params: z.object({
+        itemId: z.string().min(1, "Item ID is required"),
+    }),
+    body: z.object({
+        quantity: z.number().int().positive("Quantity must be a positive integer"),
+    }),
+});
+
+export const getCartSchema = z.object({});
+
+export const checkoutSchema = z.object({});
diff --git a/backend/src/validations/product.validation.ts b/backend/src/validations/product.validation.ts
@@ -0,0 +1,47 @@
+// src/validations/product.validation.ts
+import { z } from "zod";
+
+export const createProductSchema = z.object({
+    body: z.object({
+        name: z.string().min(1, "Name is required"),
+        description: z.string().min(1, "Description is required"),
+        price: z.number().positive(),
+        category: z.string().optional(),
+        stock: z.number().optional(),
+    }),
+});
+
+export const updateProductSchema = z.object({
+    params: z.object({
+        id: z.string(),
+    }),
+    body: z.object({
+        name: z.string().optional(),
+        description: z.string().optional(),
+        price: z.number().optional(),
+        category: z.string().optional(),
+        stock: z.number().optional(),
+    }),
+});
+
+export const getProductByIdSchema = z.object({
+    params: z.object({
+        id: z.string(),
+    }),
+});
+
+export const deleteProductSchema = z.object({
+    params: z.object({
+        id: z.string(),
+    }),
+});
+
+export const getProductsSchema = z.object({
+    query: z.object({
+        search: z.string().optional(),
+        category: z.string().optional(),
+        minPrice: z.string().optional(),
+        maxPrice: z.string().optional(),
+        sort: z.enum(["asc", "desc", "lowToHigh", "highToLow"]).optional(),
+    }),
+});
diff --git a/backend/src/validations/userValidation.ts b/backend/src/validations/userValidation.ts
@@ -0,0 +1,32 @@
+// src/validation/userValidation.ts
+import { z } from "zod";
+
+export const registerSchema = z.object({
+    body: z.object({
+        name: z
+            .string()
+            .min(2, "Name must be at least 2 characters long")
+            .max(50, "Name too long"),
+        email: z
+            .string()
+            .email("Invalid email address")
+            .regex(/\.edu$/, "Email must be a college email (.edu)"),
+        password: z
+            .string()
+            .min(6, "Password must be at least 6 characters long")
+            .max(100, "Password too long"),
+    }),
+});
+
+export const loginSchema = z.object({
+    body: z.object({
+        email: z.string().email("Invalid email"),
+        password: z.string().min(6, "Password must be at least 6 characters long"),
+    }),
+});
+
+export const verifyEmailSchema = z.object({
+    params: z.object({
+        token: z.string().min(10, "Invalid verification token"),
+    }),
+});
diff --git a/frontend/tsconfig.app.json b/frontend/tsconfig.app.json
@@ -1,31 +1,40 @@
 {
   "compilerOptions": {
+    "ignoreDeprecations": "6.0",
     "target": "ES2020",
     "useDefineForClassFields": true,
-    "lib": ["ES2020", "DOM", "DOM.Iterable"],
+    "lib": [
+      "ES2020",
+      "DOM",
+      "DOM.Iterable"
+    ],
     "module": "ESNext",
     "skipLibCheck": true,
-    "types": ["vitest", "node"],
-
+    "types": [
+      "vitest",
+      "node"
+    ],
     /* Bundler mode */
     "moduleResolution": "bundler",
     "allowImportingTsExtensions": true,
     "isolatedModules": true,
     "moduleDetection": "force",
     "noEmit": true,
     "jsx": "react-jsx",
-
     /* Linting */
     "strict": false,
     "noUnusedLocals": false,
     "noUnusedParameters": false,
     "noImplicitAny": false,
     "noFallthroughCasesInSwitch": false,
-
     "baseUrl": ".",
     "paths": {
-      "@/*": ["./src/*"]
+      "@/*": [
+        "./src/*"
+      ]
     }
   },
-  "include": ["src"]
-}
+  "include": [
+    "src"
+  ]
+}
