feat: add zod-based validation for webhook and form payloads

2026-02-18 13:15:13 +00:00
parent 81d5e7faf5
commit 6b1f9cddbc
3 changed files with 146 additions and 28 deletions
--- a/src/lib/validation.js
+++ b/src/lib/validation.js
@@ -0,0 +1,49 @@
+"use strict";
+
+const { z } = require("zod");
+
+const usernameRegex = /^[a-zA-Z0-9_-]{2,40}$/;
+
+const XWebhookPayloadSchema = z.object({
+  mentionPostId: z.string().min(1),
+  callerUserId: z.string().min(1),
+  parentPost: z.record(z.string(), z.unknown()).or(z.object({}).passthrough()),
+});
+
+const PolarWebhookPayloadSchema = z.object({
+  userId: z.string().min(1),
+  credits: z.coerce.number().int().positive(),
+  eventId: z.string().min(1),
+});
+
+const LoginFormSchema = z.object({
+  userId: z.string().regex(usernameRegex, "Username must be 2-40 characters using letters, numbers, _ or -"),
+  returnTo: z.string().optional(),
+});
+
+const TopUpFormSchema = z.object({
+  amount: z.coerce.number().int().positive().max(500),
+});
+
+const SimulateMentionFormSchema = z.object({
+  title: z.string().trim().min(1).max(200),
+  body: z.string().trim().min(1).max(120000),
+});
+
+function parseOrThrow(schema, payload, errorMessage) {
+  const result = schema.safeParse(payload);
+  if (!result.success) {
+    const message = errorMessage || result.error.issues[0].message || "validation_failed";
+    throw new Error(message);
+  }
+  return result.data;
+}
+
+module.exports = {
+  XWebhookPayloadSchema,
+  PolarWebhookPayloadSchema,
+  LoginFormSchema,
+  TopUpFormSchema,
+  SimulateMentionFormSchema,
+  parseOrThrow,
+};