feat: add Zod schemas to all API endpoints (#1727)

SnailyCAD · Jul 7, 2023 · cb518a9 · cb518a9
1 parent a29c6f3
commit cb518a9
Show file tree

Hide file tree

Showing 58 changed files with 250 additions and 129 deletions.
diff --git a/apps/api/package.json b/apps/api/package.json
@@ -39,6 +39,7 @@
     "vitest": "^0.32.2"
   },
   "dependencies": {
+    "@anatine/zod-openapi": "^2.0.1",
     "@discordjs/rest": "^1.7.1",
     "@paralleldrive/cuid2": "^2.2.1",
     "@prisma/client": "^4.16.1",
@@ -79,6 +80,7 @@
     "sharp": "^0.32.1",
     "socket.io": "^4.7.0",
     "undici": "^5.22.1",
-    "use-intl": "^2.15.1"
+    "use-intl": "^2.15.1",
+    "zod": "^3.21.4"
   }
 }
diff --git a/apps/api/src/controllers/admin/import/import-citizens-controller.ts b/apps/api/src/controllers/admin/import/import-citizens-controller.ts
@@ -21,6 +21,7 @@ import { manyToManyHelper } from "lib/data/many-to-many";
 import type * as APITypes from "@snailycad/types/api";
 import { Permissions, UsePermissions } from "middlewares/use-permissions";
 import { citizenInclude } from "controllers/citizen/CitizenController";
+import { ZodSchema } from "~/lib/zod-schema";
 
 @Controller("/admin/import/citizens")
 @UseBeforeEach(IsAuth)
@@ -44,7 +45,7 @@ export class ImportCitizensController {
     permissions: [Permissions.ImportCitizens, Permissions.ManageCitizens],
   })
   async importCitizensViaBodyData(
-    @BodyParams() body: any,
+    @BodyParams() @ZodSchema(IMPORT_CITIZENS_ARR) body: unknown,
   ): Promise<APITypes.PostImportCitizensData> {
     return this.importCitizensHandler(body);
   }

diff --git a/apps/api/src/controllers/admin/import/import-vehicles-controller.ts b/apps/api/src/controllers/admin/import/import-vehicles-controller.ts
@@ -19,6 +19,7 @@ import type { Prisma, VehicleInspectionStatus, VehicleTaxStatus } from "@prisma/
 import { getLastOfArray, manyToManyHelper } from "lib/data/many-to-many";
 import type * as APITypes from "@snailycad/types/api";
 import { Permissions, UsePermissions } from "middlewares/use-permissions";
+import { ZodSchema } from "~/lib/zod-schema";
 
 const vehiclesInclude = { ...citizenInclude.vehicles.include, citizen: true };
 
@@ -116,7 +117,9 @@ export class ImportVehiclesController {
   @UsePermissions({
     permissions: [Permissions.ImportRegisteredVehicles],
   })
-  async importVehicles(@BodyParams() body: any): Promise<APITypes.PostImportVehiclesData> {
+  async importVehicles(
+    @BodyParams() @ZodSchema(VEHICLE_SCHEMA_ARR) body: unknown,
+  ): Promise<APITypes.PostImportVehiclesData> {
     return importVehiclesHandler(body);
   }
 
@@ -144,7 +147,7 @@ export class ImportVehiclesController {
   }
 }
 
-export async function importVehiclesHandler(body: unknown[]) {
+export async function importVehiclesHandler(body: unknown) {
   const data = validateSchema(VEHICLE_SCHEMA_ARR, body);
 
   return Promise.all(

diff --git a/apps/api/src/controllers/admin/import/import-weapons-controller.ts b/apps/api/src/controllers/admin/import/import-weapons-controller.ts
@@ -18,6 +18,7 @@ import { citizenInclude } from "controllers/citizen/CitizenController";
 import type { Prisma } from "@prisma/client";
 import type * as APITypes from "@snailycad/types/api";
 import { Permissions, UsePermissions } from "middlewares/use-permissions";
+import { ZodSchema } from "~/lib/zod-schema";
 
 const weaponsInclude = { ...citizenInclude.weapons.include, citizen: true };
 
@@ -62,7 +63,9 @@ export class ImportWeaponsController {
   @UsePermissions({
     permissions: [Permissions.ImportRegisteredWeapons],
   })
-  async importWeaponsViaBodyData(@BodyParams() body: any): Promise<APITypes.PostImportWeaponsData> {
+  async importWeaponsViaBodyData(
+    @BodyParams() @ZodSchema(WEAPON_SCHEMA_ARR) body: unknown,
+  ): Promise<APITypes.PostImportWeaponsData> {
     return importWeaponsHandler(body);
   }
 
@@ -114,7 +117,7 @@ export class ImportWeaponsController {
   }
 }
 
-export async function importWeaponsHandler(body: unknown[]) {
+export async function importWeaponsHandler(body: unknown) {
   const data = validateSchema(WEAPON_SCHEMA_ARR, body);
 
   return prisma.$transaction(

diff --git a/apps/api/src/controllers/admin/manage/cad-settings/CadSettings.ts b/apps/api/src/controllers/admin/manage/cad-settings/CadSettings.ts
@@ -28,6 +28,7 @@ import {
 import type { MiscCadSettings } from "@snailycad/types";
 import { createFeaturesObject } from "middlewares/is-enabled";
 import { hasPermission } from "@snailycad/permissions";
+import { ZodSchema } from "~/lib/zod-schema";
 
 @Controller("/admin/manage/cad-settings")
 @ContentType("application/json")
@@ -120,7 +121,7 @@ export class CADSettingsController {
   async updateCadSettings(
     @Context("sessionUserId") sessionUserId: string,
     @Context("cad") cad: cad,
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(CAD_SETTINGS_SCHEMA) body: unknown,
   ): Promise<APITypes.PutCADSettingsData> {
     const data = validateSchema(CAD_SETTINGS_SCHEMA, body);
 
@@ -171,7 +172,7 @@ export class CADSettingsController {
   async updateCadFeatures(
     @Context("cad") cad: cad & { features?: Record<Feature, boolean> },
     @Context("sessionUserId") sessionUserId: string,
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(DISABLED_FEATURES_SCHEMA) body: unknown,
   ): Promise<APITypes.PutCADFeaturesData> {
     const data = validateSchema(DISABLED_FEATURES_SCHEMA, body);
 
@@ -219,7 +220,7 @@ export class CADSettingsController {
   async updateMiscSettings(
     @Context("sessionUserId") sessionUserId: string,
     @Context("cad") cad: cad & { miscCadSettings: MiscCadSettings },
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(CAD_MISC_SETTINGS_SCHEMA) body: unknown,
   ): Promise<APITypes.PutCADMiscSettingsData> {
     const data = validateSchema(CAD_MISC_SETTINGS_SCHEMA, body);
 
@@ -289,7 +290,7 @@ export class CADSettingsController {
   })
   async updateDefaultPermissions(
     @Context("cad") cad: cad,
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(UPDATE_DEFAULT_PERMISSIONS_SCHEMA) body: unknown,
     @Context("sessionUserId") sessionUserId: string,
   ): Promise<APITypes.PutCADDefaultPermissionsData> {
     const data = validateSchema(UPDATE_DEFAULT_PERMISSIONS_SCHEMA, body);
@@ -339,7 +340,7 @@ export class CADSettingsController {
   })
   async updateApiToken(
     @Context("cad") cad: cad,
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(API_TOKEN_SCHEMA) body: unknown,
     @Context("sessionUserId") sessionUserId: string,
   ): Promise<APITypes.PutCADApiTokenData> {
     const data = validateSchema(API_TOKEN_SCHEMA, body);

diff --git a/apps/api/src/controllers/admin/manage/cad-settings/discord/DiscordSettingsController.ts b/apps/api/src/controllers/admin/manage/cad-settings/discord/DiscordSettingsController.ts
@@ -15,6 +15,7 @@ import { UsePermissions } from "middlewares/use-permissions";
 import { performDiscordRequest } from "lib/discord/performDiscordRequest";
 import { AuditLogActionType, createAuditLogEntry } from "@snailycad/audit-logger/server";
 import { parseDiscordGuildIds } from "lib/discord/utils";
+import { ZodSchema } from "~/lib/zod-schema";
 
 const guildId = process.env.DISCORD_SERVER_ID;
 
@@ -97,7 +98,7 @@ export class DiscordSettingsController {
   })
   async setRoleTypes(
     @Context("cad") cad: cad,
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(DISCORD_SETTINGS_SCHEMA) body: unknown,
     @Context("sessionUserId") sessionUserId: string,
   ): Promise<APITypes.PostCADDiscordRolesData> {
     if (!guildId) {

diff --git a/apps/api/src/controllers/admin/manage/cad-settings/discord/DiscordWebhooksController.ts b/apps/api/src/controllers/admin/manage/cad-settings/discord/DiscordWebhooksController.ts
@@ -22,6 +22,7 @@ import { performDiscordRequest } from "lib/discord/performDiscordRequest";
 import { AuditLogActionType } from "@snailycad/audit-logger";
 import { createAuditLogEntry } from "@snailycad/audit-logger/server";
 import { parseDiscordGuildIds } from "lib/discord/utils";
+import { ZodSchema } from "~/lib/zod-schema";
 
 const guildId = process.env.DISCORD_SERVER_ID;
 
@@ -98,7 +99,7 @@ export class DiscordWebhooksController {
   async setWebhookTypes(
     @Context("cad")
     cad: cad & { miscCadSettings: (MiscCadSettings & { webhooks?: DiscordWebhook[] }) | null },
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(DISCORD_WEBHOOKS_SCHEMA) body: unknown,
     @Context("sessionUserId") sessionUserId: string,
   ): Promise<APITypes.PostCADDiscordWebhooksData> {
     const name = cad.name || "SnailyCAD";

diff --git a/apps/api/src/controllers/admin/manage/cad-settings/live-map-controller.ts b/apps/api/src/controllers/admin/manage/cad-settings/live-map-controller.ts
@@ -15,6 +15,7 @@ import sharp from "sharp";
 import { getLastOfArray, manyToManyHelper } from "lib/data/many-to-many";
 import { allowedFileExtensions } from "@snailycad/config";
 import { ExtendedBadRequest } from "~/exceptions/extended-bad-request";
+import { ZodSchema } from "~/lib/zod-schema";
 
 @Controller("/admin/manage/cad-settings/live-map")
 @ContentType("application/json")
@@ -27,7 +28,7 @@ export class CADSettingsLiveMapController {
   async updateMiscSettings(
     @Context("sessionUserId") sessionUserId: string,
     @Context("cad") cad: cad & { miscCadSettings: MiscCadSettings },
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(LIVE_MAP_SETTINGS) body: unknown,
   ): Promise<APITypes.PutCADMiscSettingsData> {
     const data = validateSchema(LIVE_MAP_SETTINGS, body);
 

diff --git a/apps/api/src/controllers/admin/manage/cad-settings/raw-webhooks-controller.ts b/apps/api/src/controllers/admin/manage/cad-settings/raw-webhooks-controller.ts
@@ -9,6 +9,7 @@ import { prisma } from "lib/data/prisma";
 import { validateSchema } from "lib/data/validate-schema";
 import { IsAuth } from "middlewares/auth/is-auth";
 import { Permissions, UsePermissions } from "middlewares/use-permissions";
+import { ZodSchema } from "~/lib/zod-schema";
 
 @Controller("/admin/manage/cad-settings/webhooks")
 @ContentType("application/json")
@@ -29,7 +30,7 @@ export class WebhooksController {
     permissions: [Permissions.ManageCADSettings],
   })
   async saveWebhooks(
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(RAW_WEBHOOKS_SCHEMA) body: unknown,
     @Context("cad") cad: cad,
     @Context("sessionUserId") sessionUserId: string,
   ) {

diff --git a/apps/api/src/controllers/admin/manage/manage-businesses-controller.ts b/apps/api/src/controllers/admin/manage/manage-businesses-controller.ts
@@ -14,6 +14,7 @@ import { UPDATE_EMPLOYEE_SCHEMA } from "@snailycad/schemas";
 import { EmployeeAsEnum } from "@snailycad/types";
 import { ExtendedBadRequest } from "src/exceptions/extended-bad-request";
 import { AuditLogActionType, createAuditLogEntry } from "@snailycad/audit-logger/server";
+import { ZodSchema } from "~/lib/zod-schema";
 
 const businessInclude = {
   user: {
@@ -109,7 +110,7 @@ export class AdminManageBusinessesController {
   async updateBusinessEmployee(
     @PathParams("id") employeeId: string,
     @Context("sessionUserId") sessionUserId: string,
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(UPDATE_EMPLOYEE_SCHEMA) body: unknown,
   ) {
     const data = validateSchema(UPDATE_EMPLOYEE_SCHEMA, body);
     const employee = await prisma.employee.findFirst({

diff --git a/apps/api/src/controllers/admin/manage/manage-citizens-controller.ts b/apps/api/src/controllers/admin/manage/manage-citizens-controller.ts
@@ -18,6 +18,7 @@ import generateBlurPlaceholder from "lib/images/generate-image-blur-data";
 import { AuditLogActionType, createAuditLogEntry } from "@snailycad/audit-logger/server";
 import { isFeatureEnabled } from "lib/upsert-cad";
 import { leoProperties, unitProperties } from "utils/leo/includes";
+import { ZodSchema } from "~/lib/zod-schema";
 
 @UseBeforeEach(IsAuth)
 @Controller("/admin/manage/citizens")
@@ -119,7 +120,7 @@ export class AdminManageCitizensController {
   })
   async updateCitizen(
     @PathParams("id") id: string,
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(CREATE_CITIZEN_SCHEMA.partial()) body: unknown,
     @Context("sessionUserId") sessionUserId: string,
     @Context("cad") cad: { features: Record<Feature, boolean> },
   ): Promise<APITypes.PutManageCitizenByIdData> {

diff --git a/apps/api/src/controllers/admin/manage/manage-custom-fields-controller.ts b/apps/api/src/controllers/admin/manage/manage-custom-fields-controller.ts
@@ -10,6 +10,7 @@ import { validateSchema } from "lib/data/validate-schema";
 import { IsAuth } from "middlewares/auth/is-auth";
 import { UsePermissions, Permissions } from "middlewares/use-permissions";
 import type * as APITypes from "@snailycad/types/api";
+import { ZodSchema } from "~/lib/zod-schema";
 
 @Controller("/admin/manage/custom-fields")
 @UseBeforeEach(IsAuth)
@@ -46,7 +47,7 @@ export class AdminManageCustomFieldsController {
     permissions: [Permissions.ManageCustomFields],
   })
   async createCustomField(
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(CUSTOM_FIELDS_SCHEMA) body: unknown,
     @Context("sessionUserId") sessionUserId: string,
   ): Promise<APITypes.PostManageCustomFieldsData> {
     const data = validateSchema(CUSTOM_FIELDS_SCHEMA, body);
@@ -74,7 +75,7 @@ export class AdminManageCustomFieldsController {
     permissions: [Permissions.ManageCustomFields],
   })
   async updateCustomField(
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(CUSTOM_FIELDS_SCHEMA) body: unknown,
     @PathParams("id") id: string,
     @Context("sessionUserId") sessionUserId: string,
   ): Promise<APITypes.PutManageCustomFieldsData> {

diff --git a/apps/api/src/controllers/admin/manage/manage-custom-roles-controller.ts b/apps/api/src/controllers/admin/manage/manage-custom-roles-controller.ts
@@ -24,6 +24,7 @@ import process from "node:process";
 import type * as APITypes from "@snailycad/types/api";
 import { AuditLogActionType, createAuditLogEntry } from "@snailycad/audit-logger/server";
 import { defaultPermissions } from "@snailycad/permissions";
+import { ZodSchema } from "~/lib/zod-schema";
 
 @Controller("/admin/manage/custom-roles")
 @UseBeforeEach(IsAuth)
@@ -66,7 +67,7 @@ export class AdminManageCustomRolesController {
   })
   @Description("Create a new custom role.")
   async createCustomRole(
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(CUSTOM_ROLE_SCHEMA) body: unknown,
     @Context("sessionUserId") sessionUserId: string,
   ): Promise<APITypes.PostCustomRolesData> {
     const data = validateSchema(CUSTOM_ROLE_SCHEMA, body);
@@ -104,7 +105,7 @@ export class AdminManageCustomRolesController {
   })
   @Description("Update a custom role by its ID.")
   async updateCustomRole(
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(CUSTOM_ROLE_SCHEMA) body: unknown,
     @PathParams("id") id: string,
     @Context("sessionUserId") sessionUserId: string,
   ): Promise<APITypes.PutCustomRoleByIdData> {

diff --git a/apps/api/src/controllers/admin/manage/manage-users-controller.ts b/apps/api/src/controllers/admin/manage/manage-users-controller.ts
@@ -25,6 +25,7 @@ import { manyToManyHelper } from "lib/data/many-to-many";
 import type * as APITypes from "@snailycad/types/api";
 import { AuditLogActionType, createAuditLogEntry } from "@snailycad/audit-logger/server";
 import { isDiscordIdInUse } from "lib/discord/utils";
+import { ZodSchema } from "~/lib/zod-schema";
 
 const manageUsersSelect = (selectCitizens: boolean) =>
   ({
@@ -205,7 +206,7 @@ export class ManageUsersController {
   async updateUserPermissionsById(
     @Context("sessionUserId") sessionUserId: string,
     @PathParams("id") userId: string,
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(PERMISSIONS_SCHEMA) body: unknown,
   ): Promise<APITypes.PutManageUserPermissionsByIdData> {
     const data = validateSchema(PERMISSIONS_SCHEMA, body);
     const user = await prisma.user.findUnique({
@@ -247,7 +248,7 @@ export class ManageUsersController {
   async updateUserRolesById(
     @Context("sessionUserId") sessionUserId: string,
     @PathParams("id") userId: string,
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(ROLES_SCHEMA) body: unknown,
   ): Promise<APITypes.PutManageUserByIdRolesData> {
     const data = validateSchema(ROLES_SCHEMA, body);
     const user = await prisma.user.findUnique({
@@ -296,7 +297,7 @@ export class ManageUsersController {
   async updateUserById(
     @Context("sessionUserId") sessionUserId: string,
     @PathParams("id") userId: string,
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(UPDATE_USER_SCHEMA) body: unknown,
   ): Promise<APITypes.PutManageUserByIdData> {
     const data = validateSchema(UPDATE_USER_SCHEMA, body);
     const user = await prisma.user.findUnique({
@@ -391,7 +392,7 @@ export class ManageUsersController {
     @Context("user") authUser: User,
     @PathParams("id") userId: string,
     @PathParams("type") banType: "ban" | "unban",
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(BAN_SCHEMA) body: unknown,
   ): Promise<APITypes.PostManageUserBanUnbanData> {
     if (!["ban", "unban"].includes(banType)) {
       throw new NotFound("notFound");

diff --git a/apps/api/src/controllers/admin/manage/units/manage-units-controller.ts b/apps/api/src/controllers/admin/manage/units/manage-units-controller.ts
@@ -39,6 +39,7 @@ import {
   combinedUnitProperties,
   combinedEmsFdUnitProperties,
 } from "utils/leo/includes";
+import { ZodSchema } from "~/lib/zod-schema";
 
 const ACTIONS = ["SET_DEPARTMENT_DEFAULT", "SET_DEPARTMENT_NULL", "DELETE_UNIT"] as const;
 type Action = (typeof ACTIONS)[number];
@@ -364,7 +365,7 @@ export class AdminManageUnitsController {
   async updateCallsignUnit(
     @Context("sessionUserId") sessionUserId: string,
     @PathParams("unitId") unitId: string,
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(UPDATE_UNIT_CALLSIGN_SCHEMA.partial()) body: unknown,
     @Context("cad") cad: cad & { features?: Record<Feature, boolean> },
   ): Promise<APITypes.PutManageUnitCallsignData> {
     const data = validateSchema(UPDATE_UNIT_CALLSIGN_SCHEMA.partial(), body);
@@ -435,7 +436,7 @@ export class AdminManageUnitsController {
   async updateUnit(
     @Context("sessionUserId") sessionUserId: string,
     @PathParams("id") id: string,
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(UPDATE_UNIT_SCHEMA.partial()) body: unknown,
     @Context("cad")
     cad: cad & { miscCadSettings: MiscCadSettings; features?: Record<Feature, boolean> },
   ): Promise<APITypes.PutManageUnitData> {

diff --git a/apps/api/src/controllers/admin/values/penal-code-group-controller.ts b/apps/api/src/controllers/admin/values/penal-code-group-controller.ts
@@ -7,6 +7,7 @@ import { CREATE_PENAL_CODE_GROUP_SCHEMA } from "@snailycad/schemas";
 import { validateSchema } from "lib/data/validate-schema";
 import { UsePermissions, Permissions } from "middlewares/use-permissions";
 import type * as APITypes from "@snailycad/types/api";
+import { ZodSchema } from "~/lib/zod-schema";
 
 @Controller("/admin/penal-code-group")
 @UseBeforeEach(IsAuth)
@@ -39,7 +40,7 @@ export class PenalCodeGroupController {
     permissions: [Permissions.ManageValuePenalCode],
   })
   async createPenalCodeGroup(
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(CREATE_PENAL_CODE_GROUP_SCHEMA) body: unknown,
   ): Promise<APITypes.PostPenalCodeGroupsData> {
     const data = validateSchema(CREATE_PENAL_CODE_GROUP_SCHEMA, body);
 
@@ -59,7 +60,7 @@ export class PenalCodeGroupController {
   })
   async editPenalCodeGroup(
     @PathParams("id") id: string,
-    @BodyParams() body: unknown,
+    @BodyParams() @ZodSchema(CREATE_PENAL_CODE_GROUP_SCHEMA) body: unknown,
   ): Promise<APITypes.PutPenalCodeGroupsData> {
     const data = validateSchema(CREATE_PENAL_CODE_GROUP_SCHEMA, body);