From 9a4fd29fa5e335b73d74ac52a1d4b97c18308163 Mon Sep 17 00:00:00 2001
From: michivonah <info@michivonah.ch>
Date: Thu, 30 Oct 2025 21:45:18 +0100
Subject: [PATCH] install zod for input validation

---
 api/package-lock.json           | 31 ++++++++++++++++++++++++++-----
 api/package.json                |  4 +++-
 api/src/errors/http-error.ts    |  8 ++++++--
 api/src/lib/http-z-validator.ts | 15 +++++++++++++++
 4 files changed, 50 insertions(+), 8 deletions(-)
 create mode 100644 api/src/lib/http-z-validator.ts

diff --git a/api/package-lock.json b/api/package-lock.json
index 32b8800..47dcdf7 100644
--- a/api/package-lock.json
+++ b/api/package-lock.json
@@ -8,9 +8,11 @@
       "dependencies": {
         "@auth/core": "^0.40.0",
         "@hono/auth-js": "^1.1.0",
+        "@hono/zod-validator": "^0.7.4",
         "dotenv": "^17.2.2",
         "drizzle-orm": "^0.44.5",
-        "hono": "^4.9.9"
+        "hono": "^4.9.9",
+        "zod": "^4.1.12"
       },
       "devDependencies": {
         "@types/node": "^24.3.1",
@@ -1068,6 +1070,16 @@
         "react": "^18 || ^19 || ^19.0.0-rc"
       }
     },
+    "node_modules/@hono/zod-validator": {
+      "version": "0.7.4",
+      "resolved": "https://registry.npmjs.org/@hono/zod-validator/-/zod-validator-0.7.4.tgz",
+      "integrity": "sha512-biKGn3BRJVaftZlIPMyK+HCe/UHAjJ6sH0UyXe3+v0OcgVr9xfImDROTJFLtn9e3XEEAHGZIM9U6evu85abm8Q==",
+      "license": "MIT",
+      "peerDependencies": {
+        "hono": ">=3.9.0",
+        "zod": "^3.25.0 || ^4.0.0"
+      }
+    },
     "node_modules/@img/sharp-darwin-arm64": {
       "version": "0.33.5",
       "resolved": "https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.33.5.tgz",
@@ -2018,6 +2030,16 @@
         "node": ">=18.0.0"
       }
     },
+    "node_modules/miniflare/node_modules/zod": {
+      "version": "3.22.3",
+      "resolved": "https://registry.npmjs.org/zod/-/zod-3.22.3.tgz",
+      "integrity": "sha512-EjIevzuJRiRPbVH4mGc8nApb/lVLKVpmUhAaR5R5doKGfAnGJ6Gr3CViAVjP+4FWSxCsybeWQdcgCtbX+7oZug==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/colinhacks"
+      }
+    },
     "node_modules/ms": {
       "version": "2.1.3",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
@@ -2372,10 +2394,9 @@
       }
     },
     "node_modules/zod": {
-      "version": "3.22.3",
-      "resolved": "https://registry.npmjs.org/zod/-/zod-3.22.3.tgz",
-      "integrity": "sha512-EjIevzuJRiRPbVH4mGc8nApb/lVLKVpmUhAaR5R5doKGfAnGJ6Gr3CViAVjP+4FWSxCsybeWQdcgCtbX+7oZug==",
-      "dev": true,
+      "version": "4.1.12",
+      "resolved": "https://registry.npmjs.org/zod/-/zod-4.1.12.tgz",
+      "integrity": "sha512-JInaHOamG8pt5+Ey8kGmdcAcg3OL9reK8ltczgHTAwNhMys/6ThXHityHxVV2p3fkw/c+MAvBHFVYHFZDmjMCQ==",
       "license": "MIT",
       "funding": {
         "url": "https://github.com/sponsors/colinhacks"
diff --git a/api/package.json b/api/package.json
index 33b8b24..9d44c8c 100644
--- a/api/package.json
+++ b/api/package.json
@@ -9,9 +9,11 @@
   "dependencies": {
     "@auth/core": "^0.40.0",
     "@hono/auth-js": "^1.1.0",
+    "@hono/zod-validator": "^0.7.4",
     "dotenv": "^17.2.2",
     "drizzle-orm": "^0.44.5",
-    "hono": "^4.9.9"
+    "hono": "^4.9.9",
+    "zod": "^4.1.12"
   },
   "devDependencies": {
     "@types/node": "^24.3.1",
diff --git a/api/src/errors/http-error.ts b/api/src/errors/http-error.ts
index 988f04f..ed9eea3 100644
--- a/api/src/errors/http-error.ts
+++ b/api/src/errors/http-error.ts
@@ -24,8 +24,12 @@ export class MissingParameter extends HTTPException{
 }
 
 export class InvalidParameter extends HTTPException{
-    constructor(paramName: string){
-        super(400, { message: `Provided parameter '${paramName}' is invalid.` })
+    constructor(paramName?: string){
+        super(400, { message:
+            paramName
+            ? `Provided parameter '${paramName}' is invalid.`
+            : 'Provided invalid parameter.'
+        })
     }
 }
 
diff --git a/api/src/lib/http-z-validator.ts b/api/src/lib/http-z-validator.ts
new file mode 100644
index 0000000..3308ffe
--- /dev/null
+++ b/api/src/lib/http-z-validator.ts
@@ -0,0 +1,15 @@
+import * as z from 'zod'
+import { zValidator } from '@hono/zod-validator'
+import { InvalidParameter } from '../errors'
+
+/**
+ * Custom Zod Validator Middleware with support for HTTP Exceptions
+ * @param type Part of HonoRequest object to get data from
+ * @param schema Zod Validation scheme (docs: https://zod.dev/api)
+ * @returns zValidator for running the validation
+ */
+export default function httpZValidator<T extends z.ZodTypeAny>(type: 'query' | 'json' | 'param' = 'query', schema: T){
+    return zValidator(type, schema, (result, c) => {
+        if(!result.success) throw new InvalidParameter();
+    })
+}
\ No newline at end of file