added validation to account handling.

package.json

@@ -41,7 +41,8 @@
     "socket.io": "^4.7.5",
     "trivialperms": "^2.0.0-beta.0",
     "ts-essentials": "^10.0.0",
-    "zod": "^3.23.8"
+    "zod": "^3.23.8",
+    "zod-express-middleware": "^1.4.0"
   },
   "devDependencies": {
     "@ckpack/vue-color": "^1.3.0",
@@ -86,6 +87,11 @@
     "vue-codemirror": "^6.1.1",
     "vue-router": "^4.1.6"
   },
+  "overrides": {
+    "zod-express-middleware": {
+      "express": "$express"
+    }
+  },
   "lint-staged": {
     "*.{ts,js,vue}": "npm run lint"
   }

src/server/engines/validation/models/account.ts

@@ -0,0 +1,43 @@
+// ---------------------------------------------------------------------------------------------------------------------
+// Account Validation Model
+// ---------------------------------------------------------------------------------------------------------------------
+
+import { z } from 'zod';
+
+// ---------------------------------------------------------------------------------------------------------------------
+
+export const AccountID = z.string().min(4)
+    .regex(/^[a-zA-Z0-9]+$/);
+
+export const AccountSettings = z.object({
+    colorMode: z.enum([ 'light', 'dark', 'auto' ]).optional()
+
+    // Other settings...
+});
+
+export const Account = z.object({
+    id: z.string(),
+    email: z.string(),
+    name: z.string().optional(),
+    avatar: z.string().optional(),
+    permissions: z.array(z.string()).optional(),
+    settings: AccountSettings.passthrough().optional()
+});
+
+// ---------------------------------------------------------------------------------------------------------------------
+// Request Validations
+// ---------------------------------------------------------------------------------------------------------------------
+
+export const UpdateParams = z.object({
+    accountID: AccountID
+});
+
+export const AccountFilter = z.object({
+    id: z.union([ AccountID, z.array(AccountID) ]).optional(),
+    email: z.union([ z.string().email(), z.array(z.string().email()) ])
+        .optional(),
+    name: z.union([ z.string().min(1), z.array(z.string().min(1)) ])
+        .optional()
+});
+
+// ---------------------------------------------------------------------------------------------------------------------

src/server/routes/accounts.ts

@@ -3,16 +3,17 @@
 //----------------------------------------------------------------------------------------------------------------------
 
 import express from 'express';
+import { processRequest } from 'zod-express-middleware';
 
 // Managers
 import * as accountMan from '../managers/account';
 import * as permsMan from '../managers/permissions';
 
-// Models
-// import { Account } from '../models/account';
+// Validation
+import * as AccountValidators from '../engines/validation/models/account';
 
 // Utils
-import { convertQueryToRecord, ensureAuthenticated, errorHandler } from './utils';
+import { ensureAuthenticated, errorHandler } from './utils';
 
 // Logger
 import logging from '@strata-js/util-logging';
@@ -24,23 +25,16 @@ const router = express.Router();
 
 //----------------------------------------------------------------------------------------------------------------------
 
-router.get('/', async(req, resp) =>
+router.get('/', processRequest({ query: AccountValidators.AccountFilter }), async(req, resp) =>
 {
-    const query = convertQueryToRecord(req);
-    const filters = {
-        id: query.id,
-        email: query.email,
-        name: query.name
-    };
-
-    resp.json((await accountMan.list(filters)).map((accountObj) =>
+    resp.json((await accountMan.list(req.query)).map((accountObj) =>
     {
         const { permissions, settings, groups, ...restAccount } = accountObj;
         return restAccount;
     }));
 });
 
-router.get('/:accountID', async(req, resp) =>
+router.get('/:accountID', processRequest({ params: AccountValidators.UpdateParams }), async(req, resp) =>
 {
     const user = req.user;
     const account = await accountMan.get(req.params.accountID);
@@ -58,12 +52,20 @@ router.get('/:accountID', async(req, resp) =>
     }
 });
 
-router.patch('/:accountID', ensureAuthenticated, async(req, resp) =>
-{
-    // Update the account
-    const newAccount = await accountMan.update(req.params.accountID, req.body);
-    resp.json(newAccount);
-});
+router.patch(
+    '/:accountID',
+    ensureAuthenticated,
+    processRequest({
+        params: AccountValidators.UpdateParams,
+        body: AccountValidators.Account.partial({ id: true })
+    }),
+    async(req, resp) =>
+    {
+        // Update the account
+        const newAccount = await accountMan.update(req.params.accountID, req.body);
+        resp.json(newAccount);
+    }
+);
 
 //----------------------------------------------------------------------------------------------------------------------
 // Error Handling