feat(validation): add request validation for server and channel mutat…#82
Open
varun29sharma wants to merge 7 commits into
Open
feat(validation): add request validation for server and channel mutat…#82varun29sharma wants to merge 7 commits into
varun29sharma wants to merge 7 commits into
Conversation
…ion APIs - Add server/middleware/validate.js with reusable express-validator wrapper - Validate server_details, server_name on /create_server - Validate server_id, category_id (isMongoId) on /add_new_channel and /add_new_category - Validate channel_name, channel_type on /add_new_channel - Validate server_id on /delete_server and /leave_server - Guard /server_info against bad ObjectId before DB call - Return 404 when modifiedCount is 0 (server/category not found) Closes 0rigin-c0de#18
👷 Deploy request for piperchat01 pending review.Visit the deploys page to approve it
|
This was referenced May 17, 2026
Contributor
|
@varun29sharma is attempting to deploy a commit to the Sunil Kumar's projects Team on Vercel. A member of the Team first needs to authorize it. |
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
0rigin-c0de
requested changes
May 17, 2026
Contributor
Author
|
Hi @0rigin-c0de .... can u please merge this PR and we can finally close issue 18😊 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #18
Adds input validation to all six mutation routes in
server/routes/servers.jsusing
express-validator. Previously, missing or malformed fields causedeither a BSONError crash (500) or a silent no-op where bad data was saved
to MongoDB without any error returned to the client.
Changes
New file:
server/middleware/validate.jsA reusable middleware that accepts an array of
express-validatorrules,runs them, and returns a consistent
400response with field-level errormessages if any rule fails. The route handler is never called when validation
fails. ;)
Modified:
server/routes/servers.jsPOST /create_serverserver_detailsandserver_details.server_namenow required — previouslyundefined.rolethrew a TypeErrorPOST /add_new_channelserver_idandcategory_idvalidated as MongoId beforenew ObjectId()— previously any bad string caused a BSONError 500POST /add_new_channelchannel_nameandchannel_typenow required and validatedPOST /add_new_categoryserver_idvalidated as MongoId;category_namerequiredPOST /delete_serverserver_idrequired — previously missing field caused a silent no-opPOST /leave_serverserver_idrequired — same silent failure fixedPOST /server_infoserver_idvalidated beforenew ObjectId()call — bad ID no longer crashes after authmodifiedCount === 0responses on/add_new_channeland/add_new_categorynow return
404instead of500, since the correct interpretation is"server or category not found."
Test evidence
All tests run with
curlagainst a local instance (port 2000):POST /create_serverwith empty body →400POST /create_serverwithserver_name: ""→400POST /add_new_channelwithserver_id: "notanid"→400POST /add_new_channelwithchannel_type: "video"→400POST /add_new_categorywith valid MongoId but no matching server →404POST /delete_serverwith empty body →400POST /server_infowith bad ID →400(was500)Compatibility
All existing happy-path response shapes are unchanged. No frontend code
was modified. The
{ status: ... }pattern used throughout the fileis preserved in the new error responses.