Validation Patterns
This skill describes schema-first input validation patterns for backend services.
Core rule
Validate all external inputs (params, query, body) before using them in business logic or data access.
Zod-style schema validation
ts
import { z } from "zod";
export const createUserSchema = z.object({
email: z.string().email(),
name: z.string().min(1),
});
Controller usage:
ts
const input = createUserSchema.parse(req.body);
If you need non-throwing behavior:
ts
const parsed = createUserSchema.safeParse(req.body);
if (!parsed.success) return res.status(400).json({ error: "Invalid input" });
Validation middleware (optional)
For repeatable patterns across routes, introduce middleware:
ts
export function validateBody(schema: ZodSchema) {
return (req, _res, next) => {
req.body = schema.parse(req.body);
next();
};
}
Related Skills
- •
routing-and-controllers