GitHub/kill-the-news
1
0
Fork 0
mirror of https://github.com/juherr/kill-the-news.git synced 2026-06-21 06:13:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(admin): validate JSON feed update via @hono/zod-validator

Browse Source 
Moves validation of POST /api/feeds/:feedId/update from inline
schema.parse() to zValidator middleware. The route now receives
typed validated data via c.req.valid("json"), and returns a
structured {success: false, error: ZodIssue[]} on invalid input.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Julien Herr
2026-05-21 23:46:29 +02:00
parent 57e0cc5413
commit 5723fd36f9
2 changed files with 70 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/admin.test.ts
+17
View File
@@ -187,6 +187,23 @@ describe("Admin Routes", () => {
}); });
}); });
describe("API Feed Update", () => {
it("returns 400 with structured validation error for empty title", async () => {
const authCookie = await loginAndGetCookie();
const res = await request("/admin/api/feeds/test-feed/update", {
method: "POST",
headers: {
Cookie: authCookie,
"Content-Type": "application/json",
},
body: JSON.stringify({ title: "", description: "desc" }),
});
expect(res.status).toBe(400);
const body = await res.json<{ success: boolean }>();
expect(body.success).toBe(false);
});
});
describe("Feed Management", () => { describe("Feed Management", () => {
it("should prevent feed deletion without authentication", async () => { it("should prevent feed deletion without authentication", async () => {
const res = await request("/admin/feeds/test-feed/delete", { const res = await request("/admin/feeds/test-feed/delete", {
src/routes/admin.ts
+16 -12
View File
@@ -1,6 +1,7 @@
import { Context, Hono } from "hono"; import { Context, Hono } from "hono";
import { deleteCookie, getSignedCookie, setSignedCookie } from "hono/cookie"; import { deleteCookie, getSignedCookie, setSignedCookie } from "hono/cookie";
import { html, raw } from "hono/html"; import { html, raw } from "hono/html";
import { zValidator } from "@hono/zod-validator";
import { z } from "zod"; import { z } from "zod";
import { import {
Env, Env,
@@ -3756,23 +3757,25 @@ async function removeFeedFromList(
} }
// Update feed via API (for in-place editing) // Update feed via API (for in-place editing)
app.post("/api/feeds/:feedId/update", async (c) => { app.post(
"/api/feeds/:feedId/update",
zValidator(
"json",
updateFeedSchema.pick({ title: true, description: true }),
(result, c) => {
if (!result.success)
return c.json({ success: false, error: result.error.issues }, 400);
},
),
async (c) => {
// Type assertion for environment variables // Type assertion for environment variables
const env = c.env as unknown as Env; const env = c.env as unknown as Env;
const emailStorage = env.EMAIL_STORAGE; const emailStorage = env.EMAIL_STORAGE;
const feedId = c.req.param("feedId"); const feedId = c.req.param("feedId");
try { try {
// Parse JSON data from request const { title, description } = c.req.valid("json");
const data = await c.req.json(); const parsedData = { title, description, language: "en" as const };
const { title, description } = data;
// Validate inputs
const parsedData = updateFeedSchema.parse({
title,
description,
language: "en", // We're defaulting to English
});
// Get existing feed config // Get existing feed config
const feedConfigKey = `feed:${feedId}:config`; const feedConfigKey = `feed:${feedId}:config`;
@@ -3809,7 +3812,8 @@ app.post("/api/feeds/:feedId/update", async (c) => {
console.error("Error updating feed via API:", error); console.error("Error updating feed via API:", error);
return c.json({ error: "Error updating feed" }, 400); return c.json({ error: "Error updating feed" }, 400);
} }
}); },
);
// Export the Hono app // Export the Hono app
export const handle = app; export const handle = app;