From 4078d6ac573479b7528be40cb456581582ff47a8 Mon Sep 17 00:00:00 2001 From: OpenClaw Date: Fri, 6 Mar 2026 17:48:32 +0000 Subject: [PATCH] auto(agent): improved input validation with Zod schemas and enhanced error details in offers.js --- backend/src/routes/offers.js | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/backend/src/routes/offers.js b/backend/src/routes/offers.js index 1fd0ba0..ab605c0 100644 --- a/backend/src/routes/offers.js +++ b/backend/src/routes/offers.js @@ -5,6 +5,18 @@ import { requireAuth } from '../middleware/auth.js'; const router = Router(); +// Zod schema for offer creation validation +const createOfferSchema = z.object({ + amountChf: z.number().positive(), + message: z.string().max(2000).optional() +}); + +// Zod schema for negotiation validation +const negotiateSchema = z.object({ + amountChf: z.number().positive(), + message: z.string().max(2000).optional() +}); + router.post('/:requestId', requireAuth, async (req, res) => { try { const requestId = Number(req.params.requestId); @@ -12,13 +24,10 @@ router.post('/:requestId', requireAuth, async (req, res) => { return res.status(400).json({ error: 'Invalid requestId' }); } - const parsed = z.object({ - amountChf: z.number().positive(), - message: z.string().max(2000).optional() - }).safeParse(req.body); + const parsed = createOfferSchema.safeParse(req.body); if (!parsed.success) { - return res.status(400).json({ error: 'Invalid payload' }); + return res.status(400).json({ error: 'Invalid payload', details: parsed.error.flatten() }); } const { amountChf, message } = parsed.data; @@ -44,13 +53,10 @@ router.post('/negotiation/:offerId', requireAuth, async (req, res) => { return res.status(400).json({ error: 'Invalid offerId' }); } - const parsed = z.object({ - amountChf: z.number().positive(), - message: z.string().max(2000).optional() - }).safeParse(req.body); + const parsed = negotiateSchema.safeParse(req.body); if (!parsed.success) { - return res.status(400).json({ error: 'Invalid payload' }); + return res.status(400).json({ error: 'Invalid payload', details: parsed.error.flatten() }); } const { amountChf, message } = parsed.data;