Validation Layer

​

Overview

1. Schema Level: Defining the shape and constraints of data within our models.
2. Middleware Level: Intercepting requests and validating req.body, req.query, or req.params before they reach the controller.

​

Zod Schemas in Models

export const universityZodSchema = z.object({
  name: z.string().min(1, "Name is required").max(200),
  shortName: z.string().min(1, "Short name is required").max(20),
  slug: z.string().min(1, "Slug is required").max(100),
  // ... other fields
});

• Type Safety: Clearer documentation of what fields are required and their types.
• Reusability: The same schema can be used for both POST (creation) and PATCH (updates, via .partial()).

​

Validation Middleware

​

Usage in Routes

import { validate } from "../middlewares/validationMiddleware.js";
import { universityZodSchema } from "../models/University.js";

router.post("/", validate(universityZodSchema), universityController.create);

​

How it Works

1. Validation: It runs schema.safeParse() against req.body.
2. Success: If valid, it replaces req.body with the parsed (and potentially transformed/sanitized) data and calls next().
3. Failure: If invalid, it formats the Zod error into a human-readable message and throws a ValidationError (400), which is then handled by the global error handler.

​

Validation Strategies

• Strict Mode: We generally allow extra fields in the request body but ignore them (Zod’s default behavior).
• Partial Updates: For PATCH requests, we use schema.partial() to make all fields optional while still enforcing types and constraints for the fields that are provided.
• Query Validation: We also use Zod to validate pagination parameters (page, limit, sort) in the paginationMiddleware.