feat(auth): add request validation for utility endpoints#576
feat(auth): add request validation for utility endpoints#576Chaitanya-970 wants to merge 2 commits into
Conversation
|
@Chaitanya-970 is attempting to deploy a commit to the Prashantkumar Khatri's projects Team on Vercel. A member of the Team first needs to authorize it. |
github-actions
Bot
added
backend
gssoc:approved
|
Hi @Chaitanya-970, Thanks for opening this pull request. This PR has been automatically classified based on the files modified. Applied Labels
Primary Review Area
Reviewer@Harxhit has been identified as the primary reviewer for this pull request. If you have any questions regarding the affected area or implementation details, feel free to reach out to the assigned reviewer. Thank you for your contribution! |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds request-body validation to selected auth endpoints using Zod, with accompanying tests to ensure invalid payloads are rejected.
Changes:
- Introduced Zod schemas for
/mobile/exchangeand/refreshrequest bodies - Added runtime validation in the corresponding Fastify route handlers
- Added Vitest coverage for invalid request bodies and missing refresh tokens
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| apps/backend/src/validations/auth.validation.ts | Adds Zod schemas for auth-related request bodies |
| apps/backend/src/routes/auth.ts | Applies schema validation to /refresh and /mobile/exchange routes |
| apps/backend/src/tests/auth-util.test.ts | Adds tests asserting 400/401 responses for invalid/missing inputs |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
CI — All Checks PassedBackend — PASS
Mobile — SKIP
Web — SKIP
Last updated: |
|
@Chaitanya-970 Which issue does it closes ? |
|
… On Sun, 14 Jun 2026, 11:55 pm Harshit Singh Parihar, < ***@***.***> wrote:
*Harxhit* left a comment (Dev-Card/DevCard#576)
<#576 (comment)>
@Chaitanya-970 <https://github.com/Chaitanya-970> Which issue does it
closes ?
—
Reply to this email directly, view it on GitHub
<#576?email_source=notifications&email_token=ASZ5GSVLUT33BQ2NI2ANMM3473U2HA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZQGI3DINJZGI42M4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLDGN5XXIZLSL5RWY2LDNM#issuecomment-4702645929>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASZ5GSS5POFIAOPTMG6DO6D473U2HAVCNFSNUABGKJSXA33TNF2G64TZHMYTCNZZHA3DMNRUGU5US43TOVSTWNBWGU4TSNBQGIYDTILWAI>
.
Triage notifications, keep track of coding agent tasks and review pull
requests on the go with GitHub Mobile for iOS
<https://github.com/notifications/mobile/ios/ASZ5GSTNGXBTJUU42ERQWFD473U2HA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZQGI3DINJZGI42M4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJKTGN5XXIZLSL5UW64Y>
and Android
<https://github.com/notifications/mobile/android/ASZ5GSRE336R54P2D7AC5CL473U2HA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINZQGI3DINJZGI42M4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLTGN5XXIZLSL5QW4ZDSN5UWI>.
Download it today!
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Please mention that in pr description also address copilot suggestions please. |
Fix to issue #540
Copilot suggestions resolved
This fixes the assigned issue where the auth utility endpoints were accepting payloads without validation.
I added Zod schemas for the /auth/mobile/exchange and /auth/refresh routes. Now, if someone sends an empty or badly formatted request body, the API returns a 400 error instead of trying to process it.
Changes:
Added mobileExchangeSchema and refreshTokenSchema in auth.validation.ts
Wired up the schemas in the auth.ts route handlers
Wrote tests in auth-util.test.ts to verify that missing, empty, and non-string inputs are rejected properly
The new tests pass locally and the linter is green.