groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(GRO-636): input validation fixes for 5 API routes

Browse Source 
Adds Zod validation across 5 API routes:

1. invoices GET / — query param validation (uuid, enum, int bounds)
2. book POST / — future-time refinement on startTime
3. appointments — recurrence series capped at 1 year
4. services — durationMinutes capped at 480 (8 hours)
5. stripe-webhooks — UUID validation on invoice IDs before DB lookup

Closes GRO-636

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit was merged in pull request #294.
This commit is contained in:
groombook-cto[bot]
2026-04-15 04:26:20 +00:00
committed by GitHub
parent 80b66fe20c
commit e1e13d5091
5 changed files with 72 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/api/src/routes/services.ts
+1 -1
View File
@@ -9,7 +9,7 @@ const createServiceSchema = z.object({
name: z.string().min(1).max(200),
description: z.string().max(2000).optional(),
basePriceCents: z.number().int().positive(),
durationMinutes: z.number().int().positive(),
durationMinutes: z.number().int().positive().max(480),
active: z.boolean().default(true),
});