added zod for post requests

pages/api/v1/auth/forgot-password.ts

@@ -1,5 +1,6 @@
 import { prisma } from "@/lib/api/db";
 import sendPasswordResetRequest from "@/lib/api/sendPasswordResetRequest";
+import { ForgotPasswordSchema } from "@/lib/shared/schemaValidation";
 import type { NextApiRequest, NextApiResponse } from "next";
 
 export default async function forgotPassword(
@@ -13,14 +14,18 @@ export default async function forgotPassword(
           "This action is disabled because this is a read-only demo of Linkwarden.",
       });
 
-    const email = req.body.email;
+    const dataValidation = ForgotPasswordSchema.safeParse(req.body);
 
-    if (!email) {
+    if (!dataValidation.success) {
       return res.status(400).json({
-        response: "Invalid email.",
+        response: `Error: ${
+          dataValidation.error.issues[0].message
+        } [${dataValidation.error.issues[0].path.join(", ")}]`,
       });
     }
 
+    const { email } = dataValidation.data;
+
     const recentPasswordRequestsCount = await prisma.passwordResetToken.count({
       where: {
         identifier: email,
@@ -45,7 +50,7 @@ export default async function forgotPassword(
 
     if (!user || !user.email) {
       return res.status(400).json({
-        response: "Invalid email.",
+        response: "No user found with that email.",
       });
     }
 

pages/api/v1/auth/reset-password.ts

@@ -1,6 +1,7 @@
 import { prisma } from "@/lib/api/db";
 import type { NextApiRequest, NextApiResponse } from "next";
 import bcrypt from "bcrypt";
+import { ResetPasswordSchema } from "@/lib/shared/schemaValidation";
 
 export default async function resetPassword(
   req: NextApiRequest,
@@ -13,20 +14,17 @@ export default async function resetPassword(
           "This action is disabled because this is a read-only demo of Linkwarden.",
       });
 
-    const token = req.body.token;
-    const password = req.body.password;
+    const dataValidation = ResetPasswordSchema.safeParse(req.body);
 
-    if (!password || password.length < 8) {
+    if (!dataValidation.success) {
       return res.status(400).json({
-        response: "Password must be at least 8 characters.",
+        response: `Error: ${
+          dataValidation.error.issues[0].message
+        } [${dataValidation.error.issues[0].path.join(", ")}]`,
       });
     }
 
-    if (!token || typeof token !== "string") {
-      return res.status(400).json({
-        response: "Invalid token.",
-      });
-    }
+    const { token, password } = dataValidation.data;
 
     // Hashed password
     const saltRounds = 10;

pages/api/v1/auth/verify-email.ts

@@ -1,5 +1,6 @@
 import { prisma } from "@/lib/api/db";
 import updateCustomerEmail from "@/lib/api/updateCustomerEmail";
+import { VerifyEmailSchema } from "@/lib/shared/schemaValidation";
 import type { NextApiRequest, NextApiResponse } from "next";
 
 export default async function verifyEmail(
@@ -13,14 +14,18 @@ export default async function verifyEmail(
           "This action is disabled because this is a read-only demo of Linkwarden.",
       });
 
-    const token = req.query.token;
+    const dataValidation = VerifyEmailSchema.safeParse(req.query);
 
-    if (!token || typeof token !== "string") {
+    if (!dataValidation.success) {
       return res.status(400).json({
-        response: "Invalid token.",
+        response: `Error: ${
+          dataValidation.error.issues[0].message
+        } [${dataValidation.error.issues[0].path.join(", ")}]`,
       });
     }
 
+    const { token } = dataValidation.data;
+
     // Check token in db
     const verifyToken = await prisma.verificationToken.findFirst({
       where: {