Skip to content

Model-level validation corrupts field date serialization/validation for RESTful handler #1067

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
vgarmash opened this issue Mar 1, 2024 · 2 comments
Closed

Model-level validation corrupts field date serialization/validation for RESTful handler #1067

vgarmash opened this issue Mar 1, 2024 · 2 comments
Labels
in-progress
Milestone
1.10.0

Comments

@vgarmash
Copy link

vgarmash commented Mar 1, 2024

We use CRUD API generated by the Zenstack with RESTful handler. We have never used the Model-level validation in our schema and decided to enable couple rules in one model. Apparently, there is some problem in Zod configuration or serialization layer in version 1.9.0. Without model-level validation rules we are able to add new entry via REST API but once we add " @@Validate" to the model it start throwing us error 403 with Zod validation message for fields with DateTime type.

schema.zmodel:

generator client {
  provider        = "prisma-client-js"
  previewFeatures = ["driverAdapters", "postgresqlExtensions", "views", "tracing"]
}

datasource db {
  provider    = "postgresql"
  url         = env("DATABASE_URL_WITH_SCHEMA")
  extensions  = [uuidOssp(map: "uuid-ossp")]
}

plugin openapi {
  provider = '@zenstackhq/openapi'
  flavor = 'rest'
  output = './dist/crud-api.json'
  title = 'CRUD REST API'
  version = '1.0.0'
  summary = 'CRUD API'
  description = 'This API can be used to make calls to the database using REST. Created with ZenStack.'
  prefix = '/api/crud'
  securitySchemes = {
        bearer: { type: 'http', scheme: 'bearer', bearerFormat: 'JWT' }
    }
}

model participant_interaction {
  participant_interaction_id String @id @default(dbgenerated("uuid_generate_v4()")) @db.Uuid

  summary String?

  interaction_start DateTime? @db.Timestamp(0)
  interaction_duration_minutes Int?


  coach_id String @db.Uuid
  participant_id String @db.Uuid

  created_by String?
  created_timestamp DateTime? @db.Timestamp(6) @default(now())
  last_modified_by String?
  updated_timestamp DateTime? @db.Timestamp(6) @updatedAt()
  mongo_db_id String? @db.VarChar(255) @allow("update", false)

  //Columns for Legacy interaction type
  legacy_interaction_task_type InteractionTaskType?

  //Model-level validations
  @@validate(true, "You should never see this message")

  //Everything allowed (no auth policies yet)
  @@allow('all', true)
}

Request:

POST /api/crud/participant_interaction HTTP/1.1
Host: localhost:3000
Content-Type: application/json
Authorization: Bearer <omitted>

{
  "data": {
    "type": "participant_forms",
    "attributes": {
      "participant_id": "d4a4ed94-b71b-4596-bc30-e13bc6f16ed1",
      "coach_id": "67f9366a-6aa9-4765-838a-07dc1afd0b65",
      "summary": "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla non neque mollis, placerat risus sit amet, vehicula justo. Integer in ipsum id tortor porta malesuada. Maecenas ac neque ex. Morbi non est id risus posuere luctus. Vestibulum ac euismod felis. Sed eget imperdiet lorem. Pellentesque id accumsan enim.",
      "interaction_start": "2024-03-02T05:00:00.000Z",
      "interaction_duration_minutes":25,
    }
  }
}

Response:

{
    "errors": [
        {
            "status": 403,
            "code": "forbidden",
            "title": "Operation is forbidden",
            "reason": "DATA_VALIDATION_VIOLATION",
            "zodErrors": {
                "issues": [
                    {
                        "code": "invalid_type",
                        "expected": "date",
                        "received": "string",
                        "path": [
                            "interaction_start"
                        ],
                        "message": "Expected date, received string"
                    }
                ],
                "name": "ZodError"
            }
        }
    ]
}

As soon as I remove "@@Validation" from our model, everything works properly.

Environment:
package.json
tsconfig.json

  • ZenStack version: 1.9.0
  • Prisma version: 5.10.2
  • Database type: Postgresql
@ymc9
Copy link
Member

ymc9 commented Mar 1, 2024

Hi @vgarmash , thanks for reporting this. I'll look into it and update back here soon.

@ymc9 ymc9 mentioned this issue Mar 1, 2024
Merged
@ymc9 ymc9 added this to the 1.10.0 milestone Mar 1, 2024
@ymc9
Copy link
Member

ymc9 commented Mar 2, 2024

Hi @vgarmash , thanks for reporting this. I'll look into it and update back here soon.

When @@validate is used, a zod schema is generated and used to validate the input data. Currently the schema is too strict for DateTime field and requires a Date object. I've made a fix to allow compatible strings (via z.coerce.date). It's included in the latest v1.10.0 release. Please help check if it's working for you. Thanks!

@ymc9 ymc9 closed this as completed Mar 2, 2024
@coderabbitai coderabbitai bot mentioned this issue Mar 12, 2024
Merged
@coderabbitai coderabbitai bot mentioned this issue Apr 7, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in-progress
Projects
None yet
Milestone
1.10.0
Development

No branches or pull requests
2 participants
@vgarmash @ymc9