use zod schemes for validation

src/routes/admin/users/+server.ts

@@ -4,6 +4,7 @@ import { error, type RequestHandler } from '@sveltejs/kit';
 import { User } from '$lib/server/database';
 import { type Attributes, Op } from 'sequelize';
 import { ApiError, getJavaUuid, getNoAuthUuid, UserNotFoundError } from '$lib/server/minecraft';
+import { UserAddSchema, UserDeleteSchema, UserEditSchema, UserListSchema } from './schema';
 
 export const POST = (async ({ request, cookies }) => {
 	if (getSession(cookies, { permissions: [Permissions.UserRead] }) == null) {
@@ -12,16 +13,11 @@ export const POST = (async ({ request, cookies }) => {
 		});
 	}
 
-	const data: {
-		limit: number | null;
-		from: number | null;
-
-		name: string | null;
-		playertype: 'java' | 'bedrock' | 'noauth' | null;
-
-		search: string | null;
-		slim: boolean | null;
-	} = await request.json();
+	const parseResult = await UserListSchema.safeParseAsync(await request.json());
+	if (!parseResult.success) {
+		return new Response(null, { status: 400 });
+	}
+	const data = parseResult.data;
 
 	const usersFindOptions: Attributes<User> = {};
 	if (data.name) {
@@ -60,30 +56,26 @@ export const PATCH = (async ({ request, cookies }) => {
 		});
 	}
 
-	const data = await request.json();
-	const id = data['id'] as string | null;
-
-	if (id == null) {
-		return new Response(null, {
-			status: 400
-		});
+	const parseResult = await UserEditSchema.safeParseAsync(await request.json());
+	if (!parseResult.success) {
+		return new Response(null, { status: 400 });
 	}
+	const data = parseResult.data;
 
-	const user = await User.findOne({ where: { id: id } });
+	const user = await User.findOne({ where: { id: data.id } });
 	if (!user) {
 		return new Response(null, {
 			status: 400
 		});
 	}
 
-	if (data['firstname']) user.firstname = data['firstname'];
-	if (data['lastname']) user.lastname = data['lastname'];
-	if (data['birthday']) user.birthday = data['birthday'];
-	if (data['telephone']) user.telephone = data['telephone'];
-	if (data['username']) user.username = data['username'];
-	if (data['playertype']) user.playertype = data['playertype'];
-	if (data['password']) user.password = data['password'];
-	if (data['uuid']) user.uuid = data['uuid'];
+	if (data.firstname) user.firstname = data.firstname;
+	if (data.lastname) user.lastname = data.lastname;
+	if (data.birthday) user.birthday = data.birthday;
+	if (data.telephone) user.telephone = data.telephone;
+	if (data.username) user.username = data.username;
+	if (data.playertype) user.playertype = data.playertype;
+	if (data.uuid) user.uuid = data.uuid;
 	await user.save();
 
 	return new Response();
@@ -96,26 +88,11 @@ export const PUT = (async ({ request, cookies }) => {
 		});
 	}
 
-	const data: {
-		firstname: string;
-		lastname: string;
-
-		birthday: string;
-		telephone: string;
-
-		username: string;
-		playertype: string;
-	} = await request.json();
-
-	if (
-		data.firstname == null ||
-		data.lastname == null ||
-		data.birthday == null ||
-		data.username == null ||
-		data.playertype == null
-	) {
+	const parseResult = await UserAddSchema.safeParseAsync(await request.json());
+	if (!parseResult.success) {
 		return new Response(null, { status: 400 });
 	}
+	const data = parseResult.data;
 
 	let uuid: string | null;
 	try {
@@ -180,16 +157,13 @@ export const DELETE = (async ({ request, cookies }) => {
 		});
 	}
 
-	const data = await request.json();
-	const id = (data['id'] as number) || null;
-
-	if (id == null) {
-		return new Response(null, {
-			status: 400
-		});
+	const parseResult = await UserDeleteSchema.safeParseAsync(await request.json());
+	if (!parseResult.success) {
+		return new Response(null, { status: 400 });
 	}
+	const data = parseResult.data;
 
-	await User.destroy({ where: { id: id } });
+	await User.destroy({ where: { id: data.id } });
 
 	return new Response();
 }) satisfies RequestHandler;