npm - express-zod-safe - Versions diffs - 3.1.0 → 3.2.0 - Mend

express-zod-safe 3.1.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -117,14 +117,16 @@ app.post('/user/:userId', validate({ handler, params, query, body }), (req, res)
 });
 ```
-If you plan to use the same error handler across every route, use the `setGlobalErrorHandler`:
+If you plan to use the same error handler across every route, use `setGlobalOptions`:
 ```ts
-import { setGlobalErrorHandler } from 'express-zod-safe';
+import { setGlobalOptions } from 'express-zod-safe';
-setGlobalErrorHandler((errors, req, res) => {
-  // Your error handling here
+setGlobalOptions({
+  handler: (errors, req, res) => {
+    // Your error handling here
+  }
 })
 ```
@@ -210,6 +212,43 @@ app.post('/user', validate({ body, params }), (req, res) => {
 });
 ```
+To enable this behaviour globally without the need to explicitly set `z.any()` in each instance, use `setGlobalOptions`:
+```ts
+import { setGlobalOptions } from 'express-zod-safe';
+setGlobalOptions({
+  missingSchemaBehavior: 'any'
+});
+```
+### ⚠️ Default Schema Object Strictness
+When a plain JavaScript object is supplied instead of a Zod schema object, the default behaviour is to assume `z.strictObject`.  This means that additional keys will cause validation to fail.  To override this behaviour, use `z.object()` explicitly:
+```ts
+// z.object allows additional keys
+const body = z.object({
+  name: z.string(),
+  email: z.string().email(),
+});
+app.post('/user', validate({ body }), (req, res) => {
+  // ...
+});
+```
+*Note: in both instances, additional keys will be stripped from the output.  The difference lies in whether additional keys throw a validation error or are silently removed.*
+To enable this behaviour globally without the need to explicitly set `z.object()` in each instance, use `setGlobalOptions`:
+```ts
+import { setGlobalOptions } from 'express-zod-safe';
+setGlobalOptions({
+  defaultSchemaObject: 'lax'
+});
+```
 ## ⭐️ Show your support
 Give a ⭐️ on GitHub if this project helped you!

package/dist/index.d.mts CHANGED Viewed

@@ -3,11 +3,101 @@ import { ZodType, ZodRawShape, ZodError, z } from 'zod';
 declare const types: readonly ["query", "params", "body"];
 declare const defaultErrorHandler: ErrorRequestHandler;
+interface ValidateRequestGlobalOptions {
+    /**
+     * The error handler to use for all routes if no handler is provided in the schema.
+     */
+    handler: ErrorRequestHandler;
+    /**
+     * The default schema object type to use for validation when a plain object is provided.
+     *
+     * When using `validate({ query: { a: z.string() } })`:
+     * - `'strict'` (default): Uses `z.strictObject`, which rejects extra properties.
+     *   For example, `GET /?a=1&b=2` will fail validation.
+     * - `'lax'`: Uses `z.object`, which allows extra properties.
+     *   For example, `GET /?a=1&b=2` will succeed, and `req.query` will only contain `{ a: '1' }`.
+     *
+     * Note: If you pass a Zod object directly (e.g., `validate({ query: z.object({ a: z.string() }) })`),
+     * this option has no effect as the provided Zod object is used as-is.
+     *
+     * @default 'strict'
+     * @example
+     * ```ts
+     * // Allow extra properties in query params
+     * setGlobalOptions({ defaultSchemaObject: 'lax' });
+     *
+     * app.get('/user', validate({ query: { id: z.string() } }), (req, res) => {
+     * 	// GET /user?id=123&extra=value will succeed
+     * 	// req.query will be { id: '123' }
+     * });
+     * ```
+     */
+    defaultSchemaObject: 'strict' | 'lax';
+    /**
+     * The behavior when a schema is not provided for a particular input type (params, query, or body).
+     *
+     * - `'empty'` (default): Validates against an empty strict object (`z.strictObject({})`), which rejects any input.
+     * - `'any'`: Skips validation entirely for that input type, allowing any data to pass through.
+     *   This is useful when using nested routers where different parts of the route validate different inputs.
+     *
+     * @default 'empty'
+     */
+    missingSchemaBehavior: 'empty' | 'any';
+}
+/**
+ * The default global options for request validation.
+ *
+ * Default values:
+ * - `defaultSchemaObject: 'strict'`
+ * - `missingSchemaBehavior: 'empty'`
+ * - `handler`: The default error handler sends a 400 status with an array of validation errors (see: {@link defaultErrorHandler}):
+ *     ```ts
+ *     (errors, _req, res) => {
+ *     	res.status(400).send(errors.map(error => ({ type: error.type, errors: error.errors.issues })));
+ *     }
+ *     ```
+ */
+declare const DEFAULT_OPTIONS: ValidateRequestGlobalOptions;
+/**
+ * Sets the global {@link options} for request validation.
+ *
+ * @param newOptions Partial options to merge with the current global options.
+ * @example
+ * // Change the error handler
+ * setGlobalOptions({
+ * 	handler: (errors, req, res) => {
+ * 		res.status(422).json({ validationErrors: errors });
+ * 	}
+ * });
+ *
+ * // Change default schema object type
+ * setGlobalOptions({ defaultSchemaObject: 'lax' });
+ *
+ * // Change missing schema behavior
+ * setGlobalOptions({ missingSchemaBehavior: 'any' });
+ *
+ * // Change all options
+ * setGlobalOptions({
+ * 	handler: customHandler,
+ * 	defaultSchemaObject: 'lax',
+ * 	missingSchemaBehavior: 'any'
+ * });
+ */
+declare const setGlobalOptions: (newOptions: Partial<ValidateRequestGlobalOptions>) => void;
 /**
  * Generates a middleware function for Express.js that validates request params, query, and body.
  * This function uses Zod schemas to perform validation against the provided schema definitions.
  *
- * @param schemas - An object containing Zod schemas for params, query, and body.  Optional handler for custom error handling.
+ * **Missing Schema Behavior**: If a schema is not provided for a particular input type (params, query, or body),
+ * the behavior is controlled by the {@link ValidateRequestGlobalOptions.missingSchemaBehavior} option:
+ * - `'empty'` (default): Validates against an empty strict object, rejecting any input
+ * - `'any'`: Skips validation entirely, allowing any data to pass through
+ *
+ * This allows you to validate only the parts of the request you care about when using nested routers.
+ *
+ * @param schemas - An object containing Zod schemas for params, query, and body. All fields are optional.
+ *                  If a field is omitted, behavior depends on {@link ValidateRequestGlobalOptions.missingSchemaBehavior}.
+ *                  Optional handler for custom error handling.
  * @returns An Express.js middleware function that validates the request based on the provided schemas.
  *          It attaches validated data to the request object and sends error details if validation fails.
  * @template TParams - Type definition for params schema.
@@ -40,9 +130,18 @@ declare const defaultErrorHandler: ErrorRequestHandler;
  *   res.send('User data is valid!');
  * });
  *
+ * // Only validate params, allow any query or body
+ * setGlobalOptions({ missingSchemaBehavior: 'any' });
+ * app.use('/:id', validate({ params: { id: z.string().uuid() } }), nestedRouter);
+ *
  * app.listen(3000, () => console.log('Server running on port 3000'));
  */
 declare function validate<TParams extends ValidationSchema, TQuery extends ValidationSchema, TBody extends ValidationSchema>(schemas: CompleteValidationSchema<TParams, TQuery, TBody>): RequestHandler<ZodOutput<TParams>, any, ZodOutput<TBody>, ZodOutput<TQuery>>;
+/**
+ * Sets the global error handler for all routes.
+ * @param handler The error handler to set.
+ * @deprecated Use {@link setGlobalOptions} instead.
+ */
 declare function setGlobalErrorHandler(handler: ErrorRequestHandler): void;
 /**
  * Describes the types of data that can be validated: 'query', 'params', or 'body'.
@@ -125,4 +224,4 @@ type WeakRequestHandler = RequestHandler<Unvalidated, Unvalidated, Unvalidated,
  */
 type ValidatedRequest<T extends CompleteValidationSchema> = Request<ZodOutput<T['params']>, any, ZodOutput<T['body']>, ZodOutput<T['query']>>;
-export { type CompleteValidationSchema, type ErrorListItem, type ErrorRequestHandler, type Unvalidated, type ValidatedRequest, type ValidationSchema, type WeakRequestHandler, type ZodOutput, validate as default, defaultErrorHandler, setGlobalErrorHandler };
+export { type CompleteValidationSchema, DEFAULT_OPTIONS, type ErrorListItem, type ErrorRequestHandler, type Unvalidated, type ValidateRequestGlobalOptions, type ValidatedRequest, type ValidationSchema, type WeakRequestHandler, type ZodOutput, validate as default, defaultErrorHandler, setGlobalErrorHandler, setGlobalOptions };

package/dist/index.d.ts CHANGED Viewed

@@ -3,11 +3,101 @@ import { ZodType, ZodRawShape, ZodError, z } from 'zod';
 declare const types: readonly ["query", "params", "body"];
 declare const defaultErrorHandler: ErrorRequestHandler;
+interface ValidateRequestGlobalOptions {
+    /**
+     * The error handler to use for all routes if no handler is provided in the schema.
+     */
+    handler: ErrorRequestHandler;
+    /**
+     * The default schema object type to use for validation when a plain object is provided.
+     *
+     * When using `validate({ query: { a: z.string() } })`:
+     * - `'strict'` (default): Uses `z.strictObject`, which rejects extra properties.
+     *   For example, `GET /?a=1&b=2` will fail validation.
+     * - `'lax'`: Uses `z.object`, which allows extra properties.
+     *   For example, `GET /?a=1&b=2` will succeed, and `req.query` will only contain `{ a: '1' }`.
+     *
+     * Note: If you pass a Zod object directly (e.g., `validate({ query: z.object({ a: z.string() }) })`),
+     * this option has no effect as the provided Zod object is used as-is.
+     *
+     * @default 'strict'
+     * @example
+     * ```ts
+     * // Allow extra properties in query params
+     * setGlobalOptions({ defaultSchemaObject: 'lax' });
+     *
+     * app.get('/user', validate({ query: { id: z.string() } }), (req, res) => {
+     * 	// GET /user?id=123&extra=value will succeed
+     * 	// req.query will be { id: '123' }
+     * });
+     * ```
+     */
+    defaultSchemaObject: 'strict' | 'lax';
+    /**
+     * The behavior when a schema is not provided for a particular input type (params, query, or body).
+     *
+     * - `'empty'` (default): Validates against an empty strict object (`z.strictObject({})`), which rejects any input.
+     * - `'any'`: Skips validation entirely for that input type, allowing any data to pass through.
+     *   This is useful when using nested routers where different parts of the route validate different inputs.
+     *
+     * @default 'empty'
+     */
+    missingSchemaBehavior: 'empty' | 'any';
+}
+/**
+ * The default global options for request validation.
+ *
+ * Default values:
+ * - `defaultSchemaObject: 'strict'`
+ * - `missingSchemaBehavior: 'empty'`
+ * - `handler`: The default error handler sends a 400 status with an array of validation errors (see: {@link defaultErrorHandler}):
+ *     ```ts
+ *     (errors, _req, res) => {
+ *     	res.status(400).send(errors.map(error => ({ type: error.type, errors: error.errors.issues })));
+ *     }
+ *     ```
+ */
+declare const DEFAULT_OPTIONS: ValidateRequestGlobalOptions;
+/**
+ * Sets the global {@link options} for request validation.
+ *
+ * @param newOptions Partial options to merge with the current global options.
+ * @example
+ * // Change the error handler
+ * setGlobalOptions({
+ * 	handler: (errors, req, res) => {
+ * 		res.status(422).json({ validationErrors: errors });
+ * 	}
+ * });
+ *
+ * // Change default schema object type
+ * setGlobalOptions({ defaultSchemaObject: 'lax' });
+ *
+ * // Change missing schema behavior
+ * setGlobalOptions({ missingSchemaBehavior: 'any' });
+ *
+ * // Change all options
+ * setGlobalOptions({
+ * 	handler: customHandler,
+ * 	defaultSchemaObject: 'lax',
+ * 	missingSchemaBehavior: 'any'
+ * });
+ */
+declare const setGlobalOptions: (newOptions: Partial<ValidateRequestGlobalOptions>) => void;
 /**
  * Generates a middleware function for Express.js that validates request params, query, and body.
  * This function uses Zod schemas to perform validation against the provided schema definitions.
  *
- * @param schemas - An object containing Zod schemas for params, query, and body.  Optional handler for custom error handling.
+ * **Missing Schema Behavior**: If a schema is not provided for a particular input type (params, query, or body),
+ * the behavior is controlled by the {@link ValidateRequestGlobalOptions.missingSchemaBehavior} option:
+ * - `'empty'` (default): Validates against an empty strict object, rejecting any input
+ * - `'any'`: Skips validation entirely, allowing any data to pass through
+ *
+ * This allows you to validate only the parts of the request you care about when using nested routers.
+ *
+ * @param schemas - An object containing Zod schemas for params, query, and body. All fields are optional.
+ *                  If a field is omitted, behavior depends on {@link ValidateRequestGlobalOptions.missingSchemaBehavior}.
+ *                  Optional handler for custom error handling.
  * @returns An Express.js middleware function that validates the request based on the provided schemas.
  *          It attaches validated data to the request object and sends error details if validation fails.
  * @template TParams - Type definition for params schema.
@@ -40,9 +130,18 @@ declare const defaultErrorHandler: ErrorRequestHandler;
  *   res.send('User data is valid!');
  * });
  *
+ * // Only validate params, allow any query or body
+ * setGlobalOptions({ missingSchemaBehavior: 'any' });
+ * app.use('/:id', validate({ params: { id: z.string().uuid() } }), nestedRouter);
+ *
  * app.listen(3000, () => console.log('Server running on port 3000'));
  */
 declare function validate<TParams extends ValidationSchema, TQuery extends ValidationSchema, TBody extends ValidationSchema>(schemas: CompleteValidationSchema<TParams, TQuery, TBody>): RequestHandler<ZodOutput<TParams>, any, ZodOutput<TBody>, ZodOutput<TQuery>>;
+/**
+ * Sets the global error handler for all routes.
+ * @param handler The error handler to set.
+ * @deprecated Use {@link setGlobalOptions} instead.
+ */
 declare function setGlobalErrorHandler(handler: ErrorRequestHandler): void;
 /**
  * Describes the types of data that can be validated: 'query', 'params', or 'body'.
@@ -127,4 +226,4 @@ type ValidatedRequest<T extends CompleteValidationSchema> = Request<ZodOutput<T[
 // @ts-ignore
 export = validate;
-export { type CompleteValidationSchema, type ErrorListItem, type ErrorRequestHandler, type Unvalidated, type ValidatedRequest, type ValidationSchema, type WeakRequestHandler, type ZodOutput, defaultErrorHandler, setGlobalErrorHandler };
+export { type CompleteValidationSchema, DEFAULT_OPTIONS, type ErrorListItem, type ErrorRequestHandler, type Unvalidated, type ValidateRequestGlobalOptions, type ValidatedRequest, type ValidationSchema, type WeakRequestHandler, type ZodOutput, defaultErrorHandler, setGlobalErrorHandler, setGlobalOptions };

package/dist/index.js CHANGED Viewed

@@ -5,7 +5,15 @@ var types = ["query", "params", "body"];
 var defaultErrorHandler = (errors, _req, res) => {
   res.status(400).send(errors.map((error) => ({ type: error.type, errors: error.errors.issues })));
 };
-var globalErrorHandler = defaultErrorHandler;
+var DEFAULT_OPTIONS = {
+  handler: defaultErrorHandler,
+  defaultSchemaObject: "strict",
+  missingSchemaBehavior: "empty"
+};
+var options = DEFAULT_OPTIONS;
+var setGlobalOptions = (newOptions) => {
+  Object.assign(options, newOptions);
+};
 function isZodType(schema) {
   return !!schema && typeof schema.safeParseAsync === "function";
 }
@@ -24,11 +32,18 @@ if (descriptor) {
   });
 }
 function validate(schemas) {
+  const zodObject = options.defaultSchemaObject === "strict" ? _zod.z.strictObject : _zod.z.object;
+  const missingSchemaHandler = options.missingSchemaBehavior === "empty" ? zodObject({}) : _zod.z.any();
   const validation = {
-    params: isZodType(schemas.params) ? schemas.params : _zod.z.strictObject(_nullishCoalesce(schemas.params, () => ( {}))),
-    query: isZodType(schemas.query) ? schemas.query : _zod.z.strictObject(_nullishCoalesce(schemas.query, () => ( {}))),
-    body: isZodType(schemas.body) ? schemas.body : _zod.z.strictObject(_nullishCoalesce(schemas.body, () => ( {})))
+    params: missingSchemaHandler,
+    query: missingSchemaHandler,
+    body: missingSchemaHandler
   };
+  for (const type of types) {
+    if (schemas[type]) {
+      validation[type] = isZodType(schemas[type]) ? schemas[type] : zodObject(schemas[type]);
+    }
+  }
   return async (req, res, next) => {
     const errors = [];
     for (const type of types) {
@@ -37,18 +52,20 @@ function validate(schemas) {
       else errors.push({ type, errors: parsed.error });
     }
     if (errors.length > 0) {
-      const handler = _nullishCoalesce(schemas.handler, () => ( globalErrorHandler));
+      const handler = _nullishCoalesce(schemas.handler, () => ( options.handler));
       return handler(errors, req, res, next);
     }
     return next();
   };
 }
 function setGlobalErrorHandler(handler) {
-  globalErrorHandler = handler;
+  options.handler = handler;
 }
-exports.default = validate; exports.defaultErrorHandler = defaultErrorHandler; exports.setGlobalErrorHandler = setGlobalErrorHandler;
+exports.DEFAULT_OPTIONS = DEFAULT_OPTIONS; exports.default = validate; exports.defaultErrorHandler = defaultErrorHandler; exports.setGlobalErrorHandler = setGlobalErrorHandler; exports.setGlobalOptions = setGlobalOptions;
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["/home/runner/work/express-zod-safe/express-zod-safe/dist/index.js","../src/index.ts"],"names":[],"mappings":"AAAA;ACEA,oFAAoB;AACpB,0BAAiE;AAEjE,IAAM,MAAA,EAAQ,CAAC,OAAA,EAAS,QAAA,EAAU,MAAM,CAAA;AAEjC,IAAM,oBAAA,EAA2C,CAAC,MAAA,EAAQ,IAAA,EAAM,GAAA,EAAA,GAAQ;AAC9E,EAAA,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,CAAA,KAAA,EAAA,GAAA,CAAU,EAAE,IAAA,EAAM,KAAA,CAAM,IAAA,EAAM,MAAA,EAAQ,KAAA,CAAM,MAAA,CAAO,OAAO,CAAA,CAAE,CAAC,CAAA;AAC9F,CAAA;AAEA,IAAI,mBAAA,EAAqB,mBAAA;AAOzB,SAAS,SAAA,CAAU,MAAA,EAAoC;AACtD,EAAA,OAAO,CAAC,CAAC,OAAA,GAAU,OAAQ,MAAA,CAAmB,eAAA,IAAmB,UAAA;AAClE;AAGA,IAAM,WAAA,EAAa,MAAA,CAAO,wBAAA,CAAyB,iBAAA,CAAQ,OAAA,EAAS,OAAO,CAAA;AAC3E,GAAA,CAAI,UAAA,EAAY;AACf,EAAA,MAAA,CAAO,cAAA,CAAe,iBAAA,CAAQ,OAAA,EAAS,OAAA,EAAS;AAAA,IAC/C,GAAA,CAAA,EAAmB;AAClB,MAAA,GAAA,CAAI,MAAA,CAAO,MAAA,CAAO,IAAA,EAAM,QAAQ,CAAA,EAAG,OAAO,IAAA,CAAK,MAAA;AAC/C,MAAA,uBAAO,UAAA,2BAAY,GAAA,6BAAK,IAAA,mBAAK,IAAI,GAAA;AAAA,IAClC,CAAA;AAAA,IACA,GAAA,CAAmB,KAAA,EAAgB;AAClC,MAAA,IAAA,CAAK,OAAA,EAAS,KAAA;AAAA,IACf,CAAA;AAAA,IACA,YAAA,EAAc,IAAA;AAAA,IACd,UAAA,EAAY;AAAA,EACb,CAAC,CAAA;AACF;AAyCe,SAAR,QAAA,CACN,OAAA,EAC+E;AAE/E,EAAA,MAAM,WAAA,EAAa;AAAA,IAClB,MAAA,EAAQ,SAAA,CAAU,OAAA,CAAQ,MAAM,EAAA,EAAI,OAAA,CAAQ,OAAA,EAAS,MAAA,CAAE,YAAA,kBAAa,OAAA,CAAQ,MAAA,UAAU,CAAC,GAAC,CAAA;AAAA,IACxF,KAAA,EAAO,SAAA,CAAU,OAAA,CAAQ,KAAK,EAAA,EAAI,OAAA,CAAQ,MAAA,EAAQ,MAAA,CAAE,YAAA,kBAAa,OAAA,CAAQ,KAAA,UAAS,CAAC,GAAC,CAAA;AAAA,IACpF,IAAA,EAAM,SAAA,CAAU,OAAA,CAAQ,IAAI,EAAA,EAAI,OAAA,CAAQ,KAAA,EAAO,MAAA,CAAE,YAAA,kBAAa,OAAA,CAAQ,IAAA,UAAQ,CAAC,GAAC;AAAA,EACjF,CAAA;AAEA,EAAA,OAAO,MAAA,CAAO,GAAA,EAAK,GAAA,EAAK,IAAA,EAAA,GAAwB;AAC/C,IAAA,MAAM,OAAA,EAA0B,CAAC,CAAA;AAGjC,IAAA,IAAA,CAAA,MAAW,KAAA,GAAQ,KAAA,EAAO;AACzB,MAAA,MAAM,OAAA,EAAS,MAAM,UAAA,CAAW,IAAI,CAAA,CAAE,cAAA,kBAAe,GAAA,CAAI,IAAI,CAAA,UAAK,CAAC,GAAC,CAAA;AACpE,MAAA,GAAA,CAAI,MAAA,CAAO,OAAA,EAAS,GAAA,CAAI,IAAI,EAAA,EAAI,MAAA,CAAO,IAAA;AAAA,MAAA,KAClC,MAAA,CAAO,IAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,MAAA,CAAO,MAAM,CAAC,CAAA;AAAA,IAChD;AAGA,IAAA,GAAA,CAAI,MAAA,CAAO,OAAA,EAAS,CAAA,EAAG;AAEtB,MAAA,MAAM,QAAA,mBAAU,OAAA,CAAQ,OAAA,UAAW,oBAAA;AACnC,MAAA,OAAO,OAAA,CAAQ,MAAA,EAAQ,GAAA,EAAK,GAAA,EAAK,IAAI,CAAA;AAAA,IACtC;AAEA,IAAA,OAAO,IAAA,CAAK,CAAA;AAAA,EACb,CAAA;AACD;AAEO,SAAS,qBAAA,CAAsB,OAAA,EAAoC;AACzE,EAAA,mBAAA,EAAqB,OAAA;AACtB;AD9DA;AACE;AACA;AACA;AACF,qIAAC","file":"/home/runner/work/express-zod-safe/express-zod-safe/dist/index.js","sourcesContent":[null,"/// <reference types=\"./express.d.ts\" />\nimport type { NextFunction, Request, RequestHandler, Response } from 'express';\nimport express from 'express';\nimport { type ZodError, type ZodRawShape, type ZodType, z } from 'zod';\n\nconst types = ['query', 'params', 'body'] as const;\n\nexport const defaultErrorHandler: ErrorRequestHandler = (errors, _req, res) => {\n\tres.status(400).send(errors.map(error => ({ type: error.type, errors: error.errors.issues })));\n};\n\nlet globalErrorHandler = defaultErrorHandler;\n\n/*\n A ZodType type guard.\n * @param schema The Zod schema to check.\n * @returns Whether the provided schema is a ZodType.\n /\nfunction isZodType(schema: unknown): schema is ZodType {\n\treturn !!schema && typeof (schema as ZodType).safeParseAsync === 'function';\n}\n\n// Override express@^5 request.query getter to provider setter\nconst descriptor = Object.getOwnPropertyDescriptor(express.request, 'query');\nif (descriptor) {\n\tObject.defineProperty(express.request, 'query', {\n\t\tget(this: Request) {\n\t\t\tif (Object.hasOwn(this, '_query')) return this._query;\n\t\t\treturn descriptor?.get?.call(this);\n\t\t},\n\t\tset(this: Request, query: unknown) {\n\t\t\tthis._query = query;\n\t\t},\n\t\tconfigurable: true,\n\t\tenumerable: true\n\t});\n}\n\n/\n Generates a middleware function for Express.js that validates request params, query, and body.\n * This function uses Zod schemas to perform validation against the provided schema definitions.\n \n @param schemas - An object containing Zod schemas for params, query, and body. Optional handler for custom error handling.\n * @returns An Express.js middleware function that validates the request based on the provided schemas.\n * It attaches validated data to the request object and sends error details if validation fails.\n * @template TParams - Type definition for params schema.\n * @template TQuery - Type definition for query schema.\n * @template TBody - Type definition for body schema.\n * @example\n * // Example usage in an Express.js route\n * import express from 'express';\n * import validate from 'express-zod-safe';\n * import { z } from 'zod';\n \n const app = express();\n * app.use(express.json());\n \n // Define your Zod schemas\n * const params = {\n * userId: z.string().uuid(),\n * };\n * const query = {\n * age: z.coerce.number().optional(),\n * };\n * const body = {\n * name: z.string(),\n * email: z.string().email(),\n * };\n \n // Use the validate middleware in your route\n * app.post('/user/:userId', validate({ params, query, body }), (req, res) => {\n * // Your route logic here\n * res.send('User data is valid!');\n * });\n \n app.listen(3000, () => console.log('Server running on port 3000'));\n /\nexport default function validate<TParams extends ValidationSchema, TQuery extends ValidationSchema, TBody extends ValidationSchema>(\n\tschemas: CompleteValidationSchema<TParams, TQuery, TBody>\n): RequestHandler<ZodOutput<TParams>, any, ZodOutput<TBody>, ZodOutput<TQuery>> {\n\t// Create validation objects for each type\n\tconst validation = {\n\t\tparams: isZodType(schemas.params) ? schemas.params : z.strictObject(schemas.params ?? {}),\n\t\tquery: isZodType(schemas.query) ? schemas.query : z.strictObject(schemas.query ?? {}),\n\t\tbody: isZodType(schemas.body) ? schemas.body : z.strictObject(schemas.body ?? {})\n\t};\n\n\treturn async (req, res, next): Promise<void> => {\n\t\tconst errors: ErrorListItem[] = [];\n\n\t\t// Validate all types (params, query, body)\n\t\tfor (const type of types) {\n\t\t\tconst parsed = await validation[type].safeParseAsync(req[type] ?? {});\n\t\t\tif (parsed.success) req[type] = parsed.data as any;\n\t\t\telse errors.push({ type, errors: parsed.error });\n\t\t}\n\n\t\t// Return all errors if there are any\n\t\tif (errors.length > 0) {\n\t\t\t// If a custom error handler is provided, use it\n\t\t\tconst handler = schemas.handler ?? globalErrorHandler;\n\t\t\treturn handler(errors, req, res, next);\n\t\t}\n\n\t\treturn next();\n\t};\n}\n\nexport function setGlobalErrorHandler(handler: ErrorRequestHandler): void {\n\tglobalErrorHandler = handler;\n}\n\n/\n Describes the types of data that can be validated: 'query', 'params', or 'body'.\n /\ntype DataType = (typeof types)[number];\n\n/\n Defines the structure of an error item, containing the type of validation that failed (params, query, or body)\n * and the associated ZodError.\n /\nexport interface ErrorListItem {\n\ttype: DataType;\n\terrors: ZodError;\n}\n\nexport type Unvalidated = unknown;\n\n/\n Represents an Express.js error request handler where the params, query and body are of unknown type as validation failed.\n /\nexport type ErrorRequestHandler<\n\tP = Unvalidated,\n\tResBody = any,\n\tReqBody = Unvalidated,\n\tReqQuery = unknown,\n\tLocalsObj extends Record<string, any> = Record<string, any>\n> = (\n\terr: ErrorListItem[],\n\treq: Request<P, ResBody, ReqBody, ReqQuery, LocalsObj>,\n\tres: Response<ResBody, LocalsObj>,\n\tnext: NextFunction\n) => void \| Promise<void>;\n\n/\n Represents a generic type for route validation, which can be applied to params, query, or body.\n * Each key-value pair represents a field and its corresponding Zod validation schema.\n /\nexport type ValidationSchema = ZodType \| ZodRawShape;\n\n/\n Defines the structure for the schemas provided to the validate middleware.\n * Each property corresponds to a different part of the request (params, query, body)\n * and should be a record of Zod types for validation. Optional handler for custom error handling.\n \n @template TParams - Type definition for params schema.\n * @template TQuery - Type definition for query schema.\n * @template TBody - Type definition for body schema.\n /\nexport interface CompleteValidationSchema<\n\tTParams extends ValidationSchema = ValidationSchema,\n\tTQuery extends ValidationSchema = ValidationSchema,\n\tTBody extends ValidationSchema = ValidationSchema\n> {\n\thandler?: ErrorRequestHandler;\n\tparams?: TParams;\n\tquery?: TQuery;\n\tbody?: TBody;\n}\n\n/\n Represents the output type of a Zod validation schema.\n * This is used to infer the TypeScript type from a Zod schema,\n * providing typesafe access to the validated data.\n \n @template T - The validation type (params, query, or body).\n /\nexport type ZodOutput<T extends ValidationSchema \| undefined> = T extends ValidationSchema\n\t? z.output<T extends ZodRawShape ? z.ZodObject<T> : T>\n\t: Unvalidated;\n\n/\n A utility type to ensure other middleware types don't conflict with the validate middleware.\n /\nexport type WeakRequestHandler = RequestHandler<Unvalidated, Unvalidated, Unvalidated, Unvalidated>;\n\n/\n A utility type to ensure the Request is typed correctly.\n * @template T - The validation schema to be applied to the request params, query and body.\n * @example\n * import { ValidatedRequest } from 'express-zod-safe';\n * import { z } from 'zod';\n \n const schema = {\n * \tquery: {\n * \t\tname: z.string().min(3).max(10),\n * \t\tage: z.coerce.number().min(18)\n * \t},\n * \tbody: {\n * \t\ttitle: z.string().max(4)\n * \t},\n * \tparams: {\n * \t\tid: z.coerce.number()\n * \t}\n * };\n \n const requestHandler = (req: ValidatedRequest<typeof schema>, res: Response) => {\n * \tconst { name, age } = req.query;\n * \tconst { id } = req.params;\n * const { title } = req.body;\n \n \tres.send(`Hello ${title} ${name}! (Your age is ${age} and your ID is ${id})`);\n * };\n \n app.post('/handler/:id', validate(schema), requestHandler);\n */\nexport type ValidatedRequest<T extends CompleteValidationSchema> = Request<\n\tZodOutput<T['params']>,\n\tany,\n\tZodOutput<T['body']>,\n\tZodOutput<T['query']>\n>;\n"]}
1	+ {"version":3,"sources":["c:\\Users\\angus\\Documents\\Development\\express-zod-safe\\dist\\index.js"],"names":[],"mappings":"AAAA;AACA,oFAA6B;AAC7B,0BAAuB;AACvB,IAAI,MAAM,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC;AACvC,IAAI,oBAAoB,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG;AACjD,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAClG,CAAC;AACD,IAAI,gBAAgB,EAAE;AACtB,EAAE,OAAO,EAAE,mBAAmB;AAC9B,EAAE,mBAAmB,EAAE,QAAQ;AAC/B,EAAE,qBAAqB,EAAE;AACzB,CAAC;AACD,IAAI,QAAQ,EAAE,eAAe;AAC7B,IAAI,iBAAiB,EAAE,CAAC,UAAU,EAAE,GAAG;AACvC,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC;AACpC,CAAC;AACD,SAAS,SAAS,CAAC,MAAM,EAAE;AAC3B,EAAE,OAAO,CAAC,CAAC,OAAO,GAAG,OAAO,MAAM,CAAC,eAAe,IAAI,UAAU;AAChE;AACA,IAAI,WAAW,EAAE,MAAM,CAAC,wBAAwB,CAAC,iBAAO,CAAC,OAAO,EAAE,OAAO,CAAC;AAC1E,GAAG,CAAC,UAAU,EAAE;AAChB,EAAE,MAAM,CAAC,cAAc,CAAC,iBAAO,CAAC,OAAO,EAAE,OAAO,EAAE;AAClD,IAAI,GAAG,CAAC,EAAE;AACV,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,OAAO,IAAI,CAAC,MAAM;AAC3D,MAAM,uBAAO,UAAU,2BAAE,GAAG,6BAAE,IAAI,mBAAC,IAAI,GAAC;AACxC,IAAI,CAAC;AACL,IAAI,GAAG,CAAC,KAAK,EAAE;AACf,MAAM,IAAI,CAAC,OAAO,EAAE,KAAK;AACzB,IAAI,CAAC;AACL,IAAI,YAAY,EAAE,IAAI;AACtB,IAAI,UAAU,EAAE;AAChB,EAAE,CAAC,CAAC;AACJ;AACA,SAAS,QAAQ,CAAC,OAAO,EAAE;AAC3B,EAAE,MAAM,UAAU,EAAE,OAAO,CAAC,oBAAoB,IAAI,SAAS,EAAE,MAAC,CAAC,aAAa,EAAE,MAAC,CAAC,MAAM;AACxF,EAAE,MAAM,qBAAqB,EAAE,OAAO,CAAC,sBAAsB,IAAI,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,MAAC,CAAC,GAAG,CAAC,CAAC;AAClG,EAAE,MAAM,WAAW,EAAE;AACrB,IAAI,MAAM,EAAE,oBAAoB;AAChC,IAAI,KAAK,EAAE,oBAAoB;AAC/B,IAAI,IAAI,EAAE;AACV,EAAE,CAAC;AACH,EAAE,IAAI,CAAC,MAAM,KAAK,GAAG,KAAK,EAAE;AAC5B,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;AACvB,MAAM,UAAU,CAAC,IAAI,EAAE,EAAE,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,EAAE,EAAE,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AAC5F,IAAI;AACJ,EAAE;AACF,EAAE,OAAO,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG;AACnC,IAAI,MAAM,OAAO,EAAE,CAAC,CAAC;AACrB,IAAI,IAAI,CAAC,MAAM,KAAK,GAAG,KAAK,EAAE;AAC9B,MAAM,MAAM,OAAO,EAAE,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC,cAAc,kBAAC,GAAG,CAAC,IAAI,CAAE,UAAG,CAAC,GAAC,CAAC;AAC3E,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC,IAAI;AACjD,MAAM,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;AACtD,IAAI;AACJ,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE;AAC3B,MAAM,MAAM,QAAQ,mBAAE,OAAO,CAAC,OAAQ,UAAG,OAAO,CAAC,SAAO;AACxD,MAAM,OAAO,OAAO,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC;AAC5C,IAAI;AACJ,IAAI,OAAO,IAAI,CAAC,CAAC;AACjB,EAAE,CAAC;AACH;AACA,SAAS,qBAAqB,CAAC,OAAO,EAAE;AACxC,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO;AAC3B;AACA;AACE;AACA;AACA;AACA;AACA;AACF,6NAAC","file":"C:\\Users\\angus\\Documents\\Development\\express-zod-safe\\dist\\index.js","sourcesContent":[null]}

package/dist/index.mjs CHANGED Viewed

@@ -5,7 +5,15 @@ var types = ["query", "params", "body"];
 var defaultErrorHandler = (errors, _req, res) => {
   res.status(400).send(errors.map((error) => ({ type: error.type, errors: error.errors.issues })));
 };
-var globalErrorHandler = defaultErrorHandler;
+var DEFAULT_OPTIONS = {
+  handler: defaultErrorHandler,
+  defaultSchemaObject: "strict",
+  missingSchemaBehavior: "empty"
+};
+var options = DEFAULT_OPTIONS;
+var setGlobalOptions = (newOptions) => {
+  Object.assign(options, newOptions);
+};
 function isZodType(schema) {
   return !!schema && typeof schema.safeParseAsync === "function";
 }
@@ -24,11 +32,18 @@ if (descriptor) {
   });
 }
 function validate(schemas) {
+  const zodObject = options.defaultSchemaObject === "strict" ? z.strictObject : z.object;
+  const missingSchemaHandler = options.missingSchemaBehavior === "empty" ? zodObject({}) : z.any();
   const validation = {
-    params: isZodType(schemas.params) ? schemas.params : z.strictObject(schemas.params ?? {}),
-    query: isZodType(schemas.query) ? schemas.query : z.strictObject(schemas.query ?? {}),
-    body: isZodType(schemas.body) ? schemas.body : z.strictObject(schemas.body ?? {})
+    params: missingSchemaHandler,
+    query: missingSchemaHandler,
+    body: missingSchemaHandler
   };
+  for (const type of types) {
+    if (schemas[type]) {
+      validation[type] = isZodType(schemas[type]) ? schemas[type] : zodObject(schemas[type]);
+    }
+  }
   return async (req, res, next) => {
     const errors = [];
     for (const type of types) {
@@ -37,18 +52,20 @@ function validate(schemas) {
       else errors.push({ type, errors: parsed.error });
     }
     if (errors.length > 0) {
-      const handler = schemas.handler ?? globalErrorHandler;
+      const handler = schemas.handler ?? options.handler;
       return handler(errors, req, res, next);
     }
     return next();
   };
 }
 function setGlobalErrorHandler(handler) {
-  globalErrorHandler = handler;
+  options.handler = handler;
 }
 export {
+  DEFAULT_OPTIONS,
   validate as default,
   defaultErrorHandler,
-  setGlobalErrorHandler
+  setGlobalErrorHandler,
+  setGlobalOptions
 };
 //# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/// <reference types=\"./express.d.ts\" />\nimport type { NextFunction, Request, RequestHandler, Response } from 'express';\nimport express from 'express';\nimport { type ZodError, type ZodRawShape, type ZodType, z } from 'zod';\n\nconst types = ['query', 'params', 'body'] as const;\n\nexport const defaultErrorHandler: ErrorRequestHandler = (errors, _req, res) => {\n\tres.status(400).send(errors.map(error => ({ type: error.type, errors: error.errors.issues })));\n};\n\nlet globalErrorHandler = defaultErrorHandler;\n\n/*\n A ZodType type guard.\n * @param schema The Zod schema to check.\n * @returns Whether the provided schema is a ZodType.\n /\nfunction isZodType(schema: unknown): schema is ZodType {\n\treturn !!schema && typeof (schema as ZodType).safeParseAsync === 'function';\n}\n\n// Override express@^5 request.query getter to provider setter\nconst descriptor = Object.getOwnPropertyDescriptor(express.request, 'query');\nif (descriptor) {\n\tObject.defineProperty(express.request, 'query', {\n\t\tget(this: Request) {\n\t\t\tif (Object.hasOwn(this, '_query')) return this._query;\n\t\t\treturn descriptor?.get?.call(this);\n\t\t},\n\t\tset(this: Request, query: unknown) {\n\t\t\tthis._query = query;\n\t\t},\n\t\tconfigurable: true,\n\t\tenumerable: true\n\t});\n}\n\n/\n Generates a middleware function for Express.js that validates request params, query, and body.\n * This function uses Zod schemas to perform validation against the provided schema definitions.\n \n @param schemas - An object containing Zod schemas for params, query, and body. Optional handler for custom error handling.\n * @returns An Express.js middleware function that validates the request based on the provided schemas.\n * It attaches validated data to the request object and sends error details if validation fails.\n * @template TParams - Type definition for params schema.\n * @template TQuery - Type definition for query schema.\n * @template TBody - Type definition for body schema.\n * @example\n * // Example usage in an Express.js route\n * import express from 'express';\n * import validate from 'express-zod-safe';\n * import { z } from 'zod';\n \n const app = express();\n * app.use(express.json());\n \n // Define your Zod schemas\n * const params = {\n * userId: z.string().uuid(),\n * };\n * const query = {\n * age: z.coerce.number().optional(),\n * };\n * const body = {\n * name: z.string(),\n * email: z.string().email(),\n * };\n \n // Use the validate middleware in your route\n * app.post('/user/:userId', validate({ params, query, body }), (req, res) => {\n * // Your route logic here\n * res.send('User data is valid!');\n * });\n \n app.listen(3000, () => console.log('Server running on port 3000'));\n /\nexport default function validate<TParams extends ValidationSchema, TQuery extends ValidationSchema, TBody extends ValidationSchema>(\n\tschemas: CompleteValidationSchema<TParams, TQuery, TBody>\n): RequestHandler<ZodOutput<TParams>, any, ZodOutput<TBody>, ZodOutput<TQuery>> {\n\t// Create validation objects for each type\n\tconst validation = {\n\t\tparams: isZodType(schemas.params) ? schemas.params : z.strictObject(schemas.params ?? {}),\n\t\tquery: isZodType(schemas.query) ? schemas.query : z.strictObject(schemas.query ?? {}),\n\t\tbody: isZodType(schemas.body) ? schemas.body : z.strictObject(schemas.body ?? {})\n\t};\n\n\treturn async (req, res, next): Promise<void> => {\n\t\tconst errors: ErrorListItem[] = [];\n\n\t\t// Validate all types (params, query, body)\n\t\tfor (const type of types) {\n\t\t\tconst parsed = await validation[type].safeParseAsync(req[type] ?? {});\n\t\t\tif (parsed.success) req[type] = parsed.data as any;\n\t\t\telse errors.push({ type, errors: parsed.error });\n\t\t}\n\n\t\t// Return all errors if there are any\n\t\tif (errors.length > 0) {\n\t\t\t// If a custom error handler is provided, use it\n\t\t\tconst handler = schemas.handler ?? globalErrorHandler;\n\t\t\treturn handler(errors, req, res, next);\n\t\t}\n\n\t\treturn next();\n\t};\n}\n\nexport function setGlobalErrorHandler(handler: ErrorRequestHandler): void {\n\tglobalErrorHandler = handler;\n}\n\n/\n Describes the types of data that can be validated: 'query', 'params', or 'body'.\n /\ntype DataType = (typeof types)[number];\n\n/\n Defines the structure of an error item, containing the type of validation that failed (params, query, or body)\n * and the associated ZodError.\n /\nexport interface ErrorListItem {\n\ttype: DataType;\n\terrors: ZodError;\n}\n\nexport type Unvalidated = unknown;\n\n/\n Represents an Express.js error request handler where the params, query and body are of unknown type as validation failed.\n /\nexport type ErrorRequestHandler<\n\tP = Unvalidated,\n\tResBody = any,\n\tReqBody = Unvalidated,\n\tReqQuery = unknown,\n\tLocalsObj extends Record<string, any> = Record<string, any>\n> = (\n\terr: ErrorListItem[],\n\treq: Request<P, ResBody, ReqBody, ReqQuery, LocalsObj>,\n\tres: Response<ResBody, LocalsObj>,\n\tnext: NextFunction\n) => void \| Promise<void>;\n\n/\n Represents a generic type for route validation, which can be applied to params, query, or body.\n * Each key-value pair represents a field and its corresponding Zod validation schema.\n /\nexport type ValidationSchema = ZodType \| ZodRawShape;\n\n/\n Defines the structure for the schemas provided to the validate middleware.\n * Each property corresponds to a different part of the request (params, query, body)\n * and should be a record of Zod types for validation. Optional handler for custom error handling.\n \n @template TParams - Type definition for params schema.\n * @template TQuery - Type definition for query schema.\n * @template TBody - Type definition for body schema.\n /\nexport interface CompleteValidationSchema<\n\tTParams extends ValidationSchema = ValidationSchema,\n\tTQuery extends ValidationSchema = ValidationSchema,\n\tTBody extends ValidationSchema = ValidationSchema\n> {\n\thandler?: ErrorRequestHandler;\n\tparams?: TParams;\n\tquery?: TQuery;\n\tbody?: TBody;\n}\n\n/\n Represents the output type of a Zod validation schema.\n * This is used to infer the TypeScript type from a Zod schema,\n * providing typesafe access to the validated data.\n \n @template T - The validation type (params, query, or body).\n /\nexport type ZodOutput<T extends ValidationSchema \| undefined> = T extends ValidationSchema\n\t? z.output<T extends ZodRawShape ? z.ZodObject<T> : T>\n\t: Unvalidated;\n\n/\n A utility type to ensure other middleware types don't conflict with the validate middleware.\n /\nexport type WeakRequestHandler = RequestHandler<Unvalidated, Unvalidated, Unvalidated, Unvalidated>;\n\n/\n A utility type to ensure the Request is typed correctly.\n * @template T - The validation schema to be applied to the request params, query and body.\n * @example\n * import { ValidatedRequest } from 'express-zod-safe';\n * import { z } from 'zod';\n \n const schema = {\n * \tquery: {\n * \t\tname: z.string().min(3).max(10),\n * \t\tage: z.coerce.number().min(18)\n * \t},\n * \tbody: {\n * \t\ttitle: z.string().max(4)\n * \t},\n * \tparams: {\n * \t\tid: z.coerce.number()\n * \t}\n * };\n \n const requestHandler = (req: ValidatedRequest<typeof schema>, res: Response) => {\n * \tconst { name, age } = req.query;\n * \tconst { id } = req.params;\n * const { title } = req.body;\n \n \tres.send(`Hello ${title} ${name}! (Your age is ${age} and your ID is ${id})`);\n * };\n \n app.post('/handler/:id', validate(schema), requestHandler);\n */\nexport type ValidatedRequest<T extends CompleteValidationSchema> = Request<\n\tZodOutput<T['params']>,\n\tany,\n\tZodOutput<T['body']>,\n\tZodOutput<T['query']>\n>;\n"],"mappings":";AAEA,OAAO,aAAa;AACpB,SAAwD,SAAS;AAEjE,IAAM,QAAQ,CAAC,SAAS,UAAU,MAAM;AAEjC,IAAM,sBAA2C,CAAC,QAAQ,MAAM,QAAQ;AAC9E,MAAI,OAAO,GAAG,EAAE,KAAK,OAAO,IAAI,YAAU,EAAE,MAAM,MAAM,MAAM,QAAQ,MAAM,OAAO,OAAO,EAAE,CAAC;AAC9F;AAEA,IAAI,qBAAqB;AAOzB,SAAS,UAAU,QAAoC;AACtD,SAAO,CAAC,CAAC,UAAU,OAAQ,OAAmB,mBAAmB;AAClE;AAGA,IAAM,aAAa,OAAO,yBAAyB,QAAQ,SAAS,OAAO;AAC3E,IAAI,YAAY;AACf,SAAO,eAAe,QAAQ,SAAS,SAAS;AAAA,IAC/C,MAAmB;AAClB,UAAI,OAAO,OAAO,MAAM,QAAQ,EAAG,QAAO,KAAK;AAC/C,aAAO,YAAY,KAAK,KAAK,IAAI;AAAA,IAClC;AAAA,IACA,IAAmB,OAAgB;AAClC,WAAK,SAAS;AAAA,IACf;AAAA,IACA,cAAc;AAAA,IACd,YAAY;AAAA,EACb,CAAC;AACF;AAyCe,SAAR,SACN,SAC+E;AAE/E,QAAM,aAAa;AAAA,IAClB,QAAQ,UAAU,QAAQ,MAAM,IAAI,QAAQ,SAAS,EAAE,aAAa,QAAQ,UAAU,CAAC,CAAC;AAAA,IACxF,OAAO,UAAU,QAAQ,KAAK,IAAI,QAAQ,QAAQ,EAAE,aAAa,QAAQ,SAAS,CAAC,CAAC;AAAA,IACpF,MAAM,UAAU,QAAQ,IAAI,IAAI,QAAQ,OAAO,EAAE,aAAa,QAAQ,QAAQ,CAAC,CAAC;AAAA,EACjF;AAEA,SAAO,OAAO,KAAK,KAAK,SAAwB;AAC/C,UAAM,SAA0B,CAAC;AAGjC,eAAW,QAAQ,OAAO;AACzB,YAAM,SAAS,MAAM,WAAW,IAAI,EAAE,eAAe,IAAI,IAAI,KAAK,CAAC,CAAC;AACpE,UAAI,OAAO,QAAS,KAAI,IAAI,IAAI,OAAO;AAAA,UAClC,QAAO,KAAK,EAAE,MAAM,QAAQ,OAAO,MAAM,CAAC;AAAA,IAChD;AAGA,QAAI,OAAO,SAAS,GAAG;AAEtB,YAAM,UAAU,QAAQ,WAAW;AACnC,aAAO,QAAQ,QAAQ,KAAK,KAAK,IAAI;AAAA,IACtC;AAEA,WAAO,KAAK;AAAA,EACb;AACD;AAEO,SAAS,sBAAsB,SAAoC;AACzE,uBAAqB;AACtB;","names":[]}
1	+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/// <reference types='./express.d.ts' />\nimport type { NextFunction, Request, RequestHandler, Response } from 'express';\nimport express from 'express';\nimport { type ZodError, type ZodRawShape, type ZodType, z } from 'zod';\n\nconst types = ['query', 'params', 'body'] as const;\n\nexport const defaultErrorHandler: ErrorRequestHandler = (errors, _req, res) => {\n\tres.status(400).send(errors.map(error => ({ type: error.type, errors: error.errors.issues })));\n};\n\nexport interface ValidateRequestGlobalOptions {\n\t/*\n\t The error handler to use for all routes if no handler is provided in the schema.\n\t /\n\thandler: ErrorRequestHandler;\n\t/\n\t The default schema object type to use for validation when a plain object is provided.\n\t \n\t When using `validate({ query: { a: z.string() } })`:\n\t * - `'strict'` (default): Uses `z.strictObject`, which rejects extra properties.\n\t * For example, `GET /?a=1&b=2` will fail validation.\n\t * - `'lax'`: Uses `z.object`, which allows extra properties.\n\t * For example, `GET /?a=1&b=2` will succeed, and `req.query` will only contain `{ a: '1' }`.\n\t \n\t Note: If you pass a Zod object directly (e.g., `validate({ query: z.object({ a: z.string() }) })`),\n\t * this option has no effect as the provided Zod object is used as-is.\n\t \n\t @default 'strict'\n\t * @example\n\t * ```ts\n\t * // Allow extra properties in query params\n\t * setGlobalOptions({ defaultSchemaObject: 'lax' });\n\t \n\t app.get('/user', validate({ query: { id: z.string() } }), (req, res) => {\n\t * \t// GET /user?id=123&extra=value will succeed\n\t * \t// req.query will be { id: '123' }\n\t * });\n\t * ```\n\t /\n\tdefaultSchemaObject: 'strict' \| 'lax';\n\t/\n\t The behavior when a schema is not provided for a particular input type (params, query, or body).\n\t \n\t - `'empty'` (default): Validates against an empty strict object (`z.strictObject({})`), which rejects any input.\n\t * - `'any'`: Skips validation entirely for that input type, allowing any data to pass through.\n\t * This is useful when using nested routers where different parts of the route validate different inputs.\n\t \n\t @default 'empty'\n\t /\n\tmissingSchemaBehavior: 'empty' \| 'any';\n}\n\n/\n The default global options for request validation.\n \n Default values:\n * - `defaultSchemaObject: 'strict'`\n * - `missingSchemaBehavior: 'empty'`\n * - `handler`: The default error handler sends a 400 status with an array of validation errors (see: {@link defaultErrorHandler}):\n * ```ts\n * (errors, _req, res) => {\n * \tres.status(400).send(errors.map(error => ({ type: error.type, errors: error.errors.issues })));\n * }\n * ```\n /\nexport const DEFAULT_OPTIONS: ValidateRequestGlobalOptions = {\n\thandler: defaultErrorHandler,\n\tdefaultSchemaObject: 'strict',\n\tmissingSchemaBehavior: 'empty'\n};\n\n/\n The options object used by the validation middleware.\n * Initialised with {@link DEFAULT_OPTIONS} and can be modified using {@link setGlobalOptions}.\n /\nconst options: ValidateRequestGlobalOptions = DEFAULT_OPTIONS;\n\n/\n Sets the global {@link options} for request validation.\n \n @param newOptions Partial options to merge with the current global options.\n * @example\n * // Change the error handler\n * setGlobalOptions({\n * \thandler: (errors, req, res) => {\n * \t\tres.status(422).json({ validationErrors: errors });\n * \t}\n * });\n \n // Change default schema object type\n * setGlobalOptions({ defaultSchemaObject: 'lax' });\n \n // Change missing schema behavior\n * setGlobalOptions({ missingSchemaBehavior: 'any' });\n \n // Change all options\n * setGlobalOptions({\n * \thandler: customHandler,\n * \tdefaultSchemaObject: 'lax',\n * \tmissingSchemaBehavior: 'any'\n * });\n /\nexport const setGlobalOptions = (newOptions: Partial<ValidateRequestGlobalOptions>) => {\n\tObject.assign(options, newOptions);\n};\n\n/\n A ZodType type guard.\n * @param schema The Zod schema to check.\n * @returns Whether the provided schema is a ZodType.\n /\nfunction isZodType(schema: unknown): schema is ZodType {\n\treturn !!schema && typeof (schema as ZodType).safeParseAsync === 'function';\n}\n\n// Override express@^5 request.query getter to provider setter\nconst descriptor = Object.getOwnPropertyDescriptor(express.request, 'query');\nif (descriptor) {\n\tObject.defineProperty(express.request, 'query', {\n\t\tget(this: Request) {\n\t\t\tif (Object.hasOwn(this, '_query')) return this._query;\n\t\t\treturn descriptor?.get?.call(this);\n\t\t},\n\t\tset(this: Request, query: unknown) {\n\t\t\tthis._query = query;\n\t\t},\n\t\tconfigurable: true,\n\t\tenumerable: true\n\t});\n}\n\n/\n Generates a middleware function for Express.js that validates request params, query, and body.\n * This function uses Zod schemas to perform validation against the provided schema definitions.\n \n Missing Schema Behavior: If a schema is not provided for a particular input type (params, query, or body),\n * the behavior is controlled by the {@link ValidateRequestGlobalOptions.missingSchemaBehavior} option:\n * - `'empty'` (default): Validates against an empty strict object, rejecting any input\n * - `'any'`: Skips validation entirely, allowing any data to pass through\n \n This allows you to validate only the parts of the request you care about when using nested routers.\n \n @param schemas - An object containing Zod schemas for params, query, and body. All fields are optional.\n * If a field is omitted, behavior depends on {@link ValidateRequestGlobalOptions.missingSchemaBehavior}.\n * Optional handler for custom error handling.\n * @returns An Express.js middleware function that validates the request based on the provided schemas.\n * It attaches validated data to the request object and sends error details if validation fails.\n * @template TParams - Type definition for params schema.\n * @template TQuery - Type definition for query schema.\n * @template TBody - Type definition for body schema.\n * @example\n * // Example usage in an Express.js route\n * import express from 'express';\n * import validate from 'express-zod-safe';\n * import { z } from 'zod';\n \n const app = express();\n * app.use(express.json());\n \n // Define your Zod schemas\n * const params = {\n * userId: z.string().uuid(),\n * };\n * const query = {\n * age: z.coerce.number().optional(),\n * };\n * const body = {\n * name: z.string(),\n * email: z.string().email(),\n * };\n \n // Use the validate middleware in your route\n * app.post('/user/:userId', validate({ params, query, body }), (req, res) => {\n * // Your route logic here\n * res.send('User data is valid!');\n * });\n \n // Only validate params, allow any query or body\n * setGlobalOptions({ missingSchemaBehavior: 'any' });\n * app.use('/:id', validate({ params: { id: z.string().uuid() } }), nestedRouter);\n \n app.listen(3000, () => console.log('Server running on port 3000'));\n /\nexport default function validate<TParams extends ValidationSchema, TQuery extends ValidationSchema, TBody extends ValidationSchema>(\n\tschemas: CompleteValidationSchema<TParams, TQuery, TBody>\n): RequestHandler<ZodOutput<TParams>, any, ZodOutput<TBody>, ZodOutput<TQuery>> {\n\t// Set validation objects for each type\n\tconst zodObject = options.defaultSchemaObject === 'strict' ? z.strictObject : z.object;\n\n\t// Initialise validation objects for each type\n\tconst missingSchemaHandler = options.missingSchemaBehavior === 'empty' ? zodObject({}) : z.any();\n\tconst validation: Record<DataType, ZodType> = {\n\t\tparams: missingSchemaHandler,\n\t\tquery: missingSchemaHandler,\n\t\tbody: missingSchemaHandler\n\t};\n\n\tfor (const type of types) {\n\t\tif (schemas[type]) {\n\t\t\tvalidation[type] = isZodType(schemas[type]) ? schemas[type] : zodObject(schemas[type]);\n\t\t}\n\t}\n\n\treturn async (req, res, next): Promise<void> => {\n\t\tconst errors: ErrorListItem[] = [];\n\n\t\t// Validate all types (params, query, body)\n\t\tfor (const type of types) {\n\t\t\tconst parsed = await validation[type].safeParseAsync(req[type] ?? {});\n\t\t\t// biome-ignore lint/suspicious/noExplicitAny: type specified in function signature\n\t\t\tif (parsed.success) req[type] = parsed.data as any;\n\t\t\telse errors.push({ type, errors: parsed.error });\n\t\t}\n\n\t\t// Return all errors if there are any\n\t\tif (errors.length > 0) {\n\t\t\t// If a custom error handler is provided, use it\n\t\t\tconst handler = schemas.handler ?? options.handler;\n\t\t\treturn handler(errors, req, res, next);\n\t\t}\n\n\t\treturn next();\n\t};\n}\n\n/\n Sets the global error handler for all routes.\n * @param handler The error handler to set.\n * @deprecated Use {@link setGlobalOptions} instead.\n /\nexport function setGlobalErrorHandler(handler: ErrorRequestHandler): void {\n\toptions.handler = handler;\n}\n\n/\n Describes the types of data that can be validated: 'query', 'params', or 'body'.\n /\ntype DataType = (typeof types)[number];\n\n/\n Defines the structure of an error item, containing the type of validation that failed (params, query, or body)\n * and the associated ZodError.\n /\nexport interface ErrorListItem {\n\ttype: DataType;\n\terrors: ZodError;\n}\n\nexport type Unvalidated = unknown;\n\n/\n Represents an Express.js error request handler where the params, query and body are of unknown type as validation failed.\n /\nexport type ErrorRequestHandler<\n\tP = Unvalidated,\n\tResBody = any,\n\tReqBody = Unvalidated,\n\tReqQuery = unknown,\n\tLocalsObj extends Record<string, any> = Record<string, any>\n> = (\n\terr: ErrorListItem[],\n\treq: Request<P, ResBody, ReqBody, ReqQuery, LocalsObj>,\n\tres: Response<ResBody, LocalsObj>,\n\tnext: NextFunction\n) => void \| Promise<void>;\n\n/\n Represents a generic type for route validation, which can be applied to params, query, or body.\n * Each key-value pair represents a field and its corresponding Zod validation schema.\n /\nexport type ValidationSchema = ZodType \| ZodRawShape;\n\n/\n Defines the structure for the schemas provided to the validate middleware.\n * Each property corresponds to a different part of the request (params, query, body)\n * and should be a record of Zod types for validation. Optional handler for custom error handling.\n \n @template TParams - Type definition for params schema.\n * @template TQuery - Type definition for query schema.\n * @template TBody - Type definition for body schema.\n /\nexport interface CompleteValidationSchema<\n\tTParams extends ValidationSchema = ValidationSchema,\n\tTQuery extends ValidationSchema = ValidationSchema,\n\tTBody extends ValidationSchema = ValidationSchema\n> {\n\thandler?: ErrorRequestHandler;\n\tparams?: TParams;\n\tquery?: TQuery;\n\tbody?: TBody;\n}\n\n/\n Represents the output type of a Zod validation schema.\n * This is used to infer the TypeScript type from a Zod schema,\n * providing typesafe access to the validated data.\n \n @template T - The validation type (params, query, or body).\n /\nexport type ZodOutput<T extends ValidationSchema \| undefined> = T extends ValidationSchema\n\t? z.output<T extends ZodRawShape ? z.ZodObject<T> : T>\n\t: Unvalidated;\n\n/\n A utility type to ensure other middleware types don't conflict with the validate middleware.\n /\nexport type WeakRequestHandler = RequestHandler<Unvalidated, Unvalidated, Unvalidated, Unvalidated>;\n\n/\n A utility type to ensure the Request is typed correctly.\n * @template T - The validation schema to be applied to the request params, query and body.\n * @example\n * import { ValidatedRequest } from 'express-zod-safe';\n * import { z } from 'zod';\n \n const schema = {\n * \tquery: {\n * \t\tname: z.string().min(3).max(10),\n * \t\tage: z.coerce.number().min(18)\n * \t},\n * \tbody: {\n * \t\ttitle: z.string().max(4)\n * \t},\n * \tparams: {\n * \t\tid: z.coerce.number()\n * \t}\n * };\n \n const requestHandler = (req: ValidatedRequest<typeof schema>, res: Response) => {\n * \tconst { name, age } = req.query;\n * \tconst { id } = req.params;\n * const { title } = req.body;\n \n \tres.send(`Hello ${title} ${name}! (Your age is ${age} and your ID is ${id})`);\n * };\n \n app.post('/handler/:id', validate(schema), requestHandler);\n */\nexport type ValidatedRequest<T extends CompleteValidationSchema> = Request<\n\tZodOutput<T['params']>,\n\tany,\n\tZodOutput<T['body']>,\n\tZodOutput<T['query']>\n>;\n"],"mappings":";AAEA,OAAO,aAAa;AACpB,SAAwD,SAAS;AAEjE,IAAM,QAAQ,CAAC,SAAS,UAAU,MAAM;AAEjC,IAAM,sBAA2C,CAAC,QAAQ,MAAM,QAAQ;AAC9E,MAAI,OAAO,GAAG,EAAE,KAAK,OAAO,IAAI,YAAU,EAAE,MAAM,MAAM,MAAM,QAAQ,MAAM,OAAO,OAAO,EAAE,CAAC;AAC9F;AAyDO,IAAM,kBAAgD;AAAA,EAC5D,SAAS;AAAA,EACT,qBAAqB;AAAA,EACrB,uBAAuB;AACxB;AAMA,IAAM,UAAwC;AA2BvC,IAAM,mBAAmB,CAAC,eAAsD;AACtF,SAAO,OAAO,SAAS,UAAU;AAClC;AAOA,SAAS,UAAU,QAAoC;AACtD,SAAO,CAAC,CAAC,UAAU,OAAQ,OAAmB,mBAAmB;AAClE;AAGA,IAAM,aAAa,OAAO,yBAAyB,QAAQ,SAAS,OAAO;AAC3E,IAAI,YAAY;AACf,SAAO,eAAe,QAAQ,SAAS,SAAS;AAAA,IAC/C,MAAmB;AAClB,UAAI,OAAO,OAAO,MAAM,QAAQ,EAAG,QAAO,KAAK;AAC/C,aAAO,YAAY,KAAK,KAAK,IAAI;AAAA,IAClC;AAAA,IACA,IAAmB,OAAgB;AAClC,WAAK,SAAS;AAAA,IACf;AAAA,IACA,cAAc;AAAA,IACd,YAAY;AAAA,EACb,CAAC;AACF;AAsDe,SAAR,SACN,SAC+E;AAE/E,QAAM,YAAY,QAAQ,wBAAwB,WAAW,EAAE,eAAe,EAAE;AAGhF,QAAM,uBAAuB,QAAQ,0BAA0B,UAAU,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI;AAC/F,QAAM,aAAwC;AAAA,IAC7C,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,MAAM;AAAA,EACP;AAEA,aAAW,QAAQ,OAAO;AACzB,QAAI,QAAQ,IAAI,GAAG;AAClB,iBAAW,IAAI,IAAI,UAAU,QAAQ,IAAI,CAAC,IAAI,QAAQ,IAAI,IAAI,UAAU,QAAQ,IAAI,CAAC;AAAA,IACtF;AAAA,EACD;AAEA,SAAO,OAAO,KAAK,KAAK,SAAwB;AAC/C,UAAM,SAA0B,CAAC;AAGjC,eAAW,QAAQ,OAAO;AACzB,YAAM,SAAS,MAAM,WAAW,IAAI,EAAE,eAAe,IAAI,IAAI,KAAK,CAAC,CAAC;AAEpE,UAAI,OAAO,QAAS,KAAI,IAAI,IAAI,OAAO;AAAA,UAClC,QAAO,KAAK,EAAE,MAAM,QAAQ,OAAO,MAAM,CAAC;AAAA,IAChD;AAGA,QAAI,OAAO,SAAS,GAAG;AAEtB,YAAM,UAAU,QAAQ,WAAW,QAAQ;AAC3C,aAAO,QAAQ,QAAQ,KAAK,KAAK,IAAI;AAAA,IACtC;AAEA,WAAO,KAAK;AAAA,EACb;AACD;AAOO,SAAS,sBAAsB,SAAoC;AACzE,UAAQ,UAAU;AACnB;","names":[]}

package/package.json CHANGED Viewed

@@ -1,61 +1,69 @@
 {
-  "name": "express-zod-safe",
-  "version": "3.1.0",
-  "description": "TypeScript-friendly middleware designed for Express applications, leveraging the robustness of Zod schemas to validate incoming request bodies, parameters, and queries.",
-  "main": "dist/index.js",
-  "module": "dist/index.mjs",
-  "types": "dist/index.d.ts",
-  "exports": {
-    ".": {
-      "import": {
-        "types": "./dist/index.d.mts",
-        "default": "./dist/index.mjs"
-      },
-      "require": {
-        "types": "./dist/index.d.ts",
-        "default": "./dist/index.js"
-      }
-    }
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/AngaBlue/express-zod-safe.git"
-  },
-  "keywords": [
-    "zod",
-    "express",
-    "middleware",
-    "validation",
-    "guard",
-    "typesafe"
-  ],
-  "author": {
-    "name": "AngaBlue",
-    "email": "contact@anga.blue",
-    "url": "https://anga.blue"
-  },
-  "license": "MIT",
-  "bugs": {
-    "url": "https://github.com/AngaBlue/express-zod-safe/issues"
-  },
-  "homepage": "https://github.com/AngaBlue/express-zod-safe#readme",
-  "devDependencies": {
-    "@angablue/biome-config": "^1.1.0",
-    "@biomejs/biome": "^2.1.2",
-    "@types/node": "^24.1.0",
-    "tsup": "^8.5.0",
-    "typescript": "^5.8.3",
-    "zod": "^4.0.10"
-  },
-  "peerDependencies": {
-    "@types/express": "^4.0.0 || ^5.0.0",
-    "express": "^4.0.0 || ^5.0.0",
-    "zod": "^4.0.0"
-  },
-  "packageManager": "pnpm@10.17.0",
-  "scripts": {
-    "build": "tsup",
-    "lint": "biome check --fix",
-    "test": "pnpx tsx ./test/index.ts"
-  }
-}
+	"name": "express-zod-safe",
+	"version": "3.2.0",
+	"description": "TypeScript-friendly middleware designed for Express applications, leveraging the robustness of Zod schemas to validate incoming request bodies, parameters, and queries.",
+	"main": "dist/index.js",
+	"module": "dist/index.mjs",
+	"types": "dist/index.d.ts",
+	"exports": {
+		".": {
+			"import": {
+				"types": "./dist/index.d.mts",
+				"default": "./dist/index.mjs"
+			},
+			"require": {
+				"types": "./dist/index.d.ts",
+				"default": "./dist/index.js"
+			}
+		}
+	},
+	"scripts": {
+		"build": "tsup",
+		"lint": "biome check --fix",
+		"test": "node --import=tsx --test test/index.test.ts && tsc --noEmit && tsc --noEmit -p tsconfig.test.json",
+		"test:debug": "node --import=tsx --test --inspect-brk test/index.test.ts"
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/AngaBlue/express-zod-safe.git"
+	},
+	"keywords": [
+		"zod",
+		"express",
+		"middleware",
+		"validation",
+		"guard",
+		"typesafe"
+	],
+	"author": {
+		"name": "AngaBlue",
+		"email": "contact@anga.blue",
+		"url": "https://anga.blue"
+	},
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/AngaBlue/express-zod-safe/issues"
+	},
+	"homepage": "https://github.com/AngaBlue/express-zod-safe#readme",
+	"devDependencies": {
+		"@angablue/biome-config": "^1.1.1",
+		"@biomejs/biome": "^2.3.11",
+		"@types/node": "^25.0.8",
+		"tsup": "^8.5.1",
+		"tsx": "^4.21.0",
+		"typescript": "^5.9.3",
+		"zod": "^4.3.5"
+	},
+	"peerDependencies": {
+		"@types/express": "^4.0.0 || ^5.0.0",
+		"express": "^4.0.0 || ^5.0.0",
+		"zod": "^4.0.0"
+	},
+	"pnpm": {
+		"onlyBuiltDependencies": [
+			"@biomejs/biome",
+			"esbuild"
+		]
+	},
+	"packageManager": "pnpm@10.28.0"
+}