Skip to content

Add request/response schema validation for all public backend APIs #26

Description

@grantfox-oss

Some controllers allow malformed payloads or return undocumented response shapes, which weakens client contracts and allows runtime mismatches between frontend, mobile, and backend.

Affected areas: app/backend/src/common/validation.pipe.ts, app/backend/src/*.controller.ts, app/backend/src/contracts/*, app/backend/src/refunds/*, app/backend/src/payments/*, OpenAPI docs/tests.

Implementation scope:

  • Add request validation for all public API DTOs and transform untrusted payloads consistently.
  • Add response validation or output DTO enforcement for top-level controllers.
  • Sync OpenAPI schemas with runtime DTOs and generate snapshot tests.
  • Validate pagination, cursor shapes, and contract event payloads.

Acceptance criteria:

  • Invalid requests receive a consistent 400 error with a stable schema.
  • Controller responses match documented OpenAPI types.
  • Tests fail if response shape drifts from the API contract.

Metadata

Metadata

Assignees

Labels

GrantFox OSSIssue tracked in GrantFox OSSMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial CampaignCampaign: Official CampaignbugSomething isn't workingenhancementNew feature or request

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions