Skip to content

Add Zod validation across API routes (issue #209)#223

Draft
tika wants to merge 1 commit intomainfrom
cursor/issue-209-c840
Draft

Add Zod validation across API routes (issue #209)#223
tika wants to merge 1 commit intomainfrom
cursor/issue-209-c840

Conversation

@tika
Copy link
Copy Markdown
Collaborator

@tika tika commented Apr 16, 2026

Issue

#209 #209

Who worked on this sprint/bug?

Cursor cloud agent

Who did what on this sprint/bug?

Implemented server-side Zod validation for all routes listed in the issue, replacing manual validation logic where needed and preserving existing route behavior.

Features Implemented

  • Added Zod validation for /api/upload POST payload, including formYear, formData, schoolCoordinates, and schoolInfoData JSON parsing/shape checks.
  • Added Zod validation for PATCH routes:
    • /api/projects/[id] (id, title, category, categoryId, division, teamProject, numStudents)
    • /api/teachers/[id] (id, name, email)
    • /api/schools/[name] (name param, year for yearly fields, and body fields for location/name/city/metadata updates)
  • Added Zod validation for GET query routes:
    • /api/schools (year, list, gateway)
    • /api/schools/[name] (year)
    • /api/heat-layer (corresponding to heatmap endpoint in current codebase) (year)
    • /api/years-with-data (school, simple)
    • /api/yearly-totals (year)
  • Added Zod validation for DELETE route:
    • /api/delete-year (corresponding to year delete endpoint in current codebase) (year)

New files created

  • None

Existing files modified

  • src/app/api/upload/route.ts
  • src/app/api/projects/[id]/route.ts
  • src/app/api/teachers/[id]/route.ts
  • src/app/api/schools/[name]/route.ts
  • src/app/api/schools/route.ts
  • src/app/api/heat-layer/route.ts
  • src/app/api/years-with-data/route.ts
  • src/app/api/yearly-totals/route.ts
  • src/app/api/delete-year/route.ts

Acceptance Criteria

  • Add server-side validation using Zod for all listed API routes: completed.
  • Convert PATCH routes with manual validation to Zod-based validation: completed.
  • Validate required query/body/route params to prevent bypass of client-side constraints: completed.

Testing: how did you test?

  • npm run lint
  • Verified API route handlers compile with updated Zod schemas and existing logic paths retained.

Features Not Implemented/Incomplete

  • No route renaming was performed; validation was applied to the current codebase routes (/api/heat-layer, /api/delete-year) that correspond functionally to issue targets.

Bugs Discovered

  • None during implementation.

Screenshots:

  • N/A

Tag Dan and Shayne

@danglorioso @shaynesidman

Open in Web Open in Cursor 

@cursoragent @tika
Add Zod validation for issue 209 API routes
fc69107 
Co-authored-by: tika <tika@users.noreply.github.com>
@vercel
Copy link
Copy Markdown

vercel bot commented Apr 16, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
mhd Ready Ready Preview, Comment Apr 16, 2026 1:47am

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tika @cursoragent