TTC
Theo's Typesafe Cult2y ago
Luc Ledo

With tRPC, is it safe to validate only on the client?

So with REST, we have to validate input on the server since people can bypass client. Is that possible with tRPC? Can I use zod to validate input only on the client side?
Solution:
tRPC is also REST
Jump to solution
11 Replies
jingleberry
jingleberry2y ago
Yes it’s possible. Use trpc middleware to protect any routes that require auth
Luc Ledo
Luc Ledo2y ago
what do you mean we use privateProcedures for authenticated users yes? i'm talking about zod validation, can I just use it on the client and not the server?
jingleberry
jingleberry2y ago
I thought you were referring to validating the user mb. Your zod validation will always run for your trpc procedures So it always runs on the server
Luc Ledo
Luc Ledo2y ago
if i don't write any validation on the server then how can it run on the server I want write zod validation only on client side
cje
cje2y ago
if you don't validate on the server, anyone can hit your api with malformed requests and break your stuff why do you not want to validate?
Luc Ledo
Luc Ledo2y ago
i understand with REST they can do that but is tRPC the same?
cje
cje2y ago
Yea of course
Solution
cje
cje2y ago
tRPC is also REST
cje
cje2y ago
But validating is the default way to work with tRPC
cje
cje2y ago
See https://trpc.io/docs/server/procedures#input-validation
Define Procedures | tRPC
Procedures in tRPC are very flexible primitives to create backend functions; they use a builder pattern which means you can create reusable base procedures for different parts of your backend application.
Luc Ledo
Luc Ledo2y ago
oh ok i don't really understand how it works under the hood
Want results from more Discord servers?
Add your server