TanStack•14mo ago•

7 replies

dual-salmon

Validating Request Body, Typing API Routes, and Middleware Authentication in TanStack Start API

Hi, I’m using TanStack Start API routes and have a few questions:

1. Validating Request Body
I’m currently validating the request body in a

POST

POST

route using Zod with

safeParse

safeParse

, but

request.body

request.body

has to be validated like so:

import { json } from "@tanstack/start";
import { createAPIFileRoute } from "@tanstack/start/api";
import { z } from "zod";

const CreatedBonusSchema = z.object({
  name: z.string().min(1).max(125),
  code: z.string().cuid2(),
});

export const APIRoute = createAPIFileRoute("/api/bonus")({
  POST: ({ params, request }) => {
    console.log("🚀 ~ APIRoute ~ request, params:", request, params);

    const result = CreatedBonusSchema.safeParse(request.body);

    if (!result.success) {
      return json({ message: result.error.message }, { status: 400 });
    }
    console.log("🚀 ~ APIRoute ~ result:");

    return json({ message: "Created bonus!", body: result.data });
  }
}

import { json } from "@tanstack/start";
import { createAPIFileRoute } from "@tanstack/start/api";
import { z } from "zod";

const CreatedBonusSchema = z.object({
  name: z.string().min(1).max(125),
  code: z.string().cuid2(),
});

export const APIRoute = createAPIFileRoute("/api/bonus")({
  POST: ({ params, request }) => {
    console.log("🚀 ~ APIRoute ~ request, params:", request, params);

    const result = CreatedBonusSchema.safeParse(request.body);

    if (!result.success) {
      return json({ message: result.error.message }, { status: 400 });
    }
    console.log("🚀 ~ APIRoute ~ result:");

    return json({ message: "Created bonus!", body: result.data });
  }
}

Is there a built-in way to automatically parse

request.body

request.body

, or do I need to manually handle this before entering the endpoint?

2. Typing API Routes
When defining an API route, the

POST

POST

method gets the type:

   (property) POST?: StartAPIMethodCallback<"/api/bonus"> | undefined

   (property) POST?: StartAPIMethodCallback<"/api/bonus"> | undefined

Shouldn’t it infer the response type as

{ message: string, body: { name: string, code: string } }

{ message: string, body: { name: string, code: string } }

? Is there a way to make the response type more specific?

3. Middleware for Authentication (Clerk)
Currently, I have to call

getAuth(request)

getAuth(request)

inside every endpoint to check authentication:

   const { sessionClaims, userId } = await getAuth(request);
   if (!userId) return new Response("Unauthorized", { status: 401 });

   const { sessionClaims, userId } = await getAuth(request);
   if (!userId) return new Response("Unauthorized", { status: 401 });

Is there a way to apply authentication as middleware so I don’t have to repeat

getAuth

getAuth

in every route?

Any guidance would be appreciated! Thanks!

TanStack•14mo ago•

7 replies

dual-salmon

Validating Request Body, Typing API Routes, and Middleware Authentication in TanStack Start API

Hi, I’m using TanStack Start API routes and have a few questions:

1. Validating Request Body
I’m currently validating the request body in a

POST

POST

route using Zod with

safeParse

safeParse

, but

request.body

request.body

has to be validated like so:

import { json } from "@tanstack/start";
import { createAPIFileRoute } from "@tanstack/start/api";
import { z } from "zod";

const CreatedBonusSchema = z.object({
  name: z.string().min(1).max(125),
  code: z.string().cuid2(),
});

export const APIRoute = createAPIFileRoute("/api/bonus")({
  POST: ({ params, request }) => {
    console.log("🚀 ~ APIRoute ~ request, params:", request, params);

    const result = CreatedBonusSchema.safeParse(request.body);

    if (!result.success) {
      return json({ message: result.error.message }, { status: 400 });
    }
    console.log("🚀 ~ APIRoute ~ result:");

    return json({ message: "Created bonus!", body: result.data });
  }
}

import { json } from "@tanstack/start";
import { createAPIFileRoute } from "@tanstack/start/api";
import { z } from "zod";

const CreatedBonusSchema = z.object({
  name: z.string().min(1).max(125),
  code: z.string().cuid2(),
});

export const APIRoute = createAPIFileRoute("/api/bonus")({
  POST: ({ params, request }) => {
    console.log("🚀 ~ APIRoute ~ request, params:", request, params);

    const result = CreatedBonusSchema.safeParse(request.body);

    if (!result.success) {
      return json({ message: result.error.message }, { status: 400 });
    }
    console.log("🚀 ~ APIRoute ~ result:");

    return json({ message: "Created bonus!", body: result.data });
  }
}

Is there a built-in way to automatically parse

request.body

request.body

, or do I need to manually handle this before entering the endpoint?

2. Typing API Routes
When defining an API route, the

POST

POST

method gets the type:

   (property) POST?: StartAPIMethodCallback<"/api/bonus"> | undefined

   (property) POST?: StartAPIMethodCallback<"/api/bonus"> | undefined

Shouldn’t it infer the response type as

{ message: string, body: { name: string, code: string } }

{ message: string, body: { name: string, code: string } }

? Is there a way to make the response type more specific?

3. Middleware for Authentication (Clerk)
Currently, I have to call

getAuth(request)

getAuth(request)

inside every endpoint to check authentication:

   const { sessionClaims, userId } = await getAuth(request);
   if (!userId) return new Response("Unauthorized", { status: 401 });

   const { sessionClaims, userId } = await getAuth(request);
   if (!userId) return new Response("Unauthorized", { status: 401 });

Is there a way to apply authentication as middleware so I don’t have to repeat

getAuth

getAuth

in every route?

Any guidance would be appreciated! Thanks!

Validating Request Body, Typing API Routes, and Middleware Authentication in TanStack Start API

Similar Threads

Validating Request Body, Typing API Routes, and Middleware Authentication in TanStack Start API

Similar Threads

Similar Threads

Similar Threads