Closed
Description
We use CRUD API generated by the Zenstack with RESTful handler. We have never used the Model-level validation in our schema and decided to enable couple rules in one model. Apparently, there is some problem in Zod configuration or serialization layer in version 1.9.0. Without model-level validation rules we are able to add new entry via REST API but once we add " @@Validate" to the model it start throwing us error 403 with Zod validation message for fields with DateTime type.
schema.zmodel:
generator client {
provider = "prisma-client-js"
previewFeatures = ["driverAdapters", "postgresqlExtensions", "views", "tracing"]
}
datasource db {
provider = "postgresql"
url = env("DATABASE_URL_WITH_SCHEMA")
extensions = [uuidOssp(map: "uuid-ossp")]
}
plugin openapi {
provider = '@zenstackhq/openapi'
flavor = 'rest'
output = './dist/crud-api.json'
title = 'CRUD REST API'
version = '1.0.0'
summary = 'CRUD API'
description = 'This API can be used to make calls to the database using REST. Created with ZenStack.'
prefix = '/api/crud'
securitySchemes = {
bearer: { type: 'http', scheme: 'bearer', bearerFormat: 'JWT' }
}
}
model participant_interaction {
participant_interaction_id String @id @default(dbgenerated("uuid_generate_v4()")) @db.Uuid
summary String?
interaction_start DateTime? @db.Timestamp(0)
interaction_duration_minutes Int?
coach_id String @db.Uuid
participant_id String @db.Uuid
created_by String?
created_timestamp DateTime? @db.Timestamp(6) @default(now())
last_modified_by String?
updated_timestamp DateTime? @db.Timestamp(6) @updatedAt()
mongo_db_id String? @db.VarChar(255) @allow("update", false)
//Columns for Legacy interaction type
legacy_interaction_task_type InteractionTaskType?
//Model-level validations
@@validate(true, "You should never see this message")
//Everything allowed (no auth policies yet)
@@allow('all', true)
}
Request:
POST /api/crud/participant_interaction HTTP/1.1
Host: localhost:3000
Content-Type: application/json
Authorization: Bearer <omitted>
{
"data": {
"type": "participant_forms",
"attributes": {
"participant_id": "d4a4ed94-b71b-4596-bc30-e13bc6f16ed1",
"coach_id": "67f9366a-6aa9-4765-838a-07dc1afd0b65",
"summary": "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla non neque mollis, placerat risus sit amet, vehicula justo. Integer in ipsum id tortor porta malesuada. Maecenas ac neque ex. Morbi non est id risus posuere luctus. Vestibulum ac euismod felis. Sed eget imperdiet lorem. Pellentesque id accumsan enim.",
"interaction_start": "2024-03-02T05:00:00.000Z",
"interaction_duration_minutes":25,
}
}
}
Response:
{
"errors": [
{
"status": 403,
"code": "forbidden",
"title": "Operation is forbidden",
"reason": "DATA_VALIDATION_VIOLATION",
"zodErrors": {
"issues": [
{
"code": "invalid_type",
"expected": "date",
"received": "string",
"path": [
"interaction_start"
],
"message": "Expected date, received string"
}
],
"name": "ZodError"
}
}
]
}
As soon as I remove "@@Validation" from our model, everything works properly.
Environment:
package.json
tsconfig.json
- ZenStack version: 1.9.0
- Prisma version: 5.10.2
- Database type: Postgresql