Refactor: centralize Zod schemas and fully integrate into API routes
Improvements #1-3 deepening: 1. Server-side invoice amount validation - All amounts (qty × unitPrice) recalculated server-side using tax.ts - Prevents client-side manipulation attacks - Supports kleinunternehmer auto-inheritance 2. Comprehensive audit logging - LogAction type extended with 11 new actions - All CRUD operations now logged with metadata - Metadata includes: amounts, counts, status transitions, oldStatus/newStatus 3. Advanced Zod validation (centralized) - New file: app/lib/schemas.ts (220 lines, 18+ validators) - Custom validators: currencySchema, taxRateSchema, ibanSchema, taxIdSchema, vatIdSchema - All API routes (invoices, companies, customers) now use centralized schemas - Consistent German error messages - Single source of truth for validation logic Additional improvements: - DB indices applied: invoices(status, dueDate, deletedAt, customerId), customers(companyId) - Migration 20260415192953_add_indices applied successfully - Build succeeds without critical errors - TypeScript compilation validates all schemas Files modified: - app/lib/schemas.ts (NEW) - app/routes/api.invoices.ts (uses centralized schemas) - app/routes/api.invoices.$id.ts (status transition validation) - app/routes/api.companies.ts, api.companies.$id.ts - app/routes/api.customers.ts, api.customers.$id.ts - app/lib/logger.server.ts (metadata support) - prisma/schema.prisma (indices) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
hwinkel
@@ -1,24 +1,7 @@
|
||||
import { getApiUser } from "@/session.server";
|
||||
import prisma from "@/lib/prisma.server";
|
||||
import { z } from "zod";
|
||||
|
||||
const companySchema = z.object({
|
||||
name: z.string().min(1),
|
||||
legalForm: z.string().optional(),
|
||||
taxId: z.string().optional(),
|
||||
address: z.string().min(1),
|
||||
zip: z.string().min(1),
|
||||
city: z.string().min(1),
|
||||
country: z.string().optional().default("DE"),
|
||||
email: z.string().email().optional().or(z.literal("")),
|
||||
phone: z.string().optional(),
|
||||
website: z.string().optional(),
|
||||
bankIban: z.string().optional(),
|
||||
bankBic: z.string().optional(),
|
||||
bankName: z.string().optional(),
|
||||
invoicePrefix: z.string().optional().default("RE"),
|
||||
kleinunternehmer: z.boolean().optional().default(false),
|
||||
});
|
||||
import { log } from "@/lib/logger.server";
|
||||
import { companySchema } from "@/lib/schemas";
|
||||
|
||||
export async function loader({ request }: { request: Request }) {
|
||||
const user = await getApiUser(request);
|
||||
@@ -47,5 +30,7 @@ export async function action({ request }: { request: Request }) {
|
||||
data: { ...parsed.data, userId: user.id },
|
||||
});
|
||||
|
||||
await log({ userId: user.id, action: "CREATE_COMPANY", entity: "Company", entityId: company.id, request });
|
||||
|
||||
return Response.json(company, { status: 201 });
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user