What is a correct API route validation flow
I'm currently creating a learning platform similar to udemy just for some practice using Next.js (pages), Prisma, auth0, TypeScript, Postgres, Zod and I'm trying to create an API route for creating a new course.
What should the flow look like in this API? (Idk if flow is the right word or if my title makes sense. correct me if I'm wrong)
In order possibly?:
- Check req method
- Check req body w/zod
- Check if session exists
- Check if user exists in db using session user email
- Check if user has correct role (only allowing admins to create courses atm)
- Compare user email to session email
- Create course
I think my requirements seem okay. A user can only make a course if admin. They must have a session. They can't create a course for another user.
0 Replies