N
Nuxt5mo ago
Atsu

Share zod schema with client and server

For a form I validate the input on the server for the correct query. For the frontend I want to reuse the same zod schema to validate the user input. I have not found any documentation about whether or not it's a security concern or if it is even possible. Does anyone have experience with this?
6 Replies
Cue
Cue5mo ago
I can’t foresee any concerns with sharing validation schema with both client and server. What sort of security concerns do you have exactly?
Atsu
AtsuOP5mo ago
Maybe my mental model is not accurate, so please correct me if I'm wrong: When JS imports a module, it loads the entire file. So, for example, if I have a schema in a server API route and import that schema to the frontend in a composable, the user could access the code for the API handler. Obviously, there shouldn't be anything sensitive in the handler itself, but the user could get a look into the handler and maybe exploit it somehow.
tobi
tobi5mo ago
move the schemas into a shared folder, like e.g. "types" or "schemas" etc. in the root folder of the project and you can use them both on client and server from that shared location without any problems 🙂
Atsu
AtsuOP5mo ago
This should work I read somewhere that only files in the server directory will be included but I haven't had the time to check yet
peako
peako5mo ago
what @tobi mentioned is what i do, seems to make the most sense to me
Atsu
AtsuOP5mo ago
Yes i am doing it this way now. Thank you guys very much :)
Want results from more Discord servers?
Add your server