Zod Validation
Runtime validation with Zod, auto-generated from Drizzle schemas.
Available Schemas
Section titled “Available Schemas”import {
createTaskInputSchema, // POST (omits id, timestamps)
updateTaskInputSchema, // PATCH (all optional)
insertTaskSchema, // Full insert
selectTaskSchema, // From DB
} from "@workspace/database";API Usage
Section titled “API Usage”import { createTaskInputSchema } from "@workspace/database";
import { validationErrorResponse } from "@/lib/validation";
import { ZodError } from "zod";
export async function POST(request: Request) {
try {
const body = await request.json();
const validated = createTaskInputSchema.parse(body);
const [task] = await db
.insert(tasks)
.values({ ...validated, userId: userId })
.returning();
return NextResponse.json({ success: true, data: task });
} catch (error) {
if (error instanceof ZodError) {
return validationErrorResponse(error);
}
throw error;
}
}Best Practices
Section titled “Best Practices”DO:
- ✅ Validate all user input
- ✅ Use
createTaskInputSchemafor API input - ✅ Use
updateTaskInputSchemafor updates
DON’T:
- ❌ Validate data from your own DB (unnecessary)
- ❌ Use
insertTaskSchemafor API input (missing required fields)
See Zod docs for more.