Rules Hub
Coding Rules Library
Rule priority, scope & exceptions
Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).
Validate external inputs at boundaries
Validate all external inputs at the boundary and return explicit errors before using them.
Bad example
| 1 | export async function createUser(req: Request, res: Response) { |
| 2 | // BAD: uses raw input directly |
| 3 | const user = await userService.create({ |
| 4 | email: req.body.email, |
| 5 | age: req.body.age, |
| 6 | }); |
| 7 |
|
| 8 | return res.json(user); |
| 9 | } |
Explanation (EN)
External input can be missing or malformed. Using it directly risks crashes and corrupted data.
Objašnjenje (HR)
Vanjski unos moze biti neispravan ili nepotpun. Izravno koristenje moze uzrokovati greske i nekonzistentne podatke.
Good example
| 1 | import { z } from "zod"; |
| 2 |
|
| 3 | const CreateUserSchema = z.object({ |
| 4 | email: z.string().email(), |
| 5 | age: z.number().int().min(13), |
| 6 | }); |
| 7 |
|
| 8 | export async function createUser(req: Request, res: Response) { |
| 9 | const parsed = CreateUserSchema.safeParse(req.body); |
| 10 | if (!parsed.success) { |
| 11 | return res.status(400).json({ |
| 12 | error: "Invalid input", |
| 13 | details: parsed.error.flatten(), |
| 14 | }); |
| 15 | } |
| 16 |
|
| 17 | const user = await userService.create(parsed.data); |
| 18 | return res.json(user); |
| 19 | } |
Explanation (EN)
Schema validation at the boundary rejects bad data early and returns clear errors.
Objašnjenje (HR)
Validacija na granici odmah odbija los podatak i vraca jasne greske.
Exceptions / Tradeoffs (EN)
If an upstream boundary already validates this input, you may skip duplicate validation but must document the trust boundary.
Iznimke / Tradeoffi (HR)
Ako upstream granica vec validira unos, mozes preskociti duplu validaciju, ali moras dokumentirati granicu povjerenja.