trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

feat: add Zod validation to predict/batch route (task 4.2)

Browse source 
Add BatchPredictRequestSchema with Zod to validate pair, timeframe,
start_date, and end_date fields. Returns HTTP 400 with flattened error
details on invalid input. Forward only validated data to the inference
service.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marko Djordjevic 2026-02-18 11:12:38 +01:00
parent 3361236d3f
commit 5c399037c3
2 changed files with 20 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
openspec/changes/code-review-fix/tasks.md
View file

@ -27,7 +27,7 @@
## 4. API Route Hardening (Next.js) ## 4. API Route Hardening (Next.js)
- [x] 4.1 `[sonnet]` Add Zod schema validation to `src/app/api/predict/route.ts` (validate pair, timeframe, candles array) - [x] 4.1 `[sonnet]` Add Zod schema validation to `src/app/api/predict/route.ts` (validate pair, timeframe, candles array)
- [ ] 4.2 `[sonnet]` Add Zod schema validation to `src/app/api/predict/batch/route.ts` (validate pair, timeframe, start_date, end_date) - [x] 4.2 `[sonnet]` Add Zod schema validation to `src/app/api/predict/batch/route.ts` (validate pair, timeframe, start_date, end_date)
- [ ] 4.3 `[sonnet]` Add Zod schema validation to `src/app/api/model/load/route.ts` (validate run_id) - [ ] 4.3 `[sonnet]` Add Zod schema validation to `src/app/api/model/load/route.ts` (validate run_id)
- [ ] 4.4 `[sonnet]` Add Zod schema validation to `src/app/api/training/start/route.ts` (validate model_type) - [ ] 4.4 `[sonnet]` Add Zod schema validation to `src/app/api/training/start/route.ts` (validate model_type)
- [ ] 4.5 `[sonnet]` Add Zod schema validation to `src/app/api/patterns/detect/route.ts` (validate candles, patterns array) - [ ] 4.5 `[sonnet]` Add Zod schema validation to `src/app/api/patterns/detect/route.ts` (validate candles, patterns array)

20
src/app/api/predict/batch/route.ts
View file

@ -1,12 +1,30 @@
import { NextRequest, NextResponse } from 'next/server'; import { NextRequest, NextResponse } from 'next/server';
import { z } from 'zod';
const INFERENCE_API_URL = process.env.INFERENCE_API_URL || 'http://localhost:8001'; const INFERENCE_API_URL = process.env.INFERENCE_API_URL || 'http://localhost:8001';
const INFERENCE_BATCH_TIMEOUT = parseInt(process.env.INFERENCE_BATCH_TIMEOUT || '120000', 10); const INFERENCE_BATCH_TIMEOUT = parseInt(process.env.INFERENCE_BATCH_TIMEOUT || '120000', 10);
const BatchPredictRequestSchema = z.object({
pair: z.string().min(1),
timeframe: z.string().min(1),
start_date: z.string().min(1),
end_date: z.string().min(1),
});
export async function POST(request: NextRequest) { export async function POST(request: NextRequest) {
try { try {
const body = await request.json(); const body = await request.json();
const result = BatchPredictRequestSchema.safeParse(body);
if (!result.success) {
return NextResponse.json(
{ error: 'Invalid request', details: result.error.flatten() },
{ status: 400 }
);
}
const validatedBody = result.data;
// Forward request to Python inference service // Forward request to Python inference service
const controller = new AbortController(); const controller = new AbortController();
const timeoutId = setTimeout(() => controller.abort(), INFERENCE_BATCH_TIMEOUT); const timeoutId = setTimeout(() => controller.abort(), INFERENCE_BATCH_TIMEOUT);
@ -18,7 +36,7 @@ export async function POST(request: NextRequest) {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'X-API-Key': process.env.API_KEY || '', 'X-API-Key': process.env.API_KEY || '',
}, },
body: JSON.stringify(body), body: JSON.stringify(validatedBody),
signal: controller.signal, signal: controller.signal,
}); });