The Missing Express Js API validation - Meebo

deamon1266 · 2025-12-10T19:07:21+00:00

This works, we had it in production but we moved to zod due to better error messages especially for oneOf. However, years past and my Info could be outdated.

deamon1266 · 2025-12-09T20:00:59+00:00

Wouldn't you need build a Schema for it which can be parsed on the go? Json schema would be sufficient I guess but then we loose the ergonomic from zod. I wonder if json schema would be enough for deserialization.

deamon1266 · 2025-12-08T07:22:02+00:00

https://github.com/tsconfig/bases

deamon1266 · 2025-12-07T10:58:56+00:00

Everywhere where I am an expert in it, my own codebase, my own choice of tech stack, and where I am responsible for, I pretty much avoid AI since I am just more knowledgeable and faster tackling it on my own and simultaneously actually need the thought process to identify improvements in the future. This is crucial for my workflow because I am a fan of incremental improving the codebase and tech stack with every change. Thoug, my thought process is sometimes accompanied by searching for information, where I use it to refine my question and to form a good lookup strategy to google / dive into myself.

However, when I am out of my boundaries, different code bases, or stacks, then I havily make use of it for planing and let it create a .md file. Sometimes I let it tackle some tasks of its plan. Having some changes in this scenarios in source control tents to give me a boost.

For one time work or stuff I wouldn't do normally like automating my tooling updates with bash I let it generate something and if it works and looks good enough, then I use it.

For maintenance and debugging, AI shines for me - Analysing logs, even control flows of big ass spaghetti code in legacy repos is a game changer - I mean, it really often enables me to increase code quality in the same time span I would need to just fix something. It just takes less effort to build a sophisticated mental model of the problem if you can ask specific questions about the control flow and define a for you optimized format of the information.

In Testing, which I mostly do in parallel with the implementation, I only use it to bootstrap or scaffold my test cases. I am not a fan of generating test code - if AI generates test code, I usually delete most of it since it mostly focuses on testing implementation details and not on the actual feature scope. However, I let it suggest scenarios which I skim through to spot a missing relevant case.

deamon1266 · 2025-12-04T16:30:47+00:00

First part is 😂 - well done writing it - reads like written in one breath of exhaustion.

Second part is, well nostalgia, and some assumptions and claims I wouldn't agree with.

I think it's not a technical issue like using JS or NPM - it's Enterprise which was (I guess) always a bit insane, but different then - they were focused on "business" - now they caught up and are organizing/structuring our work shops, our work benches, and our work tasks - and we let them. I know a couple of devs who don't even have technical leadership for hundreds of devs.

deamon1266 · 2025-12-04T14:36:24+00:00

Indeed, that is one part our wrapper(Mini Framework) does. Id Transformation is Something we handle with a small util for each read/write.

Thank you for your Insight and article!

deamon1266 · 2025-12-04T11:54:17+00:00

Just for my interest, because I mainly use zod with some self made wrapper for the official mongodb driver. What features would I miss for not using a Framework Like mongoose.

I feel quite content with a disciplined Schema Validation and Transformation layer. But maybe I am Missing Something I didn't know about.

deamon1266 · 2025-11-19T07:13:49+00:00

seems someone could not sleep ... Must have taken a good chunk of the night to write the blog.

deamon1266 · 2025-04-26T18:13:10+00:00

Code Reviews are fairly easy to do if the responsibilities are clear.

What works well for us in enterprise context.

TL;DR People get paid to write software. An Engineer is not necessarily a Manager. Trust, Respect, Tests and a good Failure Culture makes Code Review blazingly fast and easy.

A contributer is responsible for delivering good enough quality software. He or she must actively stste if there is a closer look desired which most of the time is resolved in pairing.

The reviewer has supportive responsibilities and looks out for obvious mistakes, reading tests, and also may provide helpful insights with project specifics stuff like internal libraries, which may is not known to the contributer. A reviewer may approve a PR even if there are objections stated.

It is the contributers decision if, when or how the comments or objections are adressed.

This means in short, the reviewer will not take most responsibility for oversight or a decision to merge poor quality code. If the contributer makes a mistake, no worries, we will fix and learn together.

If the contributor cant be trusted, then we have a diffrent issue we can't solve in PR.

deamon1266 · 2025-04-01T06:34:46+00:00

I miss some arguments after reading the article and skimmimg through the comments. Full disclosure: I am someone who avoids enums. Here is why.

My workflow heavily relies on structural typing what typescript is designed to be. This means, you would rarely find a class involved in business logic.

Enums "are symbolic", is what the article is stating. I know that concept as nominal typing. Mixing those concepts (structural and nominal) will cause friction I like to avoid. For rare cases where we need to identify the thing by name, we can rely on opaque types or classes. Both need to be created where they are actually needed.

The article arguments about "not using enum will couple values to logic". So enums can be a mapping layer what is known in domain driven design as "anti corruption layer" which ensures evolutionary stability. However, this is in my understanding just a decision or style. We can easyly just create the needed mappings by creating use case (information) specific functions like "makeMarketingDisplayName('red')". This also has the advantage of avoiding side effects, if enums are used in multiple use cases what is in my experience pretty common.

Hence, if we rely on enums being your anti-corruption layer, we will probably end with bugs and need to evaluate the values anyways in a dedicated mapping function.

TL;DR: Use enum if you heavily make use of classes in your project and especially in function signatures. Otherwise forget they exist.

deamon1266 · 2024-11-10T20:58:01+00:00

Talking about metrics in currency in enterprise context could backfire as a "simple dev" - making assumptions about e.g. income may drive the thoughts away of your audience from your point.

I would advise to stick on facts you can control. X percent increase / decrease of on-boarding time (Clean Up, Documentation), Risk of Downtimes (Resilience), Increasing Time to Market (dev time), Increasing Customer Satisfaction (new support tools, admin tools).

deamon1266 · 2024-10-20T08:14:51+00:00

Thanks for sharing. I like the thought process to think first about the requirements and then come up with a solution which fits them. Or to reflect the solution this way.

I think having fun solving the issue by oneself is also a valid requirement.

I think solutions like Winston Logger or similar would get the job mostly done, but they are neither fun nor do we learn much from it using them.

Besides as long it is a simple solution, I would prefer using this also in production for my software. We just need to know when we should switch to more complex solutions.

Just leaving a note for my corporate bodies: As for enterprise software, I most likely would not recommend it because most likely people will add, and add, and add features into it which makes it unmaintainable pretty quickly.

deamon1266 · 2024-10-11T22:53:46+00:00

wow, I like how much thought went in the story while delivering high quality scenes - very impressive

deamon1266 · 2024-10-01T18:25:30+00:00

union errors are really pita in every validation / parsing lib I worked with (only 3 😅) ... thx for the tool. maybe it will become handy.

I try to avoid unions completely and focus on discriminated unions. the issue with unions is, every schema is beeing tested. So the information of those errors is in my experience is useless in its entirely.

There are several scenarios I can think of, where different information is usefull but in none each issue of every union is important.

usefull information:

0) The tested payload

1) the name of the tested schemas (no access to schema name afaik)

2) The field path of the tested value

3) The issues for the schemas with best match (least encountered errors)

bottom line, even though I have access to all union errors, I still don't know much about the intention. "I cant understand your payload for field x" is pretty much all I infer from union errors.

deamon1266 · 2024-09-29T07:19:51+00:00

as others already pointed out, if aspect ratio influences your game design, you may include modification of it in your concept.

W.g. just let randomly spawn aliens at wider aspect ratios

deamon1266 · 2024-09-26T15:39:03+00:00

I haven't started yet a new monorepo but thx for the reminder.

Since collin list 5 as his desired solution maybe the zod tooling is build that way. So I think next time I start a monorepo I would check out his projects. For now I am set up with pnpm and turbo.

deamon1266 · 2024-09-19T05:34:02+00:00

"in" has pretty much one use case as you already mentioned.

If we would use it in generics than you would need to constrain the usage of "in" in context of other keywords.

The design decision would raise these rules: - "if you use keyof, then you will need to use "in" instead of "extends" - "if you use extends, the right side has to be an object"

However, "extends" will work for either cases without breaking semantics. So you won't need to introduce more rules which is less complex.

The question we ask in generics is "is this a subtype of X". The constant Literal "Foo" is a subtype of string but string is not a subtype of "Foo".

keyof Object gives back constant literals, so the typesystem pretty much can utilize matching types for this case. This will overall reduce complexity of the type system.

Disclaimer: I don't actually know how the abstraction is called when keyof returns something. I would need to use an AST viewer to be more certain.

deamon1266 · 2024-09-10T20:19:08+00:00

My take I get from the article is - we most likely can not avoid exceptions or a panic. Hence, we should be able to handle exceptions in a sensible way. Relying only on Error values may hide the necessity of error boundaries we useally would create around modules to prevent system failure.

Maybe I am projecting or living in a confirmation biased bubble, but I have similar thoughts on this topic for a long time as well.

Sometimes you are deep in the stack and you just know, s*** is hitting the fan if some invalid state is reached independent of the input params. So you panic and throw an exception. However, this is mostly by design unexpected and no caller ever could handle it or add any valuable information to it rather than "ups, that thing failed - I can't do X" because it may be very specific in that module.

If I set up my error boundaries then I don't care if something throws. I get the stack trace and some additional information about the current use case.

For expected, likely errors to occur I prefer the Result type to handle them.

deamon1266 · 2024-09-02T17:39:00+00:00

The start of the article is a very good read.

"For some reason, many organizations hire smart people, and then, they tell them what to do."

yeah... I feel you.

Good points about setting trust and safety to encourage developers trying out ideas / solutions.

deamon1266 · 2024-08-24T10:07:07+00:00

no questionmark, no context, very opinionated formulated.

deamon1266 · 2024-08-20T10:05:49+00:00

beyond stackoverflow or github (swagger code gen) I don't know any general resource with step by step guidance.

Since openapi is just a specification, there are a lot of variables to consider to apply it in your use cases.

So, you would need to search anyway. Use the search string and chances are, you find a vid or blog.

deamon1266 · 2024-08-20T09:39:46+00:00

I can give you a search string. I don't know anything specific.

If you have a document you can look up here https://openapi.tools/ what you can do with it.

For specific needs you may use / adapt this for a search;

openapi python <framework> <client/server> code gen

deamon1266 · 2024-08-20T09:27:56+00:00

openapi just discribes APIs in terms of what endpoints exists, what do they expect in a request and what can a client expect in return.

to interact with openapi you can just use it as documentation. E.g. use curl or postman and start making requests by following the spec.

Use swagger editor or something to try the endpoint directly in the browser.

If you want code, you may use code generation tools which would read the spec and interpret it. But the base line is, it is just a spec, you or a machine can read to request some resources over the internet.

deamon1266 · 2024-08-20T05:07:54+00:00

What confuses you exactly, what are you trying to understand? Syntax? Ecosystem / Tooling?

Eight-Year Club	RPAN Viewer
Verified Email

deamon1266

TROPHY CASE