Currently inputs received by the server are not checked. Everyone could send anything when requesting
POST /api/todos. That's why client inputs cannot be trusted.
You will use the
ValidatePathParam hooks to validate and sanitize incoming data.
A hook is a decorator that is attached to a route handler (a controller method). It is executed before the method and is therefore particularly suitable for validation or access control.
ValidatePathParam check respectively the
params properties of the request object. They take a schema as unique argument.
FoalTS uses Ajv, a fast JSON Schema validator, to define its schemas.
Let's add validation and sanitization to your application. In fact, you have already defined the todo schema in the
create-todo script earlier.