Update zod to 3.25 (#872)

## Description: Update to zod 3.25, and use zod's built in JWT validator. ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced - [x] I understand that submitting code with bugs that could have been caught through manual testing blocks releases and new features for all contributors Co-authored-by: Scott Anderson <662325+scottanderson@users.noreply.github.com> Co-authored-by: evanpelle <evanpelle@gmail.com>
2026-06-21 09:40:44 +00:00 · 2025-05-24 23:06:30 -04:00
parent 3b7c17666c
commit 7a4a3a1f17
3 changed files with 14 additions and 29 deletions
@@ -72,7 +72,7 @@
        "winston": "^3.17.0",
        "winston-transport": "^4.9.0",
        "ws": "^8.18.0",
-        "zod": "^3.23.8"
+        "zod": "^3.25.28"
      },
      "devDependencies": {
        "@babel/core": "^7.25.2",
@@ -21416,9 +21416,9 @@
      }
    },
    "node_modules/zod": {
-      "version": "3.23.8",
-      "resolved": "https://registry.npmjs.org/zod/-/zod-3.23.8.tgz",
-      "integrity": "sha512-XBx9AXhXktjUqnepgTiE5flcKIYWi/rme0Eaj+5Y0lftuGBq+jyRu/md4WnuxqgP1ubdpNCsYEYPxrzVHD8d6g==",
+      "version": "3.25.28",
+      "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.28.tgz",
+      "integrity": "sha512-/nt/67WYKnr5by3YS7LroZJbtcCBurDKKPBPWWzaxvVCGuG/NOsiKkrjoOhI8mJ+SQUXEbUzeB3S+6XDUEEj7Q==",
      "license": "MIT",
      "funding": {
        "url": "https://github.com/sponsors/colinhacks"
@@ -143,7 +143,7 @@
    "winston": "^3.17.0",
    "winston-transport": "^4.9.0",
    "ws": "^8.18.0",
-    "zod": "^3.23.8"
+    "zod": "^3.25.28"
  },
  "type": "module"
 }
@@ -136,33 +136,18 @@ const SafeString = z
  )
  .max(1000);

-const jwtRegex = /^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$/;
-// Copied from zod, modified to remove their erroneous `typ` header requirement
-function isValidJWT(jwt: string, alg?: string): boolean {
-  if (!jwtRegex.test(jwt)) return false;
-  try {
-    const [header] = jwt.split(".");
-    // Convert base64url to base64
-    const base64 = header
-      .replace(/-/g, "+")
-      .replace(/_/g, "/")
-      .padEnd(header.length + ((4 - (header.length % 4)) % 4), "=");
-    const decoded = JSON.parse(atob(base64));
-    if (typeof decoded !== "object" || decoded === null) return false;
-    if (!decoded.alg) return false;
-    if (alg && decoded.alg !== alg) return false;
-    return true;
-  } catch {
-    return false;
-  }
-}
-
 const PersistentIdSchema = z.string().uuid();
+const JwtTokenSchema = z.string().jwt();
 const TokenSchema = z
  .string()
-  .refine((v) => PersistentIdSchema.safeParse(v).success || isValidJWT(v), {
-    message: "Token must be a valid UUID or JWT",
-  });
+  .refine(
+    (v) =>
+      PersistentIdSchema.safeParse(v).success ||
+      JwtTokenSchema.safeParse(v).success,
+    {
+      message: "Token must be a valid UUID or JWT",
+    },
+  );

 const EmojiSchema = z
  .number()