Add Zod Validation for OAuth Callback Endpoints

[Harxhit]

Summary

Add Zod validation for OAuth callback endpoints to validate authorization codes and OAuth state values before processing provider responses.

Contexts

The OAuth callback endpoints (/auth/google/callback and /auth/github/callback) currently access code and state directly from query parameters. These values are security-sensitive and should be validated using Zod before token exchange and account processing occurs.

Tasks

• Create Zod schema for OAuth callback query parameters
• Validate query parameters in GET /auth/google/callback
• Validate query parameters in GET /auth/github/callback
• Return proper validation errors for invalid callback requests
• Add/update tests covering validation failures

Acceptance Criteria

• Missing or invalid code is rejected
• Invalid callback requests return validation errors
• /auth/google/callback uses Zod validation
• /auth/github/callback uses Zod validation
• Tests added for validation behavior
• Documentation updated if necessary

Area

backend

Difficulty

Easy

[github-actions]

Hi @Harxhit,

Thanks for opening this issue.

Please reply with one of the following areas so the issue can be routed to the appropriate team member:

- /backend
- /web
- /mobile
- /devops

Once an area is selected, the corresponding label will be added automatically.

[Harxhit]

/backend

[github-actions]

The issue has been classified as backend.

@Harxhit, please review and triage this issue when available.

The backend label has been applied and the issue has been routed accordingly.

[ramnnn2006]

hey, @Harxhit
i went through the oauth callback handlers in apps/backend/src/routes/auth.ts . both /auth/google/callback and /auth/github/callback still have the //TODO for zod validation and read code and state straight off request.query. i can see how the rest of the backend does it (nfc.ts validates request.query with a z.object schema and safeParse), so i'm comfortable following the same pattern here. could you assign this to me? thanks

[Harxhit]

@ramnnn2006 I have assigned this issue to you