Added Zod Validation for OAuth Authentication Initiation Endpoints

[sheeeuWu]

Summary

Adds Zod schema validation to the /auth/github and /auth/google OAuth initiation endpoints. previously, query parameters (state, mobile_redirect_uri) were consumed directly without schema validation

Closes #538

---

Type of Change

• Bug fix
• New feature
• Refactor (no functional change)
• UI / Design change
• Tests only
• Documentation
• Infrastructure / DevOps
• Security

---

What Changed

• src/validators/auth.validation.ts : added oAuthStartSchema with Zod validation for state and mobile_redirect_uri, including a refine check that enforces the devcard:// scheme
• src/routes/auth.ts : replaced manual query destructuring and inline mobile_redirect_uri check in /auth/github and /auth/google with oAuthStartSchema.safeParse(), removed now unused GoogleAuthQuery interface
• src/__tests__/auth.test.ts : added route-level integration tests covering valid and invalid query params for both endpoints
• src/__tests__/auth.validation.test.ts : added unit tests for oAuthStartSchema directly

---

How to Test

1. Navigate to the project root
2. pnpm -r run test : all tests of auth.test.ts should pass

---

Checklist

• My code follows the project's coding style (pnpm -r run lint passes).
• TypeScript compiles without errors (pnpm -r run typecheck).
• I have added or updated tests for the changes I made.
• All tests pass locally (pnpm -r run test).
• I have updated documentation where necessary.
• No new console.log or debug statements left in the code.
• Breaking changes are documented in this PR description.

[vercel]

@sheeeuWu is attempting to deploy a commit to the Prashantkumar Khatri's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

Hi @sheeeuWu,

Thanks for opening this pull request.

This PR has been automatically classified based on the files modified.

Applied Labels

• gssoc:approved
• backend

Primary Review Area

• backend

Reviewer

@Harxhit has been identified as the primary reviewer for this pull request.

If you have any questions regarding the affected area or implementation details, feel free to reach out to the assigned reviewer.

Thank you for your contribution!

[github-actions]

CI — All Checks Passed

Backend — PASS

Check	Result
Lint	PASS
Test	PASS
Typecheck	PASS

Mobile — SKIP

Check	Result
Lint	-
Test	-

Web — SKIP

Check	Result
Build	-

---

Last updated: Tue, 16 Jun 2026 18:02:30 GMT

[Harxhit]

LGTM. Approving

[github-actions]

Congratulations @sheeeuWu on getting PR #585 merged!

Thank you for your contribution to the project.

To receive the appropriate GSSoC labels and recognition, please mention @Harxhit in the #get-labels channel on our Discord server and share your merged PR link.