feat: enhance User schema validation for better data integrity#60
feat: enhance User schema validation for better data integrity#60jikrana1 wants to merge 1 commit into
Conversation
📝 WalkthroughWalkthrough
ChangesUser Schema Validation
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
backend/src/models/User.js (1)
24-24: Schemapasswordminlengthis redundant and misleading.The raw password is validated at
backend/src/Utils/Validetor.js:18(checkspassword.length < 6) beforeUser.createis called atuserAuth.js:14. However, by that time the password has been hashed atuserAuth.js:12, so the schema validator runs against the bcrypt hash—not the raw password. This creates redundancy: the schema constraint cannot enforce the intended raw-password length policy and adds confusion about where validation actually occurs.Consider either removing the schema minlength (since validation is already in the controller) or moving password hashing into a model hook to centralize all password-related logic in one place.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@backend/src/models/User.js` at line 24, Remove the minlength constraint from the password field in the User schema (at the location where minlength is set to [6, "Password must be at least 6 characters long"]). This constraint is redundant because the raw password is already validated in backend/src/Utils/Validator.js before being hashed at userAuth.js, and by the time User.create is called, the password has been hashed—making the schema validator operate on the bcrypt hash rather than the raw password. The existing validation in the controller layer is sufficient and removes confusion about where password length validation actually occurs.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@backend/src/models/User.js`:
- Line 24: Remove the minlength constraint from the password field in the User
schema (at the location where minlength is set to [6, "Password must be at least
6 characters long"]). This constraint is redundant because the raw password is
already validated in backend/src/Utils/Validator.js before being hashed at
userAuth.js, and by the time User.create is called, the password has been
hashed—making the schema validator operate on the bcrypt hash rather than the
raw password. The existing validation in the controller layer is sufficient and
removes confusion about where password length validation actually occurs.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 0032c649-fdfb-48ea-9391-6691b78a1893
📒 Files selected for processing (1)
backend/src/models/User.js
Description
Enhanced the User schema with stronger validation rules to improve data integrity and ensure more consistent data storage.
Changes Made
requiredfieldsminlength: 2andmaxlength: 50constraints fornameminlength: 6forpasswordat schema levelRelated Issue
Closes #53
Summary by CodeRabbit