Validate KV metadata with Zod schema

MattIPv4 · MattIPv4 · commit 8e396eda3ae1 · 2026-02-28T20:54:43.000Z
diff --git a/src/routes/library.ts b/src/routes/library.ts
@@ -59,7 +59,7 @@ const handleGetLibraryVersion = async (ctx: Context) => {
     // Load SRI data if needed
     if ('sri' in response) {
         // Get SRI for version
-        const latestSriData = await libraryVersionSri(lib.name, ctx.req.param('version')).catch(() => {});
+        const latestSriData = await libraryVersionSri(lib.name, ctx.req.param('version')).catch(() => ({}));
         response.sri = sriForVersion(lib.name, ctx.req.param('version'), version, latestSriData);
     }
 
@@ -115,7 +115,7 @@ const handleGetLibrary = async (ctx: Context) => {
             const assets = await libraryVersion(lib.name, lib.version);
 
             // Fetch the SRI data, ignore errors as they'll be reported by sriForVersion
-            const sriData = await libraryVersionSri(lib.name, lib.version).catch(() => {});
+            const sriData = await libraryVersionSri(lib.name, lib.version).catch(() => ({}));
 
             // Produce the assets array with just the latest version
             response.assets = [ {
@@ -143,7 +143,7 @@ const handleGetLibrary = async (ctx: Context) => {
             // If no SRI value yet, fetch
             if (!response.sri) {
                 // Get SRI for version, ignore errors as they'll be reported by sriForVersion
-                const latestSriData = await libraryVersionSri(lib.name, lib.version).catch(() => {});
+                const latestSriData = await libraryVersionSri(lib.name, lib.version).catch(() => ({}));
                 response.sri = sriForVersion(
                     lib.name,
                     lib.version,
diff --git a/src/utils/kvMetadata.schema.ts b/src/utils/kvMetadata.schema.ts
@@ -0,0 +1,44 @@
+import * as z from 'zod';
+
+export const librariesSchema = z.array(z.string());
+
+export type Libraries = z.infer<typeof librariesSchema>;
+
+export const librarySchema = z.object({
+    name: z.string(),
+    filename: z.string(),
+    version: z.string(),
+    description: z.string(),
+    keywords: z.array(z.string()),
+    homepage: z.string().optional(),
+    license: z.string().optional(),
+    author: z.string(),
+    repository: z.object({
+        type: z.string(),
+        url: z.string(),
+    }).nullable(),
+    autoupdate: z.union([
+        z.object({
+            type: z.string(),
+            target: z.string(),
+        }),
+        z.object({
+            source: z.string(),
+            target: z.string(),
+        }),
+    ]).optional(),
+});
+
+export type Library = z.infer<typeof librarySchema>;
+
+export const libraryVersionsSchema = z.array(z.string());
+
+export type LibraryVersions = z.infer<typeof libraryVersionsSchema>;
+
+export const libraryVersionSchema = z.array(z.string());
+
+export type LibraryVersion = z.infer<typeof libraryVersionSchema>;
+
+export const libraryVersionSriSchema = z.record(z.string(), z.string());
+
+export type LibraryVersionSri = z.infer<typeof libraryVersionSriSchema>;
diff --git a/src/utils/kvMetadata.ts b/src/utils/kvMetadata.ts
@@ -1,81 +1,67 @@
-import * as Sentry from '@sentry/cloudflare';
 import { env } from 'cloudflare:workers';
 
 import fetchJson from './fetchJson.ts';
 import sortVersions from './sort.ts';
+import {
+    librariesSchema,
+    librarySchema,
+    libraryVersionSchema,
+    libraryVersionSriSchema,
+    libraryVersionsSchema,
+} from './kvMetadata.schema.ts';
 
 const kvBase = env.METADATA_BASE || 'https://metadata.speedcdnjs.com';
 
 /**
  * Get a list of libraries.
- *
- * @return {Promise<string[]>}
  */
-export const libraries = () => fetchJson(`${kvBase}/packages`);
-
-/**
- * @template {Object} T
- *
- * Validate the data we get from KV for a library.
- *
- * @param {string} library Requested library name.
- * @param {T} data Returned library data to validate.
- * @return {T & { assets: [] }}
- */
-const kvLibraryValidate = (library, data) => {
-    // Assets might not exist if there are none, but we should make it an empty array by default
-    data.assets = data.assets || [];
-
-    // Non-breaking issues
-    if (library !== data.name) {
-        console.info('Name mismatch', library, data.name);
-        data.name = library;
-    }
-
-    // Breaking issues
-    if (!data.version) {
-        console.error('Version missing', data.name, data);
-        Sentry.withScope(scope => {
-            scope.setExtra('data', data);
-            Sentry.captureException(new Error('Version missing in package data'));
-        });
-        throw new Error('Version missing in package data');
-    }
-
-    return data;
-};
+export const libraries = () =>
+    fetchJson(`${kvBase}/packages`)
+        .then(librariesSchema.parse);
 
 /**
  * Get the metadata for a library.
  *
- * @param {string} name Name of the library to fetch.
- * @return {Promise<Object>}
+ * @param name Name of the library to fetch.
  */
-export const library = name => fetchJson(`${kvBase}/packages/${encodeURIComponent(name)}`)
-    .then(data => kvLibraryValidate(name, data));
+export const library = (name: string) =>
+    fetchJson(`${kvBase}/packages/${encodeURIComponent(name)}`)
+        .then(res => {
+            console.log(res);
+            return res;
+        })
+        .then(librarySchema.parse)
+        .then(res => {
+            console.log(res);
+            return res;
+        });
 
 /**
  * Get the versions for a library.
  *
- * @param {string} name Name of the library to fetch.
- * @return {Promise<string[]>}
+ * @param name Name of the library to fetch.
  */
-export const libraryVersions = name => fetchJson(`${kvBase}/packages/${encodeURIComponent(name)}/versions`).then(sortVersions);
+export const libraryVersions = (name: string) =>
+    fetchJson(`${kvBase}/packages/${encodeURIComponent(name)}/versions`)
+        .then(libraryVersionsSchema.parse)
+        .then(sortVersions);
 
 /**
  * Get the assets for a library version.
  *
- * @param {string} name Name of the library to fetch.
- * @param {string} version Version of the library to fetch.
- * @return {Promise<string[]>}
+ * @param name Name of the library to fetch.
+ * @param version Version of the library to fetch.
  */
-export const libraryVersion = (name, version) => fetchJson(`${kvBase}/packages/${encodeURIComponent(name)}/versions/${encodeURIComponent(version)}`);
+export const libraryVersion = (name: string, version: string) =>
+    fetchJson(`${kvBase}/packages/${encodeURIComponent(name)}/versions/${encodeURIComponent(version)}`)
+        .then(libraryVersionSchema.parse);
 
 /**
  * Get the SRI data for a library's version.
  *
- * @param {string} name Name of the library to fetch.
- * @param {string} version Version of the library to fetch.
- * @return {Promise<Object<string, string>>}
+ * @param name Name of the library to fetch.
+ * @param version Version of the library to fetch.
  */
-export const libraryVersionSri = (name, version) => fetchJson(`${kvBase}/packages/${encodeURIComponent(name)}/sris/${encodeURIComponent(version)}`);
+export const libraryVersionSri = (name: string, version: string) =>
+    fetchJson(`${kvBase}/packages/${encodeURIComponent(name)}/sris/${encodeURIComponent(version)}`)
+        .then(libraryVersionSriSchema.parse);
