Skip to content

Missing Ajv Schema Validation on users REST API endpoints #39223

New issue
New issue
Open
Open
Missing Ajv Schema Validation on users REST API endpoints#39223
Labels
type: featurePull requests that introduces new feature
@Harshit2405-2004

Description

@Harshit2405-2004
Harshit2405-2004
opened on Mar 1, 2026

Description

The legacy users REST API endpoints currently lack explicit schema validation. Inputs are weakly typed or imperatively checked inside the handlers, which can lead to runtime regressions.

The following endpoints need to be formally typed and migrated using ajv via @rocket.chat/rest-typings:

  • users.getAvatar
  • users.deleteOwnAccount
  • users.resetAvatar
  • users.forgotPassword

Proposed Solution

  1. Add TypeBox/Ajv JSON schemas to packages/rest-typings.
  2. Export the typing boundaries.
  3. Attach the validateParams option onto the API.v1.addRoute config block for these endpoints.

Metadata

Metadata

Assignees

No one assigned

    Labels

    type: featurePull requests that introduces new feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions