From 53af9839812aed686acdbe02e4f8e003752f8e8e Mon Sep 17 00:00:00 2001
From: Eric Mc Sween <5454374+emcsween@users.noreply.github.com>
Date: Thu, 3 Jul 2025 15:57:31 -0400
Subject: [PATCH] Migrate joinProject to zod

GitOrigin-RevId: 8c03002adfdf47a7f83ad3dde32428d29abd9bb9
---
 .../src/Features/Editor/EditorHttpController.mjs | 16 ++++++++++++++--
 .../web/app/src/Features/Editor/EditorRouter.mjs |  7 -------
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/services/web/app/src/Features/Editor/EditorHttpController.mjs b/services/web/app/src/Features/Editor/EditorHttpController.mjs
index bbcc69c52a..e81f122494 100644
--- a/services/web/app/src/Features/Editor/EditorHttpController.mjs
+++ b/services/web/app/src/Features/Editor/EditorHttpController.mjs
@@ -11,6 +11,7 @@ import Errors from '../Errors/Errors.js'
 import { expressify } from '@overleaf/promise-utils'
 import Settings from '@overleaf/settings'
 import CollaboratorsGetter from '../Collaborators/CollaboratorsGetter.js'
+import { z, zz, validateReq } from '../../infrastructure/Validation.js'
 
 const ProjectAccess = CollaboratorsGetter.ProjectAccess
 
@@ -27,9 +28,20 @@ export default {
   _nameIsAcceptableLength,
 }
 
+const joinProjectSchema = z.object({
+  params: z.object({
+    Project_id: zz.objectId(),
+  }),
+  body: z.object({
+    userId: z.string(),
+    anonymousAccessToken: z.string().optional(),
+  }),
+})
+
 async function joinProject(req, res, next) {
-  const projectId = req.params.Project_id
-  let userId = req.body.userId // keep schema in sync with router
+  const { params, body } = validateReq(req, joinProjectSchema)
+  const projectId = params.Project_id
+  let userId = body.userId
   if (userId === 'anonymous-user') {
     userId = null
   }
diff --git a/services/web/app/src/Features/Editor/EditorRouter.mjs b/services/web/app/src/Features/Editor/EditorRouter.mjs
index ee36c18f88..f208132f9c 100644
--- a/services/web/app/src/Features/Editor/EditorRouter.mjs
+++ b/services/web/app/src/Features/Editor/EditorRouter.mjs
@@ -3,7 +3,6 @@ import AuthenticationController from '../Authentication/AuthenticationController
 import AuthorizationMiddleware from '../Authorization/AuthorizationMiddleware.mjs'
 import { RateLimiter } from '../../infrastructure/RateLimiter.js'
 import RateLimiterMiddleware from '../Security/RateLimiterMiddleware.js'
-import { validate, Joi } from '../../infrastructure/Validation.js'
 
 const rateLimiters = {
   addDocToProject: new RateLimiter('add-doc-to-project', {
@@ -74,12 +73,6 @@ export default {
         // keep schema in sync with controller
         getUserId: req => req.body.userId,
       }),
-      validate({
-        body: Joi.object({
-          userId: Joi.string().required(),
-          anonymousAccessToken: Joi.string().optional(),
-        }),
-      }),
       EditorHttpController.joinProject
     )
   },