Add parseAndValidate helper and refactor all routes to use it

- Add parseAndValidate() helper to utils/validate.ts that combines
  JSON parsing + Zod validation with automatic HTTPException on errors
- Refactor all route handlers to use parseAndValidate instead of
  manual c.req.json() + schema.parse() + try/catch ZodError pattern
- Remove redundant ZodError catch blocks across all routes
- Cleaner error handling with consistent 400 responses on validation errors

Files affected:
- utils/validate.ts: Added parseAndValidate helper
- All route files: Replaced manual validation pattern with parseAndValidate

Bundle size: 584.9kb (slightly reduced from 585.9kb)

Author: max-lt

src/routes/api-keys.ts

@@ -1,6 +1,7 @@
 import { Hono } from 'hono';
-import { z, ZodError } from 'zod';
+import { z } from 'zod';
 import { createApiKey, listApiKeys, deleteApiKey } from '../services/db/api-keys';
+import { parseAndValidate } from '../utils/validate';
 
 const apiKeys = new Hono();
 
@@ -14,8 +15,7 @@ const CreateApiKeySchema = z.object({
 apiKeys.post('/', async (c) => {
   try {
     const userId = c.get('userId');
-    const body = await c.req.json();
-    const input = CreateApiKeySchema.parse(body);
+    const input = await parseAndValidate(c, CreateApiKeySchema);
 
     const expiresAt = input.expiresAt ? new Date(input.expiresAt) : undefined;
     const { apiKey, token } = await createApiKey(userId, input.name, expiresAt);
@@ -33,10 +33,6 @@ apiKeys.post('/', async (c) => {
       201
     );
   } catch (error) {
-    if (error instanceof ZodError) {
-      return c.json({ error: 'Invalid input', details: error.issues }, 400);
-    }
-
     console.error('Failed to create API key:', error);
     return c.json({ error: 'Failed to create API key' }, 500);
   }

src/routes/auth.ts

@@ -1,7 +1,6 @@
 import { Hono } from 'hono';
 import { setCookie } from 'hono/cookie';
 import { verify } from 'hono/jwt';
-import { ZodError } from 'zod';
 
 import { authService } from '../services/auth';
 import { github as githubConfig, jwt as jwtConfig } from '../config';
@@ -14,7 +13,7 @@ import {
   ResetPasswordInputSchema,
   ResendSetPasswordInputSchema
 } from '../types';
-import { jsonResponse } from '../utils/validate';
+import { jsonResponse, parseAndValidate } from '../utils/validate';
 
 const auth = new Hono();
 
@@ -134,8 +133,7 @@ auth.get('/callback/github', async (c) => {
 // Step 1: Register with email only (sends set-password link)
 auth.post('/register', async (c) => {
   try {
-    const body = await c.req.json();
-    const input = RegisterInputSchema.parse(body);
+    const input = await parseAndValidate(c, RegisterInputSchema);
 
     await authService.registerWithEmail(input.email);
 
@@ -146,10 +144,6 @@ auth.post('/register', async (c) => {
       201
     );
   } catch (error) {
-    if (error instanceof ZodError) {
-      return c.json({ error: 'Invalid email format' }, 400);
-    }
-
     if (error instanceof Error && error.message === 'Email already registered') {
       return c.json({ error: 'Email already registered' }, 409);
     }
@@ -162,8 +156,7 @@ auth.post('/register', async (c) => {
 // Step 2: Set password using token from email
 auth.post('/set-password', async (c) => {
   try {
-    const body = await c.req.json();
-    const input = SetPasswordInputSchema.parse(body);
+    const input = await parseAndValidate(c, SetPasswordInputSchema);
 
     const user = await authService.setPassword(input.token, input.password);
     const tokens = await authService.createTokens(user);
@@ -176,10 +169,6 @@ auth.post('/set-password', async (c) => {
 
     return jsonResponse(c, LoginResponseSchema, tokens);
   } catch (error) {
-    if (error instanceof ZodError) {
-      return c.json({ error: 'Invalid token or password format' }, 400);
-    }
-
     if (error instanceof Error && error.message === 'Invalid or expired token') {
       return c.json({ error: 'Invalid or expired link' }, 400);
     }
@@ -192,8 +181,7 @@ auth.post('/set-password', async (c) => {
 // Login with email and password
 auth.post('/login', async (c) => {
   try {
-    const body = await c.req.json();
-    const input = LoginInputSchema.parse(body);
+    const input = await parseAndValidate(c, LoginInputSchema);
 
     const user = await authService.loginWithPassword(input.email, input.password);
     const tokens = await authService.createTokens(user);
@@ -206,10 +194,6 @@ auth.post('/login', async (c) => {
 
     return jsonResponse(c, LoginResponseSchema, tokens);
   } catch (error) {
-    if (error instanceof ZodError) {
-      return c.json({ error: 'Invalid email or password format' }, 400);
-    }
-
     if (error instanceof Error && error.message === 'Invalid credentials') {
       return c.json({ error: 'Invalid email or password' }, 401);
     }
@@ -222,8 +206,7 @@ auth.post('/login', async (c) => {
 // Request password reset
 auth.post('/forgot-password', async (c) => {
   try {
-    const body = await c.req.json();
-    const input = ForgotPasswordInputSchema.parse(body);
+    const input = await parseAndValidate(c, ForgotPasswordInputSchema);
 
     await authService.requestPasswordReset(input.email);
 
@@ -232,10 +215,6 @@ auth.post('/forgot-password', async (c) => {
       message: 'If an account exists with this email, you will receive a password reset link.'
     });
   } catch (error) {
-    if (error instanceof ZodError) {
-      return c.json({ error: 'Invalid email format' }, 400);
-    }
-
     console.error('Password reset request error:', error);
     return c.json({
       message: 'If an account exists with this email, you will receive a password reset link.'
@@ -246,8 +225,7 @@ auth.post('/forgot-password', async (c) => {
 // Reset password with token
 auth.post('/reset-password', async (c) => {
   try {
-    const body = await c.req.json();
-    const input = ResetPasswordInputSchema.parse(body);
+    const input = await parseAndValidate(c, ResetPasswordInputSchema);
 
     const user = await authService.resetPassword(input.token, input.password);
     const tokens = await authService.createTokens(user);
@@ -260,10 +238,6 @@ auth.post('/reset-password', async (c) => {
 
     return jsonResponse(c, LoginResponseSchema, tokens);
   } catch (error) {
-    if (error instanceof ZodError) {
-      return c.json({ error: 'Invalid token or password format' }, 400);
-    }
-
     if (error instanceof Error && error.message === 'Invalid or expired token') {
       return c.json({ error: 'Invalid or expired reset link' }, 400);
     }
@@ -276,19 +250,14 @@ auth.post('/reset-password', async (c) => {
 // Resend set-password email
 auth.post('/resend-set-password', async (c) => {
   try {
-    const body = await c.req.json();
-    const input = ResendSetPasswordInputSchema.parse(body);
+    const input = await parseAndValidate(c, ResendSetPasswordInputSchema);
 
     await authService.resendSetPasswordEmail(input.email);
 
     return c.json({
       message: 'If a pending account exists with this email, a new link has been sent.'
     });
   } catch (error) {
-    if (error instanceof ZodError) {
-      return c.json({ error: 'Invalid email format' }, 400);
-    }
-
     console.error('Resend set-password error:', error);
     return c.json({
       message: 'If a pending account exists with this email, a new link has been sent.'

src/routes/crons.ts

@@ -2,18 +2,17 @@ import { Hono } from 'hono';
 import { cronsService } from '../services/crons';
 import { workersService } from '../services/workers';
 import { CronCreateInputSchema, CronUpdateInputSchema, CronSchema, WorkerSchema } from '../types';
-import { jsonResponse } from '../utils/validate';
+import { jsonResponse, parseAndValidate } from '../utils/validate';
 
 const crons = new Hono();
 
 // PATCH /crons/:id - Update cron
 crons.patch('/:id', async (c) => {
   const userId = c.get('userId');
   const id = c.req.param('id');
-  const body = await c.req.json();
+  const payload = await parseAndValidate(c, CronUpdateInputSchema);
 
   try {
-    const payload = CronUpdateInputSchema.parse(body);
     const cron = await cronsService.update(userId, id, payload);
 
     // Return updated worker
@@ -62,10 +61,9 @@ crons.delete('/:id', async (c) => {
 // POST /crons - Create cron
 crons.post('/', async (c) => {
   const userId = c.get('userId');
-  const body = await c.req.json();
+  const payload = await parseAndValidate(c, CronCreateInputSchema);
 
   try {
-    const payload = CronCreateInputSchema.parse(body);
     const cron = await cronsService.create(userId, payload);
     return jsonResponse(c, CronSchema, cron, 201);
   } catch (error) {

src/routes/database-tokens.ts

@@ -1,8 +1,9 @@
 import { Hono } from 'hono';
-import { z, ZodError } from 'zod';
+import { z } from 'zod';
 import { createDatabaseToken, listDatabaseTokens, deleteDatabaseToken } from '../services/db/database-tokens';
 import { findDatabaseById, findDatabaseByName } from '../services/db/databases';
 import { DatabaseOperations } from '../types/schemas/database-token.schema';
+import { parseAndValidate } from '../utils/validate';
 
 const databaseTokens = new Hono();
 
@@ -58,12 +59,11 @@ databaseTokens.get('/:id/tokens', async (c) => {
 
 // POST /databases/:id/tokens - Create a new token
 databaseTokens.post('/:id/tokens', async (c) => {
-  try {
-    const userId = c.get('userId');
-    const idOrName = c.req.param('id');
-    const body = await c.req.json();
-    const input = CreateTokenSchema.parse(body);
+  const userId = c.get('userId');
+  const idOrName = c.req.param('id');
+  const input = await parseAndValidate(c, CreateTokenSchema);
 
+  try {
     // Verify database ownership
     const database = await findDatabase(userId, idOrName);
 
@@ -87,10 +87,6 @@ databaseTokens.post('/:id/tokens', async (c) => {
       201
     );
   } catch (error) {
-    if (error instanceof ZodError) {
-      return c.json({ error: 'Invalid input', details: error.issues }, 400);
-    }
-
     // Handle unique constraint violation (duplicate name)
     if (error instanceof Error && error.message.includes('unique constraint')) {
       return c.json({ error: 'A token with this name already exists for this database' }, 409);

src/routes/databases.ts

@@ -1,11 +1,11 @@
 import { Hono } from 'hono';
-import { z, ZodError } from 'zod';
+import { z } from 'zod';
 import { databasesService } from '../services/databases';
 import { getSystemToken } from '../services/db/database-tokens';
 import { PostgateClient } from '../services/postgate';
 import { postgate as postgateConfig } from '../config';
 import { DatabaseSchema, DatabaseCreateInputSchema } from '../types';
-import { jsonResponse, jsonArrayResponse } from '../utils/validate';
+import { jsonResponse, jsonArrayResponse, parseAndValidate } from '../utils/validate';
 import tables from './tables';
 
 const databases = new Hono();
@@ -48,23 +48,12 @@ databases.get('/:id', async (c) => {
 // POST /databases - Create new database
 databases.post('/', async (c) => {
   const userId = c.get('userId');
-  const body = await c.req.json();
+  const payload = await parseAndValidate(c, DatabaseCreateInputSchema);
 
   try {
-    const payload = DatabaseCreateInputSchema.parse(body);
     const db = await databasesService.create(userId, payload);
     return jsonResponse(c, DatabaseSchema, db, 201);
   } catch (error) {
-    if (error instanceof z.ZodError) {
-      return c.json(
-        {
-          error: 'Validation error',
-          details: error.issues
-        },
-        400
-      );
-    }
-
     console.error('Failed to create database:', error);
     return c.json(
       {
@@ -80,7 +69,6 @@ databases.post('/', async (c) => {
 databases.patch('/:id', async (c) => {
   const userId = c.get('userId');
   const idOrName = c.req.param('id');
-  const body = await c.req.json();
 
   const UpdateSchema = z.object({
     name: z.string().min(1).max(100).trim().optional(),
@@ -89,14 +77,15 @@ databases.patch('/:id', async (c) => {
     timeoutSeconds: z.number().int().positive().max(300).optional()
   });
 
+  const payload = await parseAndValidate(c, UpdateSchema);
+
   try {
     const existing = await databasesService.findByIdOrName(userId, idOrName);
 
     if (!existing) {
       return c.json({ error: 'Database not found' }, 404);
     }
 
-    const payload = UpdateSchema.parse(body);
     const db = await databasesService.update(userId, existing.id, payload);
 
     if (!db) {
@@ -105,16 +94,6 @@ databases.patch('/:id', async (c) => {
 
     return jsonResponse(c, DatabaseSchema, db);
   } catch (error) {
-    if (error instanceof z.ZodError) {
-      return c.json(
-        {
-          error: 'Validation error',
-          details: error.issues
-        },
-        400
-      );
-    }
-
     console.error('Failed to update database:', error);
     return c.json({ error: 'Failed to update database' }, 500);
   }
@@ -153,21 +132,18 @@ const ExecSchema = z.object({
 
 // POST /databases/:id/exec - Execute SQL on a database
 databases.post('/:id/exec', async (c) => {
-  try {
-    const userId = c.get('userId');
-    const idOrName = c.req.param('id');
+  const userId = c.get('userId');
+  const idOrName = c.req.param('id');
+  const { sql, params } = await parseAndValidate(c, ExecSchema);
 
+  try {
     // Verify database ownership
     const database = await databasesService.findByIdOrName(userId, idOrName);
 
     if (!database) {
       return c.json({ error: 'Database not found' }, 404);
     }
 
-    // Parse request body
-    const body = await c.req.json();
-    const { sql, params } = ExecSchema.parse(body);
-
     // Get or create system token for this database
     const systemToken = await getSystemToken(database.id);
 
@@ -180,10 +156,6 @@ databases.post('/:id/exec', async (c) => {
       rowCount: result.row_count
     });
   } catch (error) {
-    if (error instanceof ZodError) {
-      return c.json({ error: 'Invalid input', details: error.issues }, 400);
-    }
-
     console.error('SQL execution failed:', error);
     const message = error instanceof Error ? error.message : 'Unknown error';
     return c.json({ error: message }, 500);

src/routes/domains.ts

@@ -1,7 +1,7 @@
 import { Hono } from 'hono';
 import { domainsService } from '../services/domains';
 import { DomainSchema, DomainCreateInputSchema } from '../types';
-import { jsonResponse, jsonArrayResponse } from '../utils/validate';
+import { jsonResponse, jsonArrayResponse, parseAndValidate } from '../utils/validate';
 
 const domains = new Hono();
 
@@ -20,10 +20,9 @@ domains.get('/', async (c) => {
 // POST /domains - Create domain
 domains.post('/', async (c) => {
   const userId = c.get('userId');
-  const body = await c.req.json();
+  const payload = await parseAndValidate(c, DomainCreateInputSchema);
 
   try {
-    const payload = DomainCreateInputSchema.parse(body);
     const domain = await domainsService.create(userId, payload);
     return jsonResponse(c, DomainSchema, domain, 201);
   } catch (error) {