feat(kyc): expose validation formats so clients don't hardcode the swissPaymentText regex#3911
Open
TaprootFreak wants to merge 1 commit into
Open
feat(kyc): expose validation formats so clients don't hardcode the swissPaymentText regex#3911TaprootFreak wants to merge 1 commit into
TaprootFreak wants to merge 1 commit into
Conversation
…issPaymentText regex Add a lightweight, cacheable GET /v1/config endpoint that surfaces the authoritative input validation pattern(s) from Config.formats. Clients fetch it once and validate user input against the API-provided regex at runtime instead of keeping a hardcoded mirror that silently drifts when Config.formats changes. Currently exposes swissPaymentText (the allowed character set for name/address fields). The response shape is a typed formats map, so additional patterns can be added additively without breaking clients. The field is optional from a consumer's perspective: legacy clients keep their existing behaviour, new clients consume the API pattern. The server keeps re-validating authoritatively.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #3910
What
Adds a lightweight, cacheable
GET /v1/configendpoint that surfaces the authoritative input validation pattern(s) fromConfig.formats, so API consumers validate user input against an API-provided value at runtime instead of hardcoding a mirror of the regex.Clients compile
new RegExp(pattern, flags)once per session and use it for inline validation. The server keeps re-validating authoritatively (@IsSwissPaymentText(), unchanged).Why
Per
CONTRIBUTING.md→ "API as Decision Authority", which characters are valid is a business rule the API owns and clients render, not re-implement. Today the RealUnit app keeps a byte-for-byte copy of the regex; ifConfig.formats.swissPaymentTextchanges, every consumer's hardcoded copy silently diverges. This also tempted a client into a stricter-than-API postal-code rule that blocked foreign alphanumeric ZIPs (NL1011 AB, UKEC1A 1BB, …).Design notes
pattern/flagsdirectly fromConfig.formats; nothing is duplicated. A unit test recompiles the exposed pattern and asserts it behaves identically to the server-side validator for representative inputs (no-drift guard).ConfigDto) rather than per-user on/v2/user.swissPaymentText(the concrete consumer need). The typedFormatsDtomap lets further patterns be added additively/backwards-compatibly.Cache-Control: public, max-age=3600.Cross-consumer
Benefits every consumer that mirrors the regex. Adoption happens in follow-up pair-PRs (e.g. RealUnit app) once this lands on
develop, deleting the local mirror in the same PR (rule #6).Tests
src/app.controller.spec.ts:swissPaymentTextwithpattern/flagsequal toConfig.formats.swissPaymentTextRun locally on m5me (node 20.20.2):
format:check,type-check,eslint, and the spec — all green.