core: improve session API reliability with proper input validation

2025-12-21 09:44:21 +01:00 · 2025-10-06 19:37:30 -04:00
parent aee240150b
commit 10998d62b9
6 changed files with 139 additions and 118 deletions
--- a/packages/opencode/src/server/server.ts
+++ b/packages/opencode/src/server/server.ts
@@ -31,7 +31,6 @@ import { SessionRevert } from "../session/revert"
 import { lazy } from "../util/lazy"
 import { Todo } from "../session/todo"
 import { InstanceBootstrap } from "../project/bootstrap"
-import { Identifier } from "@/id/id"

 const ERRORS = {
  400: {
@@ -308,7 +307,7 @@ export namespace Server {
        validator(
          "param",
          z.object({
-            id: z.string(),
+            id: Session.get.schema,
          }),
        ),
        async (c) => {
@@ -336,7 +335,7 @@ export namespace Server {
        validator(
          "param",
          z.object({
-            id: z.string(),
+            id: Session.children.schema,
          }),
        ),
        async (c) => {
@@ -390,18 +389,10 @@ export namespace Server {
            },
          },
        }),
-        validator(
-          "json",
-          z
-            .object({
-              parentID: z.string().optional(),
-              title: z.string().optional(),
-            })
-            .optional(),
-        ),
+        validator("json", Session.create.schema.optional()),
        async (c) => {
          const body = c.req.valid("json") ?? {}
-          const session = await Session.create(body.parentID, body.title)
+          const session = await Session.create(body)
          return c.json(session)
        },
      )
@@ -424,7 +415,7 @@ export namespace Server {
        validator(
          "param",
          z.object({
-            id: z.string(),
+            id: Session.remove.schema,
          }),
        ),
        async (c) => {
@@ -495,14 +486,7 @@ export namespace Server {
            id: z.string().meta({ description: "Session ID" }),
          }),
        ),
-        validator(
-          "json",
-          z.object({
-            messageID: z.string(),
-            providerID: z.string(),
-            modelID: z.string(),
-          }),
-        ),
+        validator("json", Session.initialize.schema.omit({ sessionID: true })),
        async (c) => {
          const sessionID = c.req.valid("param").id
          const body = c.req.valid("json")
@@ -529,7 +513,7 @@ export namespace Server {
        validator(
          "param",
          z.object({
-            id: Identifier.schema("session").meta({ description: "Session ID" }),
+            id: Session.fork.schema.shape.sessionID,
          }),
        ),
        validator("json", Session.fork.schema.omit({ sessionID: true })),
@@ -614,7 +598,7 @@ export namespace Server {
        validator(
          "param",
          z.object({
-            id: z.string(),
+            id: Session.unshare.schema,
          }),
        ),
        async (c) => {
@@ -717,7 +701,7 @@ export namespace Server {
        ),
        async (c) => {
          const params = c.req.valid("param")
-          const message = await Session.getMessage(params.id, params.messageID)
+          const message = await Session.getMessage({ sessionID: params.id, messageID: params.messageID })
          return c.json(message)
        },
      )