Conversation
Introduces a generic Result<T, E> discriminated union type for type-safe error handling without exceptions. This pattern allows functions to return either success (ok: true, value: T) or failure (ok: false, error: E) in a way that TypeScript can narrow. Helper functions ok() and err() simplify creating Result instances.
Implements comprehensive validation for checkout metadata to prevent security issues before database persistence. Validates key count, key format/length, value encoding, control characters, and total serialized size. Validation collects all errors and reports them together, making it easier for users to fix multiple issues. Error messages include the specific key name for value-related errors.
edf9f99 to
736f3ae
Compare
736f3ae to
01d1159
Compare
| * Returns all validation errors found, allowing users to fix multiple issues at once. | ||
| * | ||
| * @param metadata - The metadata object to validate, or undefined | ||
| * @returns A Result containing either success (ok: true) or an array of validation errors (ok: false) |
There was a problem hiding this comment.
or an array of validation errors
yeah, good call.
the key is set by our user, but the value can come from the user’s visitor, so abuse might not be the user’s fault. we need to tell them exactly which metadata entry failed and why, so they can surface a clear error to the visitor and handle it cleanly, instead of things breaking with no explanation.
on the mdk-checkout side, we should add strongly typed errors to createCheckout so our users can reliably tell what went wrong and respond accordingly (unrelated to this issue, but right now it may fail because they didn't set the apiKey / mnemonic OR because the metadata validation failed OR because VSS is down. we need to tell them what's going on. right now it just fails silently)
There was a problem hiding this comment.
Agreed. I'm a big fan of modelling the error domain.
martinsaposnic
left a comment
There was a problem hiding this comment.
love the haskellish Result
Implements validation for checkout metadata.
Validation Rules
The validation enforces the following security constraints:
Benefits