Merge pull request #1418 from cisagov/AL-crasm-3561-catch-CTIPS-blocks

cduhn17 · web-flow · commit bffd5a7fe11b · 2025-12-22T09:01:23.000-06:00
CRASM-3561: Make sure telemetrySchema is defined and zod installed
diff --git a/frontend/package-lock.json b/frontend/package-lock.json
diff --git a/frontend/package.json b/frontend/package.json
@@ -48,7 +48,8 @@
     "react-select": "^5.5.9",
     "react-table": "^7.8.0",
     "serverless-http": "^3.2.0",
-    "universal-cookie": "^7.2.2"
+    "universal-cookie": "^7.2.2",
+    "zod": "^4.2.1"
   },
   "devDependencies": {
     "@testing-library/jest-dom": "^6.6.3",
diff --git a/frontend/scripts/api.js b/frontend/scripts/api.js
@@ -9,11 +9,20 @@ import cors from 'cors';
 import helmet from 'helmet';
 import express from 'express';
 import path from 'path';
+import { z } from 'zod';
 
 export const app = express();
 
-// JSON body parsing needed for telemetry POST
-app.use(express.json({ limit: '10kb' }));
+const telemetrySchema = z.object({
+  type: z.string(),
+  path: z.string().optional(),
+  status: z.number().nullable().optional(),
+  server: z.string().nullable().optional(),
+  via: z.string().nullable().optional(),
+  cfRay: z.string().nullable().optional(),
+  cfCacheStatus: z.string().nullable().optional(),
+  ts: z.number().optional()
+});
 
 // Rate limiting middleware (per IP, ~1 req/sec over 5 min)
 const telemetryLimiter = rateLimit({
@@ -47,6 +56,9 @@ function getErrorMessage(err) {
   }
 }
 
+// JSON body parsing needed for telemetry POST
+app.use(express.json({ limit: '10kb' }));
+
 // These CORS origins work in all Crossfeed environments
 app.use(
   cors({
