Add api validations.

pages/api/reports/funnel.ts

@@ -1,9 +1,10 @@
 import { canViewWebsite } from 'lib/auth';
-import { useCors, useAuth } from 'lib/middleware';
+import { useAuth, useCors, useValidate } from 'lib/middleware';
 import { NextApiRequestQueryBody } from 'lib/types';
 import { NextApiResponse } from 'next';
-import { ok, methodNotAllowed, unauthorized } from 'next-basics';
+import { methodNotAllowed, ok, unauthorized } from 'next-basics';
 import { getFunnel } from 'queries';
+import * as yup from 'yup';
 
 export interface FunnelRequestBody {
   websiteId: string;
@@ -22,6 +23,21 @@ export interface FunnelResponse {
   endAt: number;
 }
 
+const schema = {
+  POST: yup.object().shape({
+    websiteId: yup.string().uuid().required(),
+    urls: yup.array().min(2).of(yup.string()).required(),
+    window: yup.number().positive().required(),
+    dateRange: yup
+      .object()
+      .shape({
+        startDate: yup.date().required(),
+        endDate: yup.date().required(),
+      })
+      .required(),
+  }),
+};
+
 export default async (
   req: NextApiRequestQueryBody<any, FunnelRequestBody>,
   res: NextApiResponse<FunnelResponse>,
@@ -29,6 +45,9 @@ export default async (
   await useCors(req, res);
   await useAuth(req, res);
 
+  req.yup = schema;
+  await useValidate(req, res);
+
   if (req.method === 'POST') {
     const {
       websiteId,