tighten zod validation for segment parameters

src/app/api/websites/[websiteId]/segments/route.ts

@@ -2,7 +2,7 @@ import { z } from 'zod';
 import { uuid } from '@/lib/crypto';
 import { getQueryFilters, parseRequest } from '@/lib/request';
 import { json, unauthorized } from '@/lib/response';
-import { anyObjectParam, searchParams, segmentTypeParam } from '@/lib/schema';
+import { searchParams, segmentParametersSchema, segmentTypeParam } from '@/lib/schema';
 import { canUpdateWebsite, canViewWebsite } from '@/permissions';
 import { createSegment, getWebsiteSegments } from '@/queries/prisma';
 
@@ -42,7 +42,7 @@ export async function POST(
   const schema = z.object({
     type: segmentTypeParam,
     name: z.string().max(200),
-    parameters: anyObjectParam,
+    parameters: segmentParametersSchema,
   });
 
   const { auth, body, error } = await parseRequest(request, schema);

src/lib/schema.ts

@@ -104,6 +104,23 @@ export const reportTypeParam = z.enum([
   'utm',
 ]);
 
+export const operatorParam = z.enum([
+  'eq',
+  'neq',
+  's',
+  'ns',
+  'c',
+  'dnc',
+  't',
+  'f',
+  'gt',
+  'lt',
+  'gte',
+  'lte',
+  'bf',
+  'af',
+]);
+
 export const goalReportSchema = z.object({
   type: z.literal('goal'),
   parameters: z
@@ -231,3 +248,22 @@ export const reportResultSchema = z.intersection(
 );
 
 export const segmentTypeParam = z.enum(['segment', 'cohort']);
+
+export const segmentParametersSchema = z.object({
+  filters: z
+    .array(
+      z.object({
+        name: z.string(),
+        operator: operatorParam,
+        value: z.string(),
+      }),
+    )
+    .optional(),
+  dateRange: z.string().optional(),
+  action: z
+    .object({
+      type: z.string(),
+      value: z.string(),
+    })
+    .optional(),
+});