Merge fix/issue-9-input-validation: property type validation (closes #9)

JordanCoin · JordanCoin · commit 6dcfe1f279f4 · 2026-02-10T04:52:24.000-05:00
* fix/issue-9-input-validation: feat: add input validation for number/date/url/email before API calls (closes #9)
diff --git a/bin/notion.js b/bin/notion.js
@@ -277,7 +277,12 @@ async function buildProperties(dbIds, props) {
       process.exit(1);
     }
 
-    properties[schemaEntry.name] = buildPropValue(schemaEntry.type, value);
+    const built = buildPropValue(schemaEntry.type, value);
+    if (built && built.error) {
+      console.error(`Invalid value for "${schemaEntry.name}" (${schemaEntry.type}): ${built.error}`);
+      process.exit(1);
+    }
+    properties[schemaEntry.name] = built;
   }
 
   return properties;
diff --git a/lib/format.js b/lib/format.js
@@ -2,6 +2,25 @@
 
 /** UUID regex pattern used for validation */
 const UUID_REGEX = /^[0-9a-f-]{32,36}$/i;
+const ISO_DATE_ONLY_REGEX = /^\d{4}-\d{2}-\d{2}$/;
+const ISO_DATE_TIME_REGEX = /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})$/;
+
+function isValidIsoDate(value) {
+  if (typeof value !== 'string') return false;
+  if (ISO_DATE_ONLY_REGEX.test(value)) {
+    const date = new Date(value);
+    if (Number.isNaN(date.getTime())) return false;
+    const [year, month, day] = value.split('-').map(Number);
+    return date.getUTCFullYear() === year
+      && date.getUTCMonth() + 1 === month
+      && date.getUTCDate() === day;
+  }
+  if (ISO_DATE_TIME_REGEX.test(value)) {
+    const date = new Date(value);
+    return !Number.isNaN(date.getTime());
+  }
+  return false;
+}
 
 /** Extract plain text from rich_text array */
 function richTextToPlain(rt) {
@@ -86,19 +105,33 @@ function buildPropValue(type, value) {
       return { title: [{ text: { content: value } }] };
     case 'rich_text':
       return { rich_text: [{ text: { content: value } }] };
-    case 'number':
-      return { number: Number(value) };
+    case 'number': {
+      const num = Number(value);
+      if (Number.isNaN(num)) {
+        return { error: `Invalid number value: "${value}"` };
+      }
+      return { number: num };
+    }
     case 'select':
       return { select: { name: value } };
     case 'multi_select':
       return { multi_select: value.split(',').map(v => ({ name: v.trim() })) };
     case 'date':
+      if (!isValidIsoDate(value)) {
+        return { error: `Invalid date value: "${value}" (expected YYYY-MM-DD or full ISO 8601)` };
+      }
       return { date: { start: value } };
     case 'checkbox':
       return { checkbox: value === 'true' || value === '1' || value === 'yes' };
     case 'url':
+      if (!value.startsWith('http://') && !value.startsWith('https://')) {
+        return { error: `Invalid URL value: "${value}" (expected http:// or https://)` };
+      }
       return { url: value };
     case 'email':
+      if (!value.includes('@')) {
+        return { error: `Invalid email value: "${value}" (expected "@" in address)` };
+      }
       return { email: value };
     case 'phone_number':
       return { phone_number: value };
diff --git a/test/unit.test.js b/test/unit.test.js
@@ -284,6 +284,12 @@ describe('buildPropValue', () => {
     assert.deepEqual(buildPropValue('number', '3.14'), { number: 3.14 });
   });
 
+  it('rejects invalid number property', () => {
+    assert.deepEqual(buildPropValue('number', 'abc'), {
+      error: 'Invalid number value: "abc"',
+    });
+  });
+
   it('builds select property', () => {
     assert.deepEqual(buildPropValue('select', 'Option A'), {
       select: { name: 'Option A' },
@@ -308,6 +314,18 @@ describe('buildPropValue', () => {
     });
   });
 
+  it('builds date property with full ISO date-time', () => {
+    assert.deepEqual(buildPropValue('date', '2024-01-15T10:30:00Z'), {
+      date: { start: '2024-01-15T10:30:00Z' },
+    });
+  });
+
+  it('rejects invalid date property', () => {
+    assert.deepEqual(buildPropValue('date', '2024-13-01'), {
+      error: 'Invalid date value: "2024-13-01" (expected YYYY-MM-DD or full ISO 8601)',
+    });
+  });
+
   it('builds checkbox property — true values', () => {
     assert.deepEqual(buildPropValue('checkbox', 'true'), { checkbox: true });
     assert.deepEqual(buildPropValue('checkbox', '1'), { checkbox: true });
@@ -327,12 +345,24 @@ describe('buildPropValue', () => {
     });
   });
 
+  it('rejects invalid url property', () => {
+    assert.deepEqual(buildPropValue('url', 'example.com'), {
+      error: 'Invalid URL value: "example.com" (expected http:// or https://)',
+    });
+  });
+
   it('builds email property', () => {
     assert.deepEqual(buildPropValue('email', 'user@test.com'), {
       email: 'user@test.com',
     });
   });
 
+  it('rejects invalid email property', () => {
+    assert.deepEqual(buildPropValue('email', 'user.test.com'), {
+      error: 'Invalid email value: "user.test.com" (expected "@" in address)',
+    });
+  });
+
   it('builds phone_number property', () => {
     assert.deepEqual(buildPropValue('phone_number', '+1234567890'), {
       phone_number: '+1234567890',

Original file line number	Diff line number	Diff line change
`@@ -277,7 +277,12 @@ async function buildProperties(dbIds, props) {`
`277`	`277`	`process.exit(1);`
`278`	`278`	`}`
`279`	`279`
`280`		`- properties[schemaEntry.name] = buildPropValue(schemaEntry.type, value);`
	`280`	`+ const built = buildPropValue(schemaEntry.type, value);`
	`281`	`+ if (built && built.error) {`
	`282`	+ console.error(`Invalid value for "${schemaEntry.name}" (${schemaEntry.type}): ${built.error}`);
	`283`	`+ process.exit(1);`
	`284`	`+ }`
	`285`	`+ properties[schemaEntry.name] = built;`
`281`	`286`	`}`
`282`	`287`
`283`	`288`	`return properties;`