feat(api): stricter user data api types checking

src/app/api/user/me/validation.ts

@@ -5,6 +5,7 @@ import {
   newUserEmailServerSchema,
   newUserNameServerSchema,
   passwordSchema,
+  timezoneSchema,
 } from '@/app/api/user/validation';
 
 // ----------------------------------------
@@ -17,8 +18,8 @@ export const updateUserServerSchema = zod.object({
   first_name: firstNameSchema.optional(),
   last_name: lastNameSchema.optional(),
   email: newUserEmailServerSchema.optional(),
-  image: zod.string().optional(),
-  timezone: zod.string().optional(),
+  image: zod.url().optional(),
+  timezone: timezoneSchema.optional(),
 });
 
 export const updateUserPasswordServerSchema = zod.object({

src/app/api/user/validation.ts

@@ -1,6 +1,7 @@
 import { extendZodWithOpenApi } from '@asteasolutions/zod-to-openapi';
 import { prisma } from '@/prisma';
 import zod from 'zod/v4';
+import { allTimeZones } from '@/lib/timezones';
 
 extendZodWithOpenApi(zod);
 
@@ -107,6 +108,17 @@ export const passwordSchema = zod
     'Password must contain at least one uppercase letter, one lowercase letter, one number, and one special character',
   );
 
+// ----------------------------------------
+//
+// Timezone Validation
+//
+// ----------------------------------------
+export const timezoneSchema = zod
+  .enum(allTimeZones)
+  .openapi('Timezone', {
+    description: 'Valid timezone from the list of supported timezones',
+  });
+
 // ----------------------------------------
 //
 // User Schema Validation (for API responses)
@@ -119,8 +131,8 @@ export const FullUserSchema = zod
     first_name: zod.string().nullish(),
     last_name: zod.string().nullish(),
     email: zod.email(),
-    image: zod.string().nullish(),
-    timezone: zod.string(),
+    image: zod.url().nullish(),
+    timezone: zod.string().refine((i) => (allTimeZones as string[]).includes(i)).nullish(),
     created_at: zod.date(),
     updated_at: zod.date(),
   })