From 113a03c2bebda1d2797364b0f0034ad60f0b6608 Mon Sep 17 00:00:00 2001
From: Victor <vdiaz03@uoc.edu>
Date: Tue, 23 Jun 2026 22:13:14 -0400
Subject: [PATCH] feat: validate user creation body

---
 apps/api/src/routes/users.ts | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/apps/api/src/routes/users.ts b/apps/api/src/routes/users.ts
index 8d7f6d2ee..1348d2d66 100644
--- a/apps/api/src/routes/users.ts
+++ b/apps/api/src/routes/users.ts
@@ -10,6 +10,20 @@ router.get("/", (_req, res) => {
 });
 
 router.post("/", (req, res) => {
+  if (!req.body || typeof req.body !== "object" || Array.isArray(req.body)) {
+    return res.status(400).json({
+      error: "Invalid request body.",
+      message: "Expected a JSON object for user creation."
+    });
+  }
+
+  if (typeof req.body.email !== "string" || req.body.email.trim() === "") {
+    return res.status(400).json({
+      error: "Invalid email.",
+      message: "A non-empty email is required to create a user."
+    });
+  }
+
   res.status(201).json({
     data: {
       id: "stub-user-id",