"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.validate = validate;
const zod_1 = require("zod");
const error_handler_1 = require("./error-handler");
function validate(schema, source = 'body') {
    return (req, _res, next) => {
        try {
            const data = schema.parse(req[source]);
            req[source] = data;
            next();
        }
        catch (err) {
            if (err instanceof zod_1.ZodError) {
                // Sanitize validation errors - only expose field count, not detailed messages
                const fieldCount = err.errors.length;
                throw new error_handler_1.AppError(400, `Invalid request data: ${fieldCount} field(s) failed validation`, 'VALIDATION_ERROR');
            }
            throw err;
        }
    };
}
//# sourceMappingURL=validate.js.map