fix: remove zod from server bundle

Author: farnabaz

src/runtime/api/query.post.ts

@@ -1,12 +1,11 @@
-import { eventHandler, getRouterParam, readValidatedBody } from 'h3'
-import * as z from 'zod'
+import { eventHandler, getRouterParam, readBody } from 'h3'
 import type { RuntimeConfig } from '@nuxt/content'
 import loadDatabaseAdapter, { checkAndImportDatabaseIntegrity } from '../internal/database.server'
 import { assertSafeQuery } from '../internal/security'
 import { useRuntimeConfig } from '#imports'
 
 export default eventHandler(async (event) => {
-  const { sql } = await readValidatedBody(event, z.object({ sql: z.string() }).parse)
+  const { sql } = await readBody(event)
   const collection = getRouterParam(event, 'collection')!
 
   assertSafeQuery(sql, collection)

src/runtime/internal/security.ts

@@ -12,6 +12,10 @@ const SQL_SELECT_REGEX = /^SELECT (.*) FROM (\w+)( WHERE .*)? ORDER BY (["\w,\s]
  * @returns True if the query is safe, false otherwise
  */
 export function assertSafeQuery(sql: string, collection: string) {
+  if (!sql) {
+    throw new Error('Invalid query')
+  }
+
   const cleanedupQuery = cleanupQuery(sql)
 
   // Query is invalid if the cleaned up query is not the same as the original query (it contains comments)

test/unit/assertSafeQuery.test.ts

@@ -17,6 +17,7 @@ describe('decompressSQLDump', () => {
   })
 
   const queries = {
+    '': false,
     'SELECT * FROM sqlite_master': false,
     'INSERT INTO _test VALUES (\'abc\')': false,
     'CREATE TABLE _test (id TEXT PRIMARY KEY)': false,