Skip to Content
Exercises04 tRPCExercise: protected procedure (tRPC + Zod)

Exercise: protected procedure (tRPC + Zod)

Goal

Implement a small feature that demonstrates our standard boundary:

  • UI calls tRPC
  • Zod validates input
  • auth middleware protects the procedure
  • server-only layer simulates a microservice call

Scenario

Create a “Teams” feature:

  • list teams
  • create a team (name required, 2–50 chars)

Requirements

  • Zod:
    • define an input schema for createTeam
    • map validation errors to UI field errors (friendly, specific)
  • Auth:
    • listTeams can be public (optional)
    • createTeam must be protected
  • Server-only integration:
    • “microservice call” must run server-side (module/function used by the procedure)
    • do not call it directly from the UI
  • Error handling:
    • user sees a friendly message
    • developer logs contain useful context (no secrets / no full payload dumps)

Acceptance criteria (entry)

  • Procedure is protected and cannot be called unauthenticated.
  • Invalid input never reaches the “microservice” layer.
  • UI shows field-level validation errors and handles server errors gracefully.

Stretch goals (mid)

  • Add an error taxonomy (e.g. validation vs auth vs upstream).
  • Add tests:
    • unit test for schema
    • procedure test with mocked integration layer

Stretch goals (senior)

  • Document folder/module boundaries you’d enforce for this feature in a real app.
  • Describe how you’d propagate correlation IDs / tracing to microservices.
Last updated on
Exercise: App Router boundaries (server vs client)Exercise: refactor JS → TS + tests