Add api validations.

pages/api/users/[id]/usage.ts

@@ -1,8 +1,9 @@
-import { useAuth, useCors } from 'lib/middleware';
+import { useAuth, useCors, useValidate } from 'lib/middleware';
 import { NextApiRequestQueryBody } from 'lib/types';
 import { NextApiResponse } from 'next';
 import { methodNotAllowed, ok, unauthorized } from 'next-basics';
 import { getEventDataUsage, getEventUsage, getUserWebsites } from 'queries';
+import * as yup from 'yup';
 
 export interface UserUsageRequestQuery {
   id: string;
@@ -21,6 +22,14 @@ export interface UserUsageRequestResponse {
   }[];
 }
 
+const schema = {
+  GET: yup.object().shape({
+    id: yup.string().uuid().required(),
+    startAt: yup.number().integer().required(),
+    endAt: yup.number().integer().moreThan(yup.ref('startAt')).required(),
+  }),
+};
+
 export default async (
   req: NextApiRequestQueryBody<UserUsageRequestQuery>,
   res: NextApiResponse<UserUsageRequestResponse>,
@@ -28,6 +37,9 @@ export default async (
   await useCors(req, res);
   await useAuth(req, res);
 
+  req.yup = schema;
+  await useValidate(req, res);
+
   const { user } = req.auth;
 
   if (req.method === 'GET') {