Merge branch 'dev' into feat/login-page-customization

2026-01-28 22:00:51 +00:00 · 2025-11-17 22:18:32 +01:00
parent 83f36bce9d 80a68507cd
commit 0d0c43f72b
222 changed files with 3625 additions and 1759 deletions
--- a/server/routers/accessToken/deleteAccessToken.ts
+++ b/server/routers/accessToken/deleteAccessToken.ts
@@ -10,11 +10,9 @@ import { and, eq } from "drizzle-orm";
 import { db } from "@server/db";
 import { OpenAPITags, registry } from "@server/openApi";

-const deleteAccessTokenParamsSchema = z
-    .object({
+const deleteAccessTokenParamsSchema = z.strictObject({
        accessTokenId: z.string()
-    })
-    .strict();
+    });

 registry.registerPath({
    method: "delete",
--- a/server/routers/accessToken/generateAccessToken.ts
+++ b/server/routers/accessToken/generateAccessToken.ts
@@ -24,22 +24,18 @@ import { encodeHexLowerCase } from "@oslojs/encoding";
 import { sha256 } from "@oslojs/crypto/sha2";
 import { OpenAPITags, registry } from "@server/openApi";

-export const generateAccessTokenBodySchema = z
-    .object({
-        validForSeconds: z.number().int().positive().optional(), // seconds
+export const generateAccessTokenBodySchema = z.strictObject({
+        validForSeconds: z.int().positive().optional(), // seconds
        title: z.string().optional(),
        description: z.string().optional()
-    })
-    .strict();
+    });

-export const generateAccssTokenParamsSchema = z
-    .object({
+export const generateAccssTokenParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 export type GenerateAccessTokenResponse = Omit<
    ResourceAccessToken,
--- a/server/routers/accessToken/listAccessTokens.ts
+++ b/server/routers/accessToken/listAccessTokens.ts
@@ -17,18 +17,16 @@ import stoi from "@server/lib/stoi";
 import { fromZodError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";

-const listAccessTokensParamsSchema = z
-    .object({
+const listAccessTokensParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .optional()
            .transform(stoi)
-            .pipe(z.number().int().positive().optional()),
+            .pipe(z.int().positive().optional()),
        orgId: z.string().optional()
    })
-    .strict()
    .refine((data) => !!data.resourceId !== !!data.orgId, {
-        message: "Either resourceId or orgId must be provided, but not both"
+        error: "Either resourceId or orgId must be provided, but not both"
    });

 const listAccessTokensSchema = z.object({
@@ -37,14 +35,14 @@ const listAccessTokensSchema = z.object({
        .optional()
        .default("1000")
        .transform(Number)
-        .pipe(z.number().int().nonnegative()),
+        .pipe(z.int().nonnegative()),

    offset: z
        .string()
        .optional()
        .default("0")
        .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });

 function queryAccessTokens(
--- a/server/routers/apiKeys/createRootApiKey.ts
+++ b/server/routers/apiKeys/createRootApiKey.ts
@@ -14,11 +14,9 @@ import {
 import logger from "@server/logger";
 import { hashPassword } from "@server/auth/password";

-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
        name: z.string().min(1).max(255)
-    })
-    .strict();
+    });

 export type CreateRootApiKeyBody = z.infer<typeof bodySchema>;

--- a/server/routers/apiKeys/listApiKeyActions.ts
+++ b/server/routers/apiKeys/listApiKeyActions.ts
@@ -20,13 +20,13 @@ const querySchema = z.object({
        .optional()
        .default("1000")
        .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
    offset: z
        .string()
        .optional()
        .default("0")
        .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });

 function queryActions(apiKeyId: string) {
--- a/server/routers/apiKeys/listOrgApiKeys.ts
+++ b/server/routers/apiKeys/listOrgApiKeys.ts
@@ -16,13 +16,13 @@ const querySchema = z.object({
        .optional()
        .default("1000")
        .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
    offset: z
        .string()
        .optional()
        .default("0")
        .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });

 const paramsSchema = z.object({
--- a/server/routers/apiKeys/listRootApiKeys.ts
+++ b/server/routers/apiKeys/listRootApiKeys.ts
@@ -15,13 +15,13 @@ const querySchema = z.object({
        .optional()
        .default("1000")
        .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
    offset: z
        .string()
        .optional()
        .default("0")
        .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });

 function queryApiKeys() {
--- a/server/routers/apiKeys/setApiKeyActions.ts
+++ b/server/routers/apiKeys/setApiKeyActions.ts
@@ -10,13 +10,10 @@ import { fromError } from "zod-validation-error";
 import { eq, and, inArray } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";

-const bodySchema = z
-    .object({
-        actionIds: z
-            .array(z.string().nonempty())
+const bodySchema = z.strictObject({
+        actionIds: z.tuple([z.string()], z.string())
            .transform((v) => Array.from(new Set(v)))
-    })
-    .strict();
+    });

 const paramsSchema = z.object({
    apiKeyId: z.string().nonempty()
--- a/server/routers/apiKeys/setApiKeyOrgs.ts
+++ b/server/routers/apiKeys/setApiKeyOrgs.ts
@@ -9,13 +9,10 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { eq, and, inArray } from "drizzle-orm";

-const bodySchema = z
-    .object({
-        orgIds: z
-            .array(z.string().nonempty())
+const bodySchema = z.strictObject({
+        orgIds: z.tuple([z.string()], z.string())
            .transform((v) => Array.from(new Set(v)))
-    })
-    .strict();
+    });

 const paramsSchema = z.object({
    apiKeyId: z.string().nonempty()
--- a/server/routers/auditLogs/queryRequstAuditLog.ts
+++ b/server/routers/auditLogs/queryRequstAuditLog.ts
@@ -17,17 +17,17 @@ export const queryAccessAuditLogsQuery = z.object({
    timeStart: z
        .string()
        .refine((val) => !isNaN(Date.parse(val)), {
-            message: "timeStart must be a valid ISO date string"
+            error: "timeStart must be a valid ISO date string"
        })
        .transform((val) => Math.floor(new Date(val).getTime() / 1000)),
    timeEnd: z
        .string()
        .refine((val) => !isNaN(Date.parse(val)), {
-            message: "timeEnd must be a valid ISO date string"
+            error: "timeEnd must be a valid ISO date string"
        })
        .transform((val) => Math.floor(new Date(val).getTime() / 1000))
        .optional()
-        .default(new Date().toISOString()),
+        .prefault(new Date().toISOString()),
    action: z
        .union([z.boolean(), z.string()])
        .transform((val) => (typeof val === "string" ? val === "true" : val))
@@ -37,13 +37,13 @@ export const queryAccessAuditLogsQuery = z.object({
        .string()
        .optional()
        .transform(Number)
-        .pipe(z.number().int().positive())
+        .pipe(z.int().positive())
        .optional(),
    resourceId: z
        .string()
        .optional()
        .transform(Number)
-        .pipe(z.number().int().positive())
+        .pipe(z.int().positive())
        .optional(),
    actor: z.string().optional(),
    location: z.string().optional(),
@@ -54,13 +54,13 @@ export const queryAccessAuditLogsQuery = z.object({
        .optional()
        .default("1000")
        .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
    offset: z
        .string()
        .optional()
        .default("0")
        .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });

 export const queryRequestAuditLogsParams = z.object({
--- a/server/routers/auth/changePassword.ts
+++ b/server/routers/auth/changePassword.ts
@@ -22,13 +22,11 @@ import { sendEmail } from "@server/emails";
 import ConfirmPasswordReset from "@server/emails/templates/NotifyResetPassword";
 import config from "@server/lib/config";

-export const changePasswordBody = z
-    .object({
+export const changePasswordBody = z.strictObject({
        oldPassword: z.string(),
        newPassword: passwordSchema,
        code: z.string().optional()
-    })
-    .strict();
+    });

 export type ChangePasswordBody = z.infer<typeof changePasswordBody>;

--- a/server/routers/auth/checkResourceSession.ts
+++ b/server/routers/auth/checkResourceSession.ts
@@ -7,10 +7,10 @@ import { response } from "@server/lib/response";
 import { validateResourceSessionToken } from "@server/auth/sessions/resource";
 import logger from "@server/logger";

-export const params = z.object({
+export const params = z.strictObject({
    token: z.string(),
-    resourceId: z.string().transform(Number).pipe(z.number().int().positive()),
-}).strict();
+    resourceId: z.string().transform(Number).pipe(z.int().positive()),
+});

 export type CheckResourceSessionParams = z.infer<typeof params>;

--- a/server/routers/auth/disable2fa.ts
+++ b/server/routers/auth/disable2fa.ts
@@ -16,12 +16,10 @@ import config from "@server/lib/config";
 import { unauthorized } from "@server/auth/unauthorizedResponse";
 import { UserType } from "@server/types/UserTypes";

-export const disable2faBody = z
-    .object({
+export const disable2faBody = z.strictObject({
        password: z.string(),
        code: z.string().optional()
-    })
-    .strict();
+    });

 export type Disable2faBody = z.infer<typeof disable2faBody>;

--- a/server/routers/auth/login.ts
+++ b/server/routers/auth/login.ts
@@ -20,14 +20,12 @@ import { verifySession } from "@server/auth/sessions/verifySession";
 import { UserType } from "@server/types/UserTypes";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";

-export const loginBodySchema = z
-    .object({
-        email: z.string().toLowerCase().email(),
+export const loginBodySchema = z.strictObject({
+        email: z.email().toLowerCase(),
        password: z.string(),
        code: z.string().optional(),
        resourceGuid: z.string().optional()
-    })
-    .strict();
+    });

 export type LoginBody = z.infer<typeof loginBodySchema>;

--- a/server/routers/auth/requestPasswordReset.ts
+++ b/server/routers/auth/requestPasswordReset.ts
@@ -17,11 +17,9 @@ import ResetPasswordCode from "@server/emails/templates/ResetPasswordCode";
 import { hashPassword } from "@server/auth/password";
 import { UserType } from "@server/types/UserTypes";

-export const requestPasswordResetBody = z
-    .object({
-        email: z.string().toLowerCase().email()
-    })
-    .strict();
+export const requestPasswordResetBody = z.strictObject({
+        email: z.email().toLowerCase()
+    });

 export type RequestPasswordResetBody = z.infer<typeof requestPasswordResetBody>;

--- a/server/routers/auth/requestTotpSecret.ts
+++ b/server/routers/auth/requestTotpSecret.ts
@@ -16,12 +16,10 @@ import { UserType } from "@server/types/UserTypes";
 import { verifySession } from "@server/auth/sessions/verifySession";
 import config from "@server/lib/config";

-export const requestTotpSecretBody = z
-    .object({
+export const requestTotpSecretBody = z.strictObject({
        password: z.string(),
-        email: z.string().email().optional()
-    })
-    .strict();
+        email: z.email().optional()
+    });

 export type RequestTotpSecretBody = z.infer<typeof requestTotpSecretBody>;

--- a/server/routers/auth/resetPassword.ts
+++ b/server/routers/auth/resetPassword.ts
@@ -17,14 +17,12 @@ import ConfirmPasswordReset from "@server/emails/templates/NotifyResetPassword";
 import { sendEmail } from "@server/emails";
 import { passwordSchema } from "@server/auth/passwordSchema";

-export const resetPasswordBody = z
-    .object({
-        email: z.string().toLowerCase().email(),
+export const resetPasswordBody = z.strictObject({
+        email: z.email().toLowerCase(),
        token: z.string(), // reset secret code
        newPassword: passwordSchema,
        code: z.string().optional() // 2fa code
-    })
-    .strict();
+    });

 export type ResetPasswordBody = z.infer<typeof resetPasswordBody>;

--- a/server/routers/auth/securityKey.ts
+++ b/server/routers/auth/securityKey.ts
@@ -99,28 +99,28 @@ async function clearChallenge(sessionId: string) {
    await db.delete(webauthnChallenge).where(eq(webauthnChallenge.sessionId, sessionId));
 }

-export const registerSecurityKeyBody = z.object({
+export const registerSecurityKeyBody = z.strictObject({
    name: z.string().min(1),
    password: z.string().min(1),
    code: z.string().optional()
-}).strict();
+});

-export const verifyRegistrationBody = z.object({
+export const verifyRegistrationBody = z.strictObject({
    credential: z.any()
-}).strict();
+});

-export const startAuthenticationBody = z.object({
-    email: z.string().email().optional()
-}).strict();
+export const startAuthenticationBody = z.strictObject({
+    email: z.email().optional()
+});

-export const verifyAuthenticationBody = z.object({
+export const verifyAuthenticationBody = z.strictObject({
    credential: z.any()
-}).strict();
+});

-export const deleteSecurityKeyBody = z.object({
+export const deleteSecurityKeyBody = z.strictObject({
    password: z.string().min(1),
    code: z.string().optional()
-}).strict();
+});

 export async function startRegistration(
    req: Request,
--- a/server/routers/auth/setServerAdmin.ts
+++ b/server/routers/auth/setServerAdmin.ts
@@ -14,7 +14,7 @@ import { UserType } from "@server/types/UserTypes";
 import moment from "moment";

 export const bodySchema = z.object({
-    email: z.string().toLowerCase().email(),
+    email: z.email().toLowerCase(),
    password: passwordSchema,
    setupToken: z.string().min(1, "Setup token is required")
 });
--- a/server/routers/auth/signup.ts
+++ b/server/routers/auth/signup.ts
@@ -26,7 +26,7 @@ import { build } from "@server/build";
 import resend, { AudienceIds, moveEmailToAudience } from "#dynamic/lib/resend";

 export const signupBodySchema = z.object({
-    email: z.string().toLowerCase().email(),
+    email: z.email().toLowerCase(),
    password: passwordSchema,
    inviteToken: z.string().optional(),
    inviteId: z.string().optional(),
--- a/server/routers/auth/validateSetupToken.ts
+++ b/server/routers/auth/validateSetupToken.ts
@@ -8,11 +8,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";

-const validateSetupTokenSchema = z
-    .object({
+const validateSetupTokenSchema = z.strictObject({
        token: z.string().min(1, "Token is required")
-    })
-    .strict();
+    });

 export type ValidateSetupTokenResponse = {
    valid: boolean;
--- a/server/routers/auth/verifyEmail.ts
+++ b/server/routers/auth/verifyEmail.ts
@@ -13,11 +13,9 @@ import logger from "@server/logger";
 import { freeLimitSet, limitsService } from "@server/lib/billing";
 import { build } from "@server/build";

-export const verifyEmailBody = z
-    .object({
+export const verifyEmailBody = z.strictObject({
        code: z.string()
-    })
-    .strict();
+    });

 export type VerifyEmailBody = z.infer<typeof verifyEmailBody>;

--- a/server/routers/auth/verifyTotp.ts
+++ b/server/routers/auth/verifyTotp.ts
@@ -18,13 +18,11 @@ import { generateBackupCodes } from "@server/lib/totp";
 import { verifySession } from "@server/auth/sessions/verifySession";
 import { unauthorized } from "@server/auth/unauthorizedResponse";

-export const verifyTotpBody = z
-    .object({
-        email: z.string().email().optional(),
+export const verifyTotpBody = z.strictObject({
+        email: z.email().optional(),
        password: z.string().optional(),
        code: z.string()
-    })
-    .strict();
+    });

 export type VerifyTotpBody = z.infer<typeof verifyTotpBody>;

--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -40,10 +40,10 @@ import { logRequestAudit } from "./logRequestAudit";
 import cache from "@server/lib/cache";

 const verifyResourceSessionSchema = z.object({
-    sessions: z.record(z.string()).optional(),
-    headers: z.record(z.string()).optional(),
-    query: z.record(z.string()).optional(),
-    originalRequestURL: z.string().url(),
+    sessions: z.record(z.string(), z.string()).optional(),
+    headers: z.record(z.string(), z.string()).optional(),
+    query: z.record(z.string(), z.string()).optional(),
+    originalRequestURL: z.url(),
    scheme: z.string(),
    host: z.string(),
    path: z.string(),
--- a/server/routers/blueprints/applyJSONBlueprint.ts
+++ b/server/routers/blueprints/applyJSONBlueprint.ts
@@ -8,17 +8,13 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { applyBlueprint } from "@server/lib/blueprints/applyBlueprint";

-const applyBlueprintSchema = z
-    .object({
+const applyBlueprintSchema = z.strictObject({
        blueprint: z.string()
-    })
-    .strict();
+    });

-const applyBlueprintParamsSchema = z
-    .object({
+const applyBlueprintParamsSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

 registry.registerPath({
    method: "put",
--- a/server/routers/blueprints/getBlueprint.ts
+++ b/server/routers/blueprints/getBlueprint.ts
@@ -12,15 +12,13 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { BlueprintData } from "./types";

-const getBlueprintSchema = z
-    .object({
+const getBlueprintSchema = z.strictObject({
        blueprintId: z
            .string()
            .transform(stoi)
-            .pipe(z.number().int().positive()),
+            .pipe(z.int().positive()),
        orgId: z.string()
-    })
-    .strict();
+    });

 async function query(blueprintId: number, orgId: string) {
    // Get the client
--- a/server/routers/blueprints/listBlueprints.ts
+++ b/server/routers/blueprints/listBlueprints.ts
@@ -10,28 +10,24 @@ import { fromZodError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { BlueprintData } from "./types";

-const listBluePrintsParamsSchema = z
-    .object({
+const listBluePrintsParamsSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

-const listBluePrintsSchema = z
-    .object({
+const listBluePrintsSchema = z.strictObject({
        limit: z
            .string()
            .optional()
            .default("1000")
            .transform(Number)
-            .pipe(z.number().int().nonnegative()),
+            .pipe(z.int().nonnegative()),
        offset: z
            .string()
            .optional()
            .default("0")
            .transform(Number)
-            .pipe(z.number().int().nonnegative())
-    })
-    .strict();
+            .pipe(z.int().nonnegative())
+    });

 async function queryBlueprints(orgId: string, limit: number, offset: number) {
    const res = await db
--- a/server/routers/client/createClient.ts
+++ b/server/routers/client/createClient.ts
@@ -26,22 +26,18 @@ import { isIpInCidr } from "@server/lib/ip";
 import { OpenAPITags, registry } from "@server/openApi";
 import { listExitNodes } from "#dynamic/lib/exitNodes";

-const createClientParamsSchema = z
-    .object({
+const createClientParamsSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

-const createClientSchema = z
-    .object({
+const createClientSchema = z.strictObject({
        name: z.string().min(1).max(255),
-        siteIds: z.array(z.number().int().positive()),
+        siteIds: z.array(z.int().positive()),
        olmId: z.string(),
        secret: z.string(),
        subnet: z.string(),
        type: z.enum(["olm"])
-    })
-    .strict();
+    });

 export type CreateClientBody = z.infer<typeof createClientSchema>;

--- a/server/routers/client/deleteClient.ts
+++ b/server/routers/client/deleteClient.ts
@@ -10,11 +10,9 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";

-const deleteClientSchema = z
-    .object({
-        clientId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const deleteClientSchema = z.strictObject({
+        clientId: z.string().transform(Number).pipe(z.int().positive())
+    });

 registry.registerPath({
    method: "delete",
--- a/server/routers/client/getClient.ts
+++ b/server/routers/client/getClient.ts
@@ -11,11 +11,9 @@ import stoi from "@server/lib/stoi";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";

-const getClientSchema = z
-    .object({
-        clientId: z.string().transform(stoi).pipe(z.number().int().positive())
-    })
-    .strict();
+const getClientSchema = z.strictObject({
+        clientId: z.string().transform(stoi).pipe(z.int().positive())
+    });

 async function query(clientId: number) {
    // Get the client
--- a/server/routers/client/listClients.ts
+++ b/server/routers/client/listClients.ts
@@ -78,11 +78,9 @@ async function getLatestOlmVersion(): Promise<string | null> {
 }


-const listClientsParamsSchema = z
-    .object({
+const listClientsParamsSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

 const listClientsSchema = z.object({
    limit: z
@@ -90,13 +88,13 @@ const listClientsSchema = z.object({
        .optional()
        .default("1000")
        .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
    offset: z
        .string()
        .optional()
        .default("0")
        .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });

 function queryClients(orgId: string, accessibleClientIds: number[]) {
--- a/server/routers/client/pickClientDefaults.ts
+++ b/server/routers/client/pickClientDefaults.ts
@@ -15,11 +15,9 @@ export type PickClientDefaultsResponse = {
    subnet: string;
 };

-const pickClientDefaultsSchema = z
-    .object({
+const pickClientDefaultsSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

 registry.registerPath({
    method: "get",
--- a/server/routers/client/updateClient.ts
+++ b/server/routers/client/updateClient.ts
@@ -20,20 +20,16 @@ import {
 import { sendToExitNode } from "#dynamic/lib/exitNodes";
 import { hashPassword } from "@server/auth/password";

-const updateClientParamsSchema = z
-    .object({
-        clientId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const updateClientParamsSchema = z.strictObject({
+        clientId: z.string().transform(Number).pipe(z.int().positive())
+    });

-const updateClientSchema = z
-    .object({
+const updateClientSchema = z.strictObject({
        name: z.string().min(1).max(255).optional(),
        siteIds: z
-            .array(z.number().int().positive())
+            .array(z.int().positive())
            .optional(),
-    })
-    .strict();
+    });

 export type UpdateClientBody = z.infer<typeof updateClientSchema>;

--- a/server/routers/domain/createOrgDomain.ts
+++ b/server/routers/domain/createOrgDomain.ts
@@ -15,20 +15,16 @@ import { isSecondLevelDomain, isValidDomain } from "@server/lib/validators";
 import { build } from "@server/build";
 import config from "@server/lib/config";

-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
        type: z.enum(["ns", "cname", "wildcard"]),
        baseDomain: subdomainSchema,
        certResolver: z.string().optional().nullable(),
        preferWildcardCert: z.boolean().optional().nullable() // optional, only for wildcard
-    })
-    .strict();
+    });


 export type CreateDomainResponse = {
--- a/server/routers/domain/deleteOrgDomain.ts
+++ b/server/routers/domain/deleteOrgDomain.ts
@@ -10,12 +10,10 @@ import { and, eq } from "drizzle-orm";
 import { usageService } from "@server/lib/billing/usageService";
 import { FeatureId } from "@server/lib/billing";

-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
        domainId: z.string(),
        orgId: z.string()
-    })
-    .strict();
+    });

 export type DeleteAccountDomainResponse = {
    success: boolean;
--- a/server/routers/domain/getDNSRecords.ts
+++ b/server/routers/domain/getDNSRecords.ts
@@ -10,12 +10,10 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { getServerIp } from "@server/lib/serverIpService"; // your in-memory IP module

-const getDNSRecordsSchema = z
-    .object({
+const getDNSRecordsSchema = z.strictObject({
        domainId: z.string(),
        orgId: z.string()
-    })
-    .strict();
+    });

 async function query(domainId: string) {
    const records = await db
--- a/server/routers/domain/getDomain.ts
+++ b/server/routers/domain/getDomain.ts
@@ -10,14 +10,12 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { domain } from "zod/v4/core/regexes";

-const getDomainSchema = z
-    .object({
+const getDomainSchema = z.strictObject({
        domainId: z
            .string()
            .optional(),
        orgId: z.string().optional()
-    })
-    .strict();
+    });

 async function query(domainId?: string, orgId?: string) {
    if (domainId) {
--- a/server/routers/domain/listDomains.ts
+++ b/server/routers/domain/listDomains.ts
@@ -10,28 +10,24 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";

-const listDomainsParamsSchema = z
-    .object({
+const listDomainsParamsSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

-const listDomainsSchema = z
-    .object({
+const listDomainsSchema = z.strictObject({
        limit: z
            .string()
            .optional()
            .default("1000")
            .transform(Number)
-            .pipe(z.number().int().nonnegative()),
+            .pipe(z.int().nonnegative()),
        offset: z
            .string()
            .optional()
            .default("0")
            .transform(Number)
-            .pipe(z.number().int().nonnegative())
-    })
-    .strict();
+            .pipe(z.int().nonnegative())
+    });

 async function queryDomains(orgId: string, limit: number, offset: number) {
    const res = await db
--- a/server/routers/domain/restartOrgDomain.ts
+++ b/server/routers/domain/restartOrgDomain.ts
@@ -8,12 +8,10 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { and, eq } from "drizzle-orm";

-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
        domainId: z.string(),
        orgId: z.string()
-    })
-    .strict();
+    });

 export type RestartOrgDomainResponse = {
    success: boolean;
--- a/server/routers/domain/updateDomain.ts
+++ b/server/routers/domain/updateDomain.ts
@@ -9,19 +9,15 @@ import { fromError } from "zod-validation-error";
 import { eq, and } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";

-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
        orgId: z.string(),
        domainId: z.string()
-    })
-    .strict();
+    });

-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
        certResolver: z.string().optional().nullable(),
        preferWildcardCert: z.boolean().optional().nullable()
-    })
-    .strict();
+    });

 export type UpdateDomainResponse = {
    domainId: string;
--- a/server/routers/idp/createIdpOrgPolicy.ts
+++ b/server/routers/idp/createIdpOrgPolicy.ts
@@ -11,19 +11,15 @@ import config from "@server/lib/config";
 import { eq, and } from "drizzle-orm";
 import { idp, idpOrg } from "@server/db";

-const paramsSchema = z
-    .object({
-        idpId: z.coerce.number(),
+const paramsSchema = z.strictObject({
+        idpId: z.coerce.number<number>(),
        orgId: z.string()
-    })
-    .strict();
+    });

-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
        roleMapping: z.string().optional(),
        orgMapping: z.string().optional()
-    })
-    .strict();
+    });

 export type CreateIdpOrgPolicyResponse = {};

--- a/server/routers/idp/createOidcIdp.ts
+++ b/server/routers/idp/createOidcIdp.ts
@@ -12,22 +12,20 @@ import { generateOidcRedirectUrl } from "@server/lib/idp/generateRedirectUrl";
 import { encrypt } from "@server/lib/crypto";
 import config from "@server/lib/config";

-const paramsSchema = z.object({}).strict();
+const paramsSchema = z.strictObject({});

-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
        name: z.string().nonempty(),
        clientId: z.string().nonempty(),
        clientSecret: z.string().nonempty(),
-        authUrl: z.string().url(),
-        tokenUrl: z.string().url(),
+        authUrl: z.url(),
+        tokenUrl: z.url(),
        identifierPath: z.string().nonempty(),
        emailPath: z.string().optional(),
        namePath: z.string().optional(),
        scopes: z.string().nonempty(),
        autoProvision: z.boolean().optional()
-    })
-    .strict();
+    });

 export type CreateIdpResponse = {
    idpId: number;
--- a/server/routers/idp/deleteIdp.ts
+++ b/server/routers/idp/deleteIdp.ts
@@ -13,7 +13,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 const paramsSchema = z
    .object({
        orgId: z.string().optional(), // Optional; used with org idp in saas
-        idpId: z.coerce.number()
+        idpId: z.coerce.number<number>()
    })
    .strict();

--- a/server/routers/idp/deleteIdpOrgPolicy.ts
+++ b/server/routers/idp/deleteIdpOrgPolicy.ts
@@ -10,12 +10,10 @@ import { idp, idpOrg } from "@server/db";
 import { eq, and } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";

-const paramsSchema = z
-    .object({
-        idpId: z.coerce.number(),
+const paramsSchema = z.strictObject({
+        idpId: z.coerce.number<number>(),
        orgId: z.string()
-    })
-    .strict();
+    });

 registry.registerPath({
    method: "delete",
--- a/server/routers/idp/generateOidcUrl.ts
+++ b/server/routers/idp/generateOidcUrl.ts
@@ -19,15 +19,13 @@ import { TierId } from "@server/lib/billing/tiers";

 const paramsSchema = z
    .object({
-        idpId: z.coerce.number()
+        idpId: z.coerce.number<number>()
    })
    .strict();

-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
        redirectUrl: z.string()
-    })
-    .strict();
+    });

 const querySchema = z.object({
    orgId: z.string().optional() // check what actuall calls it
--- a/server/routers/idp/getIdp.ts
+++ b/server/routers/idp/getIdp.ts
@@ -14,7 +14,7 @@ import { decrypt } from "@server/lib/crypto";

 const paramsSchema = z
    .object({
-        idpId: z.coerce.number()
+        idpId: z.coerce.number<number>()
    })
    .strict();

--- a/server/routers/idp/listIdpOrgPolicies.ts
+++ b/server/routers/idp/listIdpOrgPolicies.ts
@@ -11,25 +11,23 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";

 const paramsSchema = z.object({
-    idpId: z.coerce.number()
+    idpId: z.coerce.number<number>()
 });

-const querySchema = z
-    .object({
+const querySchema = z.strictObject({
        limit: z
            .string()
            .optional()
            .default("1000")
            .transform(Number)
-            .pipe(z.number().int().nonnegative()),
+            .pipe(z.int().nonnegative()),
        offset: z
            .string()
            .optional()
            .default("0")
            .transform(Number)
-            .pipe(z.number().int().nonnegative())
-    })
-    .strict();
+            .pipe(z.int().nonnegative())
+    });

 async function query(idpId: number, limit: number, offset: number) {
    const res = await db
--- a/server/routers/idp/listIdps.ts
+++ b/server/routers/idp/listIdps.ts
@@ -10,22 +10,20 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";

-const querySchema = z
-    .object({
+const querySchema = z.strictObject({
        limit: z
            .string()
            .optional()
            .default("1000")
            .transform(Number)
-            .pipe(z.number().int().nonnegative()),
+            .pipe(z.int().nonnegative()),
        offset: z
            .string()
            .optional()
            .default("0")
            .transform(Number)
-            .pipe(z.number().int().nonnegative())
-    })
-    .strict();
+            .pipe(z.int().nonnegative())
+    });

 async function query(limit: number, offset: number) {
    const res = await db
--- a/server/routers/idp/updateIdpOrgPolicy.ts
+++ b/server/routers/idp/updateIdpOrgPolicy.ts
@@ -10,19 +10,15 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { eq, and } from "drizzle-orm";
 import { idp, idpOrg } from "@server/db";

-const paramsSchema = z
-    .object({
-        idpId: z.coerce.number(),
+const paramsSchema = z.strictObject({
+        idpId: z.coerce.number<number>(),
        orgId: z.string()
-    })
-    .strict();
+    });

-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
        roleMapping: z.string().optional(),
        orgMapping: z.string().optional()
-    })
-    .strict();
+    });

 export type UpdateIdpOrgPolicyResponse = {};

--- a/server/routers/idp/updateOidcIdp.ts
+++ b/server/routers/idp/updateOidcIdp.ts
@@ -14,12 +14,11 @@ import config from "@server/lib/config";

 const paramsSchema = z
    .object({
-        idpId: z.coerce.number()
+        idpId: z.coerce.number<number>()
    })
    .strict();

-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
        name: z.string().optional(),
        clientId: z.string().optional(),
        clientSecret: z.string().optional(),
@@ -32,8 +31,7 @@ const bodySchema = z
        autoProvision: z.boolean().optional(),
        defaultRoleMapping: z.string().optional(),
        defaultOrgMapping: z.string().optional()
-    })
-    .strict();
+    });

 export type UpdateIdpResponse = {
    idpId: number;
--- a/server/routers/idp/validateOidcCallback.ts
+++ b/server/routers/idp/validateOidcCallback.ts
@@ -40,7 +40,7 @@ const ensureTrailingSlash = (url: string): string => {

 const paramsSchema = z
    .object({
-        idpId: z.coerce.number()
+        idpId: z.coerce.number<number>()
    })
    .strict();

@@ -51,7 +51,7 @@ const bodySchema = z.object({
 });

 const querySchema = z.object({
-    loginPageId: z.coerce.number().optional()
+    loginPageId: z.coerce.number<number>().optional()
 });

 export type ValidateOidcUrlCallbackResponse = {
--- a/server/routers/newt/createNewt.ts
+++ b/server/routers/newt/createNewt.ts
@@ -23,12 +23,10 @@ export type CreateNewtResponse = {
    secret: string;
 };

-const createNewtSchema = z
-    .object({
+const createNewtSchema = z.strictObject({
        newtId: z.string(),
        secret: z.string()
-    })
-    .strict();
+    });

 export async function createNewt(
    req: Request,
--- a/server/routers/newt/handleGetConfigMessage.ts
+++ b/server/routers/newt/handleGetConfigMessage.ts
@@ -18,7 +18,7 @@ import { sendToExitNode } from "#dynamic/lib/exitNodes";

 const inputSchema = z.object({
    publicKey: z.string(),
-    port: z.number().int().positive()
+    port: z.int().positive()
 });

 type Input = z.infer<typeof inputSchema>;
--- a/server/routers/olm/createOlm.ts
+++ b/server/routers/olm/createOlm.ts
@@ -23,12 +23,10 @@ export type CreateNewtResponse = {
    secret: string;
 };

-const createNewtSchema = z
-    .object({
+const createNewtSchema = z.strictObject({
        newtId: z.string(),
        secret: z.string()
-    })
-    .strict();
+    });

 export async function createNewt(
    req: Request,
--- a/server/routers/org/checkId.ts
+++ b/server/routers/org/checkId.ts
@@ -9,11 +9,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";

-const getOrgSchema = z
-    .object({
+const getOrgSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

 export async function checkId(
    req: Request,
--- a/server/routers/org/createOrg.ts
+++ b/server/routers/org/createOrg.ts
@@ -27,13 +27,11 @@ import { usageService } from "@server/lib/billing/usageService";
 import { FeatureId } from "@server/lib/billing";
 import { build } from "@server/build";

-const createOrgSchema = z
-    .object({
+const createOrgSchema = z.strictObject({
        orgId: z.string(),
        name: z.string().min(1).max(255),
        subnet: z.string()
-    })
-    .strict();
+    });

 registry.registerPath({
    method: "put",
--- a/server/routers/org/deleteOrg.ts
+++ b/server/routers/org/deleteOrg.ts
@@ -13,11 +13,9 @@ import { sendToClient } from "#dynamic/routers/ws";
 import { deletePeer } from "../gerbil/peers";
 import { OpenAPITags, registry } from "@server/openApi";

-const deleteOrgSchema = z
-    .object({
+const deleteOrgSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

 export type DeleteOrgResponse = {};

--- a/server/routers/org/getOrg.ts
+++ b/server/routers/org/getOrg.ts
@@ -10,11 +10,9 @@ import logger from "@server/logger";
 import { fromZodError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";

-const getOrgSchema = z
-    .object({
+const getOrgSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

 export type GetOrgResponse = {
    org: Org;
--- a/server/routers/org/getOrgOverview.ts
+++ b/server/routers/org/getOrgOverview.ts
@@ -18,11 +18,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromZodError } from "zod-validation-error";

-const getOrgParamsSchema = z
-    .object({
+const getOrgParamsSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

 export type GetOrgOverviewResponse = {
    orgName: string;
--- a/server/routers/org/listOrgs.ts
+++ b/server/routers/org/listOrgs.ts
@@ -16,13 +16,13 @@ const listOrgsSchema = z.object({
        .optional()
        .default("1000")
        .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
    offset: z
        .string()
        .optional()
        .default("0")
        .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });

 registry.registerPath({
--- a/server/routers/org/listUserOrgs.ts
+++ b/server/routers/org/listUserOrgs.ts
@@ -20,13 +20,13 @@ const listOrgsSchema = z.object({
        .optional()
        .default("1000")
        .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
    offset: z
        .string()
        .optional()
        .default("0")
        .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });

 // registry.registerPath({
--- a/server/routers/org/updateOrg.ts
+++ b/server/routers/org/updateOrg.ts
@@ -15,14 +15,11 @@ import { getOrgTierData } from "#dynamic/lib/billing";
 import { TierId } from "@server/lib/billing/tiers";
 import { cache } from "@server/lib/cache";

-const updateOrgParamsSchema = z
-    .object({
+const updateOrgParamsSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

-const updateOrgBodySchema = z
-    .object({
+const updateOrgBodySchema = z.strictObject({
        name: z.string().min(1).max(255).optional(),
        requireTwoFactor: z.boolean().optional(),
        maxSessionLengthHours: z.number().nullable().optional(),
@@ -40,9 +37,8 @@ const updateOrgBodySchema = z
            .min(build === "saas" ? 0 : -1)
            .optional()
    })
-    .strict()
    .refine((data) => Object.keys(data).length > 0, {
-        message: "At least one field must be provided for update"
+        error: "At least one field must be provided for update"
    });

 registry.registerPath({
--- a/server/routers/resource/addEmailToResourceWhitelist.ts
+++ b/server/routers/resource/addEmailToResourceWhitelist.ts
@@ -10,29 +10,22 @@ import { fromError } from "zod-validation-error";
 import { and, eq } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";

-const addEmailToResourceWhitelistBodySchema = z
-    .object({
-        email: z
-            .string()
-            .email()
+const addEmailToResourceWhitelistBodySchema = z.strictObject({
+        email: z.email()
            .or(
                z.string().regex(/^\*@[\w.-]+\.[a-zA-Z]{2,}$/, {
-                    message:
-                        "Invalid email address. Wildcard (*) must be the entire local part."
+                    error: "Invalid email address. Wildcard (*) must be the entire local part."
                })
            )
            .transform((v) => v.toLowerCase())
-    })
-    .strict();
+    });

-const addEmailToResourceWhitelistParamsSchema = z
-    .object({
+const addEmailToResourceWhitelistParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 registry.registerPath({
    method: "post",
--- a/server/routers/resource/authWithAccessToken.ts
+++ b/server/routers/resource/authWithAccessToken.ts
@@ -15,22 +15,18 @@ import config from "@server/lib/config";
 import stoi from "@server/lib/stoi";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";

-const authWithAccessTokenBodySchema = z
-    .object({
+const authWithAccessTokenBodySchema = z.strictObject({
        accessToken: z.string(),
        accessTokenId: z.string().optional()
-    })
-    .strict();
+    });

-const authWithAccessTokenParamsSchema = z
-    .object({
+const authWithAccessTokenParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .optional()
            .transform(stoi)
-            .pipe(z.number().int().positive().optional())
-    })
-    .strict();
+            .pipe(z.int().positive().optional())
+    });

 export type AuthWithAccessTokenResponse = {
    session?: string;
--- a/server/routers/resource/authWithPassword.ts
+++ b/server/routers/resource/authWithPassword.ts
@@ -15,20 +15,16 @@ import { verifyPassword } from "@server/auth/password";
 import config from "@server/lib/config";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";

-export const authWithPasswordBodySchema = z
-    .object({
+export const authWithPasswordBodySchema = z.strictObject({
        password: z.string()
-    })
-    .strict();
+    });

-export const authWithPasswordParamsSchema = z
-    .object({
+export const authWithPasswordParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 export type AuthWithPasswordResponse = {
    session?: string;
--- a/server/routers/resource/authWithPincode.ts
+++ b/server/routers/resource/authWithPincode.ts
@@ -14,20 +14,16 @@ import { verifyPassword } from "@server/auth/password";
 import config from "@server/lib/config";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";

-export const authWithPincodeBodySchema = z
-    .object({
+export const authWithPincodeBodySchema = z.strictObject({
        pincode: z.string()
-    })
-    .strict();
+    });

-export const authWithPincodeParamsSchema = z
-    .object({
+export const authWithPincodeParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 export type AuthWithPincodeResponse = {
    session?: string;
--- a/server/routers/resource/authWithWhitelist.ts
+++ b/server/routers/resource/authWithWhitelist.ts
@@ -14,21 +14,17 @@ import logger from "@server/logger";
 import config from "@server/lib/config";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";

-const authWithWhitelistBodySchema = z
-    .object({
-        email: z.string().toLowerCase().email(),
+const authWithWhitelistBodySchema = z.strictObject({
+        email: z.email().toLowerCase(),
        otp: z.string().optional()
-    })
-    .strict();
+    });

-const authWithWhitelistParamsSchema = z
-    .object({
+const authWithWhitelistParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 export type AuthWithWhitelistResponse = {
    otpSent?: boolean;
--- a/server/routers/resource/createResource.ts
+++ b/server/routers/resource/createResource.ts
@@ -25,14 +25,11 @@ import { createCertificate } from "#dynamic/routers/certificates/createCertifica
 import { getUniqueResourceName } from "@server/db/names";
 import { validateAndConstructDomain } from "@server/lib/domainUtils";

-const createResourceParamsSchema = z
-    .object({
+const createResourceParamsSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

-const createHttpResourceSchema = z
-    .object({
+const createHttpResourceSchema = z.strictObject({
        name: z.string().min(1).max(255),
        subdomain: z.string().nullable().optional(),
        http: z.boolean(),
@@ -40,7 +37,6 @@ const createHttpResourceSchema = z
        domainId: z.string(),
        stickySession: z.boolean().optional(),
    })
-    .strict()
    .refine(
        (data) => {
            if (data.subdomain) {
@@ -48,18 +44,18 @@ const createHttpResourceSchema = z
            }
            return true;
        },
-        { message: "Invalid subdomain" }
+        {
+            error: "Invalid subdomain"
+        }
    );

-const createRawResourceSchema = z
-    .object({
+const createRawResourceSchema = z.strictObject({
        name: z.string().min(1).max(255),
        http: z.boolean(),
        protocol: z.enum(["tcp", "udp"]),
-        proxyPort: z.number().int().min(1).max(65535)
+        proxyPort: z.int().min(1).max(65535)
        // enableProxy: z.boolean().default(true) // always true now
    })
-    .strict()
    .refine(
        (data) => {
            if (!config.getRawConfig().flags?.allow_raw_resources) {
@@ -70,7 +66,7 @@ const createRawResourceSchema = z
            return true;
        },
        {
-            message: "Raw resources are not allowed"
+            error: "Raw resources are not allowed"
        }
    );

--- a/server/routers/resource/createResourceRule.ts
+++ b/server/routers/resource/createResourceRule.ts
@@ -15,24 +15,20 @@ import {
 } from "@server/lib/validators";
 import { OpenAPITags, registry } from "@server/openApi";

-const createResourceRuleSchema = z
-    .object({
+const createResourceRuleSchema = z.strictObject({
        action: z.enum(["ACCEPT", "DROP", "PASS"]),
        match: z.enum(["CIDR", "IP", "PATH", "COUNTRY"]),
        value: z.string().min(1),
-        priority: z.number().int(),
+        priority: z.int(),
        enabled: z.boolean().optional()
-    })
-    .strict();
+    });

-const createResourceRuleParamsSchema = z
-    .object({
+const createResourceRuleParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 registry.registerPath({
    method: "put",
--- a/server/routers/resource/deleteResource.ts
+++ b/server/routers/resource/deleteResource.ts
@@ -14,14 +14,12 @@ import { getAllowedIps } from "../target/helpers";
 import { OpenAPITags, registry } from "@server/openApi";

 // Define Zod schema for request parameters validation
-const deleteResourceSchema = z
-    .object({
+const deleteResourceSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 registry.registerPath({
    method: "delete",
--- a/server/routers/resource/deleteResourceRule.ts
+++ b/server/routers/resource/deleteResourceRule.ts
@@ -10,15 +10,13 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";

-const deleteResourceRuleSchema = z
-    .object({
-        ruleId: z.string().transform(Number).pipe(z.number().int().positive()),
+const deleteResourceRuleSchema = z.strictObject({
+        ruleId: z.string().transform(Number).pipe(z.int().positive()),
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 registry.registerPath({
    method: "delete",
--- a/server/routers/resource/getExchangeToken.ts
+++ b/server/routers/resource/getExchangeToken.ts
@@ -16,14 +16,12 @@ import { response } from "@server/lib/response";
 import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";

-const getExchangeTokenParams = z
-    .object({
+const getExchangeTokenParams = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 export type GetExchangeTokenResponse = {
    requestToken: string;
--- a/server/routers/resource/getResource.ts
+++ b/server/routers/resource/getResource.ts
@@ -11,18 +11,16 @@ import logger from "@server/logger";
 import stoi from "@server/lib/stoi";
 import { OpenAPITags, registry } from "@server/openApi";

-const getResourceSchema = z
-    .object({
+const getResourceSchema = z.strictObject({
        resourceId: z
            .string()
            .optional()
            .transform(stoi)
-            .pipe(z.number().int().positive().optional())
+            .pipe(z.int().positive().optional())
            .optional(),
        niceId: z.string().optional(),
        orgId: z.string().optional()
-    })
-    .strict();
+    });

 async function query(resourceId?: number, niceId?: string, orgId?: string) {
    if (resourceId) {
--- a/server/routers/resource/getResourceAuthInfo.ts
+++ b/server/routers/resource/getResourceAuthInfo.ts
@@ -15,11 +15,9 @@ import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { build } from "@server/build";

-const getResourceAuthInfoSchema = z
-    .object({
+const getResourceAuthInfoSchema = z.strictObject({
        resourceGuid: z.string()
-    })
-    .strict();
+    });

 export type GetResourceAuthInfoResponse = {
    resourceId: number;
--- a/server/routers/resource/getResourceWhitelist.ts
+++ b/server/routers/resource/getResourceWhitelist.ts
@@ -10,14 +10,12 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";

-const getResourceWhitelistSchema = z
-    .object({
+const getResourceWhitelistSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 async function queryWhitelist(resourceId: number) {
    return await db
--- a/server/routers/resource/listResourceRoles.ts
+++ b/server/routers/resource/listResourceRoles.ts
@@ -10,14 +10,12 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";

-const listResourceRolesSchema = z
-    .object({
+const listResourceRolesSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 async function query(resourceId: number) {
    return await db
--- a/server/routers/resource/listResourceRules.ts
+++ b/server/routers/resource/listResourceRules.ts
@@ -10,14 +10,12 @@ import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";

-const listResourceRulesParamsSchema = z
-    .object({
+const listResourceRulesParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 const listResourceRulesSchema = z.object({
    limit: z
@@ -25,13 +23,13 @@ const listResourceRulesSchema = z.object({
        .optional()
        .default("1000")
        .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
    offset: z
        .string()
        .optional()
        .default("0")
        .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });

 function queryResourceRules(resourceId: number) {
--- a/server/routers/resource/listResourceUsers.ts
+++ b/server/routers/resource/listResourceUsers.ts
@@ -10,14 +10,12 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";

-const listResourceUsersSchema = z
-    .object({
+const listResourceUsersSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 async function queryUsers(resourceId: number) {
    return await db
--- a/server/routers/resource/listResources.ts
+++ b/server/routers/resource/listResources.ts
@@ -20,11 +20,9 @@ import { fromZodError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { warn } from "console";

-const listResourcesParamsSchema = z
-    .object({
+const listResourcesParamsSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

 const listResourcesSchema = z.object({
    limit: z
@@ -32,14 +30,14 @@ const listResourcesSchema = z.object({
        .optional()
        .default("1000")
        .transform(Number)
-        .pipe(z.number().int().nonnegative()),
+        .pipe(z.int().nonnegative()),

    offset: z
        .string()
        .optional()
        .default("0")
        .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });

 // (resource fields + a single joined target)
--- a/server/routers/resource/removeEmailFromResourceWhitelist.ts
+++ b/server/routers/resource/removeEmailFromResourceWhitelist.ts
@@ -10,29 +10,22 @@ import { fromError } from "zod-validation-error";
 import { and, eq } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";

-const removeEmailFromResourceWhitelistBodySchema = z
-    .object({
-        email: z
-            .string()
-            .email()
+const removeEmailFromResourceWhitelistBodySchema = z.strictObject({
+        email: z.email()
            .or(
                z.string().regex(/^\*@[\w.-]+\.[a-zA-Z]{2,}$/, {
-                    message:
-                        "Invalid email address. Wildcard (*) must be the entire local part."
+                    error: "Invalid email address. Wildcard (*) must be the entire local part."
                })
            )
            .transform((v) => v.toLowerCase())
-    })
-    .strict();
+    });

-const removeEmailFromResourceWhitelistParamsSchema = z
-    .object({
+const removeEmailFromResourceWhitelistParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 registry.registerPath({
    method: "post",
--- a/server/routers/resource/setResourceHeaderAuth.ts
+++ b/server/routers/resource/setResourceHeaderAuth.ts
@@ -11,15 +11,13 @@ import { hashPassword } from "@server/auth/password";
 import { OpenAPITags, registry } from "@server/openApi";

 const setResourceAuthMethodsParamsSchema = z.object({
-    resourceId: z.string().transform(Number).pipe(z.number().int().positive())
+    resourceId: z.string().transform(Number).pipe(z.int().positive())
 });

-const setResourceAuthMethodsBodySchema = z
-    .object({
+const setResourceAuthMethodsBodySchema = z.strictObject({
        user: z.string().min(4).max(100).nullable(),
        password: z.string().min(4).max(100).nullable()
-    })
-    .strict();
+    });

 registry.registerPath({
    method: "post",
--- a/server/routers/resource/setResourcePassword.ts
+++ b/server/routers/resource/setResourcePassword.ts
@@ -13,14 +13,12 @@ import { hashPassword } from "@server/auth/password";
 import { OpenAPITags, registry } from "@server/openApi";

 const setResourceAuthMethodsParamsSchema = z.object({
-    resourceId: z.string().transform(Number).pipe(z.number().int().positive())
+    resourceId: z.string().transform(Number).pipe(z.int().positive())
 });

-const setResourceAuthMethodsBodySchema = z
-    .object({
+const setResourceAuthMethodsBodySchema = z.strictObject({
        password: z.string().min(4).max(100).nullable()
-    })
-    .strict();
+    });

 registry.registerPath({
    method: "post",
--- a/server/routers/resource/setResourcePincode.ts
+++ b/server/routers/resource/setResourcePincode.ts
@@ -14,17 +14,15 @@ import { hashPassword } from "@server/auth/password";
 import { OpenAPITags, registry } from "@server/openApi";

 const setResourceAuthMethodsParamsSchema = z.object({
-    resourceId: z.string().transform(Number).pipe(z.number().int().positive())
+    resourceId: z.string().transform(Number).pipe(z.int().positive())
 });

-const setResourceAuthMethodsBodySchema = z
-    .object({
+const setResourceAuthMethodsBodySchema = z.strictObject({
        pincode: z
            .string()
            .regex(/^\d{6}$/)
            .or(z.null())
-    })
-    .strict();
+    });

 registry.registerPath({
    method: "post",
--- a/server/routers/resource/setResourceRoles.ts
+++ b/server/routers/resource/setResourceRoles.ts
@@ -10,20 +10,16 @@ import { fromError } from "zod-validation-error";
 import { eq, and, ne } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";

-const setResourceRolesBodySchema = z
-    .object({
-        roleIds: z.array(z.number().int().positive())
-    })
-    .strict();
+const setResourceRolesBodySchema = z.strictObject({
+        roleIds: z.array(z.int().positive())
+    });

-const setResourceRolesParamsSchema = z
-    .object({
+const setResourceRolesParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 registry.registerPath({
    method: "post",
--- a/server/routers/resource/setResourceUsers.ts
+++ b/server/routers/resource/setResourceUsers.ts
@@ -10,20 +10,16 @@ import { fromError } from "zod-validation-error";
 import { eq } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";

-const setUserResourcesBodySchema = z
-    .object({
+const setUserResourcesBodySchema = z.strictObject({
        userIds: z.array(z.string())
-    })
-    .strict();
+    });

-const setUserResourcesParamsSchema = z
-    .object({
+const setUserResourcesParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 registry.registerPath({
    method: "post",
--- a/server/routers/resource/setResourceWhitelist.ts
+++ b/server/routers/resource/setResourceWhitelist.ts
@@ -10,33 +10,26 @@ import { fromError } from "zod-validation-error";
 import { and, eq } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";

-const setResourceWhitelistBodySchema = z
-    .object({
+const setResourceWhitelistBodySchema = z.strictObject({
        emails: z
            .array(
-                z
-                    .string()
-                    .email()
+                z.email()
                    .or(
                        z.string().regex(/^\*@[\w.-]+\.[a-zA-Z]{2,}$/, {
-                            message:
-                                "Invalid email address. Wildcard (*) must be the entire local part."
+                            error: "Invalid email address. Wildcard (*) must be the entire local part."
                        })
                    )
            )
            .max(50)
            .transform((v) => v.map((e) => e.toLowerCase()))
-    })
-    .strict();
+    });

-const setResourceWhitelistParamsSchema = z
-    .object({
+const setResourceWhitelistParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 registry.registerPath({
    method: "post",
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -25,17 +25,14 @@ import { validateAndConstructDomain } from "@server/lib/domainUtils";
 import { validateHeaders } from "@server/lib/validators";
 import { build } from "@server/build";

-const updateResourceParamsSchema = z
-    .object({
+const updateResourceParamsSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

-const updateHttpResourceBodySchema = z
-    .object({
+const updateHttpResourceBodySchema = z.strictObject({
        name: z.string().min(1).max(255).optional(),
        niceId: z.string().min(1).max(255).optional(),
        subdomain: subdomainSchema.nullable().optional(),
@@ -49,15 +46,14 @@ const updateHttpResourceBodySchema = z
        stickySession: z.boolean().optional(),
        tlsServerName: z.string().nullable().optional(),
        setHostHeader: z.string().nullable().optional(),
-        skipToIdpId: z.number().int().positive().nullable().optional(),
+        skipToIdpId: z.int().positive().nullable().optional(),
        headers: z
-            .array(z.object({ name: z.string(), value: z.string() }))
+            .array(z.strictObject({ name: z.string(), value: z.string() }))
            .nullable()
            .optional()
    })
-    .strict()
    .refine((data) => Object.keys(data).length > 0, {
-        message: "At least one field must be provided for update"
+        error: "At least one field must be provided for update"
    })
    .refine(
        (data) => {
@@ -66,7 +62,9 @@ const updateHttpResourceBodySchema = z
            }
            return true;
        },
-        { message: "Invalid subdomain" }
+        {
+            error: "Invalid subdomain"
+        }
    )
    .refine(
        (data) => {
@@ -76,8 +74,7 @@ const updateHttpResourceBodySchema = z
            return true;
        },
        {
-            message:
-                "Invalid TLS Server Name. Use domain name format, or save empty to remove the TLS Server Name."
+            error: "Invalid TLS Server Name. Use domain name format, or save empty to remove the TLS Server Name."
        }
    )
    .refine(
@@ -88,26 +85,23 @@ const updateHttpResourceBodySchema = z
            return true;
        },
        {
-            message:
-                "Invalid custom Host Header value. Use domain name format, or save empty to unset custom Host Header."
+            error: "Invalid custom Host Header value. Use domain name format, or save empty to unset custom Host Header."
        }
    );

 export type UpdateResourceResponse = Resource;

-const updateRawResourceBodySchema = z
-    .object({
+const updateRawResourceBodySchema = z.strictObject({
        name: z.string().min(1).max(255).optional(),
        niceId: z.string().min(1).max(255).optional(),
-        proxyPort: z.number().int().min(1).max(65535).optional(),
+        proxyPort: z.int().min(1).max(65535).optional(),
        stickySession: z.boolean().optional(),
        enabled: z.boolean().optional(),
        proxyProtocol: z.boolean().optional(),
-        proxyProtocolVersion: z.number().int().min(1).optional()
+        proxyProtocolVersion: z.int().min(1).optional()
    })
-    .strict()
    .refine((data) => Object.keys(data).length > 0, {
-        message: "At least one field must be provided for update"
+        error: "At least one field must be provided for update"
    })
    .refine(
        (data) => {
@@ -118,7 +112,9 @@ const updateRawResourceBodySchema = z
            }
            return true;
        },
-        { message: "Cannot update proxyPort" }
+        {
+            error: "Cannot update proxyPort"
+        }
    );

 registry.registerPath({
--- a/server/routers/resource/updateResourceRule.ts
+++ b/server/routers/resource/updateResourceRule.ts
@@ -16,28 +16,24 @@ import {
 import { OpenAPITags, registry } from "@server/openApi";

 // Define Zod schema for request parameters validation
-const updateResourceRuleParamsSchema = z
-    .object({
-        ruleId: z.string().transform(Number).pipe(z.number().int().positive()),
+const updateResourceRuleParamsSchema = z.strictObject({
+        ruleId: z.string().transform(Number).pipe(z.int().positive()),
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 // Define Zod schema for request body validation
-const updateResourceRuleSchema = z
-    .object({
+const updateResourceRuleSchema = z.strictObject({
        action: z.enum(["ACCEPT", "DROP", "PASS"]).optional(),
        match: z.enum(["CIDR", "IP", "PATH", "COUNTRY"]).optional(),
        value: z.string().min(1).optional(),
-        priority: z.number().int(),
+        priority: z.int(),
        enabled: z.boolean().optional()
    })
-    .strict()
    .refine((data) => Object.keys(data).length > 0, {
-        message: "At least one field must be provided for update"
+        error: "At least one field must be provided for update"
    });

 registry.registerPath({
--- a/server/routers/role/addRoleAction.ts
+++ b/server/routers/role/addRoleAction.ts
@@ -9,17 +9,13 @@ import logger from "@server/logger";
 import { eq } from "drizzle-orm";
 import { fromError } from "zod-validation-error";

-const addRoleActionParamSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const addRoleActionParamSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });

-const addRoleActionSchema = z
-    .object({
+const addRoleActionSchema = z.strictObject({
        actionId: z.string()
-    })
-    .strict();
+    });

 export async function addRoleAction(
    req: Request,
--- a/server/routers/role/addRoleSite.ts
+++ b/server/routers/role/addRoleSite.ts
@@ -9,17 +9,13 @@ import logger from "@server/logger";
 import { eq } from "drizzle-orm";
 import { fromError } from "zod-validation-error";

-const addRoleSiteParamsSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const addRoleSiteParamsSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });

-const addRoleSiteSchema = z
-    .object({
-        siteId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const addRoleSiteSchema = z.strictObject({
+        siteId: z.string().transform(Number).pipe(z.int().positive())
+    });

 export async function addRoleSite(
    req: Request,
--- a/server/routers/role/createRole.ts
+++ b/server/routers/role/createRole.ts
@@ -11,18 +11,14 @@ import { ActionsEnum } from "@server/auth/actions";
 import { eq, and } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";

-const createRoleParamsSchema = z
-    .object({
+const createRoleParamsSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

-const createRoleSchema = z
-    .object({
+const createRoleSchema = z.strictObject({
        name: z.string().min(1).max(255),
        description: z.string().optional()
-    })
-    .strict();
+    });

 export const defaultRoleAllowedActions: ActionsEnum[] = [
    ActionsEnum.getOrg,
--- a/server/routers/role/deleteRole.ts
+++ b/server/routers/role/deleteRole.ts
@@ -10,17 +10,13 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";

-const deleteRoleSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const deleteRoleSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });

-const deelteRoleBodySchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const deelteRoleBodySchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });

 registry.registerPath({
    method: "delete",
--- a/server/routers/role/getRole.ts
+++ b/server/routers/role/getRole.ts
@@ -10,11 +10,9 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";

-const getRoleSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const getRoleSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });

 registry.registerPath({
    method: "get",
--- a/server/routers/role/listRoleActions.ts
+++ b/server/routers/role/listRoleActions.ts
@@ -9,11 +9,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";

-const listRoleActionsSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const listRoleActionsSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });

 export async function listRoleActions(
    req: Request,
--- a/server/routers/role/listRoleResources.ts
+++ b/server/routers/role/listRoleResources.ts
@@ -9,11 +9,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";

-const listRoleResourcesSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const listRoleResourcesSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });

 export async function listRoleResources(
    req: Request,
--- a/server/routers/role/listRoleSites.ts
+++ b/server/routers/role/listRoleSites.ts
@@ -9,11 +9,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";

-const listRoleSitesSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const listRoleSitesSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });

 export async function listRoleSites(
    req: Request,
--- a/server/routers/role/listRoles.ts
+++ b/server/routers/role/listRoles.ts
@@ -11,11 +11,9 @@ import { fromError } from "zod-validation-error";
 import stoi from "@server/lib/stoi";
 import { OpenAPITags, registry } from "@server/openApi";

-const listRolesParamsSchema = z
-    .object({
+const listRolesParamsSchema = z.strictObject({
        orgId: z.string()
-    })
-    .strict();
+    });

 const listRolesSchema = z.object({
    limit: z
@@ -23,13 +21,13 @@ const listRolesSchema = z.object({
        .optional()
        .default("1000")
        .transform(Number)
-        .pipe(z.number().int().nonnegative()),
+        .pipe(z.int().nonnegative()),
    offset: z
        .string()
        .optional()
        .default("0")
        .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });

 async function queryRoles(orgId: string, limit: number, offset: number) {
--- a/server/routers/role/removeRoleAction.ts
+++ b/server/routers/role/removeRoleAction.ts
@@ -9,17 +9,13 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";

-const removeRoleActionParamsSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const removeRoleActionParamsSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });

-const removeRoleActionSchema = z
-    .object({
+const removeRoleActionSchema = z.strictObject({
        actionId: z.string()
-    })
-    .strict();
+    });

 export async function removeRoleAction(
    req: Request,
--- a/server/routers/role/removeRoleResource.ts
+++ b/server/routers/role/removeRoleResource.ts
@@ -9,20 +9,16 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";

-const removeRoleResourceParamsSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const removeRoleResourceParamsSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });

-const removeRoleResourceSchema = z
-    .object({
+const removeRoleResourceSchema = z.strictObject({
        resourceId: z
            .string()
            .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });

 export async function removeRoleResource(
    req: Request,
--- a/server/routers/role/removeRoleSite.ts
+++ b/server/routers/role/removeRoleSite.ts
@@ -9,17 +9,13 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";

-const removeRoleSiteParamsSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const removeRoleSiteParamsSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });

-const removeRoleSiteSchema = z
-    .object({
-        siteId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const removeRoleSiteSchema = z.strictObject({
+        siteId: z.string().transform(Number).pipe(z.int().positive())
+    });

 export async function removeRoleSite(
    req: Request,
--- a/Show More
+++ b/Show More