docs/app/federation/validation/page.mdx

export const metadata = {
    title: 'Validation',
    description:
        'Validation rules for Versia implementations.',
}

# Validation

Implementations **MUST** strictly validate all incoming data to ensure that it is well-formed and adheres to the Versia Protocol. If a request is invalid, the instance **MUST** return a `422 Unprocessable Entity` HTTP status code.

<Note>
    Remember that while *your* implementation may disallow or restrict some user input, other implementations may not. You **should not** apply those restrictions to data coming from other instances.

    For example, if your implementation disallows using HTML in posts, you should not strip HTML from posts coming from other instances. You *may* choose to display them differently, but you should not modify the data itself.
</Note>

Things that should be validated include, but are not limited to:

- The presence of **all required fields**, and the presence of `null` on optional fields.
- The **format** of all fields (integers should not be strings, timestamps should be in RFC 3339 format, etc.).
- The presence of **all required headers**.
- The presence of a **valid signature**.
- The **length** of all fields (for example, the `username` field on a `User` entity) should be at least 1 character long.
  - Do not set arbitrary limits on the length of fields that other instances may send you. For example, a `bio` field should not be limited to 160 characters, even if your own implementation has such a limit.
  - If you do set limits, they should be reasonable, well-documented and should allow Users to easily view the remote original, by, for example, linking to it. A limit of `100 000` characters for a `bio` field is acceptable, but a limit of `160` characters is not.
- The **type**, **precision** and **scale** of all numeric fields.
  - For example, a `size` field on a `ContentFormat` structure should be a positive integer, not a negative number or a floating-point number.
<Note>
    All numeric fields in these docs have the appropriate precision (`u64`, `i64`, `f32`, etc.) specified. As a rule of thumb, do not use a different type in memory than the one specified in the docs.
    
    Using the same type with a higher bit count, for example using a u128 instead of a u64, is acceptable. Beware of performance impacts this may cause.
</Note>
- The **validity** of all URLs and URIs (run them through your favorite URL parser).
- The **time** of all dates and times (people should not be born in the future, or in the year 0).

It is your implementation's duty to reject data from other instances that does not adhere to the strict spec. **This is crucial to ensure the integrity of your instance and the network as a whole**. Allowing data that is technically valid but semantically incorrect can lead to the degradation of the entire Versia ecosystem.
docs: :memo: Add docs about federation 2024-07-27 15:37:58 +02:00			`export const metadata = {`
			`title: 'Validation',`
			`description:`
refactor: :truck: Do full rename of Lysand to Versia 2024-08-13 16:47:37 +02:00			`'Validation rules for Versia implementations.',`
docs: :memo: Add docs about federation 2024-07-27 15:37:58 +02:00			`}`

			`# Validation`

docs: :recycle: Rewrite various docs pages, add null fields everywhere they were missing, make some Note and User fields mandatory 2025-06-07 22:54:59 +02:00			Implementations MUST strictly validate all incoming data to ensure that it is well-formed and adheres to the Versia Protocol. If a request is invalid, the instance MUST return a `422 Unprocessable Entity` HTTP status code.
docs: :memo: Add docs about federation 2024-07-27 15:37:58 +02:00
			`<Note>`
			`Remember that while your implementation may disallow or restrict some user input, other implementations may not. You should not apply those restrictions to data coming from other instances.`

			`For example, if your implementation disallows using HTML in posts, you should not strip HTML from posts coming from other instances. You may choose to display them differently, but you should not modify the data itself.`
			`</Note>`

			`Things that should be validated include, but are not limited to:`

docs: :recycle: Rewrite various docs pages, add null fields everywhere they were missing, make some Note and User fields mandatory 2025-06-07 22:54:59 +02:00			- The presence of all required fields, and the presence of `null` on optional fields.
refactor: :memo: Switch from ISO 8601 to RFC 3339 2024-10-18 15:00:47 +02:00			`- The format of all fields (integers should not be strings, timestamps should be in RFC 3339 format, etc.).`
docs: :memo: Add docs about federation 2024-07-27 15:37:58 +02:00			`- The presence of all required headers.`
			`- The presence of a valid signature.`
fix: spelling 2024-07-31 20:56:42 +02:00			- The length of all fields (for example, the `username` field on a `User` entity) should be at least 1 character long.
docs: :memo: Add docs about federation 2024-07-27 15:37:58 +02:00			- Do not set arbitrary limits on the length of fields that other instances may send you. For example, a `bio` field should not be limited to 160 characters, even if your own implementation has such a limit.
docs: :recycle: Rewrite various docs pages, add null fields everywhere they were missing, make some Note and User fields mandatory 2025-06-07 22:54:59 +02:00			- If you do set limits, they should be reasonable, well-documented and should allow Users to easily view the remote original, by, for example, linking to it. A limit of `100 000` characters for a `bio` field is acceptable, but a limit of `160` characters is not.
docs: :memo: Add docs about federation 2024-07-27 15:37:58 +02:00			`- The type, precision and scale of all numeric fields.`
			- For example, a `size` field on a `ContentFormat` structure should be a positive integer, not a negative number or a floating-point number.
docs: :memo: Specify number precision validation in docs 2024-07-27 15:50:58 +02:00			`<Note>`
fix: :memo: Fix some objects with missing properties, reword sentence 2024-07-31 21:05:42 +02:00			All numeric fields in these docs have the appropriate precision (`u64`, `i64`, `f32`, etc.) specified. As a rule of thumb, do not use a different type in memory than the one specified in the docs.

			`Using the same type with a higher bit count, for example using a u128 instead of a u64, is acceptable. Beware of performance impacts this may cause.`
docs: :memo: Specify number precision validation in docs 2024-07-27 15:50:58 +02:00			`</Note>`
docs: :recycle: Rewrite various docs pages, add null fields everywhere they were missing, make some Note and User fields mandatory 2025-06-07 22:54:59 +02:00			`- The validity of all URLs and URIs (run them through your favorite URL parser).`
docs: :memo: Add docs about federation 2024-07-27 15:37:58 +02:00			`- The time of all dates and times (people should not be born in the future, or in the year 0).`

refactor: :truck: Do full rename of Lysand to Versia 2024-08-13 16:47:37 +02:00			`It is your implementation's duty to reject data from other instances that does not adhere to the strict spec. This is crucial to ensure the integrity of your instance and the network as a whole. Allowing data that is technically valid but semantically incorrect can lead to the degradation of the entire Versia ecosystem.`