Oof is this for people who reuse their DTO for business logic and/or share DTOs across different APIs.

It never occurred to me to ever (in any language) have a DTO with fields I wish (let alone require for security) not to unmarshall.

This seems doubly strange in Go the language of "Yes absolutely DO repeat yourself!"

Side rant:

JS (even with Typescript) pisses me off as this is unavoidable. Splats make it worse. But still a distinct DTO and business object and don't use splats would help. (Maybe make ... a lint error)

▲

commandersaki 2 hours ago | parent | next [-]

Does the origin of "DTO" come from Java? I've never seen it used anywhere else.

	▲	paulddraper an hour ago \| parent [-]
		DTO comes from OOP for which Java is the poster child. But you can find it many places. https://codewithstyle.info/typescript-dto/

▲

IceDane 7 hours ago | parent | prev [-]

This is not unavoidable in typescript at all. It really depends a lot on how you have structured your application, but it's basically standard practice at this point to use e.g. zod or similar to parse data at the boundaries. You may have to be careful here (remember to use zod's .strict, for example), but it's absolute not unavoidable.

▲

bravesoul2 5 hours ago | parent [-]

I should have been clear. Yes it is avoidable but only by adding more checking machinery. The bare language doesnt help.

In Go etc. If a struct doesn't a field foo then there will not be a field foo at runtime. In JS there might be. Unless you bring in libraries to help prevent it.

You are relying on someone remembering to use zod on every fetch

	▲	paulddraper an hour ago \| parent [-]
		OpenAPI can do this too