To what extent should the function check incoming parameters?

  node.js, question

Imagine a business scenario where the front end submits some data, such as creating a new article and the back endrouteThe module receives the request and data and transmits them topostIn the modulecreate()Function,create()Function to do some processing on the data, sort out the data to be put into storage finally, and then calldbmodularinsertOne()Function to write data.

The process is roughly as follows (pseudo code):
Front end:

POST /post/
 
 formData

Route module:

app.post('/', (req, res) => {
 post.create(req.body);
 })

Post module:

create(post) {
 // do something
 db.insertOne('posts', post);
 bracket

Db module:

insertOne(name, doc) {
 db.collection(name).insertOne(doc);
 bracket

My question is, to what extent should incoming data be checked for each function?

For example,routeAs the first module to receive front-end data in the background, it will definitely check all data, including the integrity of necessary fields and the legitimacy of all fields. ThenpostIn the quiltrouteWhen calling, do you want to check the incoming data again? Because theoretically the data it receives has already been checked by the pre-function and it seems unnecessary to do another check?

For example,routeAndpostThe modules are dedicated,dbModules are shared. IndbIn the module, do you still need to do a general validity check on the data (such as checking the data type)? Whether it is necessary to judge the data content for targeted inspection (such as judgment is insertedpostsTable, check again whether the data meets the requirements of the table)?

Theoretically continue to check the type and legal value of each function’s parameters ~
At the same time, you need to see if the potential caller of your function is predictable.
If you are sure that your caller can predict and control, then check the type and legal value of the caller.
If you are unpredictable about the potential calling method, considering the expansibility, it is better that each function should be responsible for itself, and you cannot trust the parameters passed to you by the caller ~