It is very simple. As you already have decoupled client and server you have 2 edges in your system. The only correct answer would be both.
you want your client to provide valid data to the backend + direct feedback to users.
you want your backend to only accept valid data as you probably want to prevent any sort of intrusion (Remote Code Execution, Injection etc.).
You can test both modules separately and more important if someone else connects to the backend (either legit or not) your data processing is always clear.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
It is very simple. As you already have decoupled client and server you have 2 edges in your system. The only correct answer would be both.
You can test both modules separately and more important if someone else connects to the backend (either legit or not) your data processing is always clear.