Home > Back-end >  best practice to validate POST request body
best practice to validate POST request body

Time:01-09

My Express API exposes a POST endpoint to create a user, and i need to validate data before inserting it into database, i have two methods in mind:

Method 1: Include the model's validation in the controller and repeat it for every model:

// controllers/users.js

exports.createUser = async function (req, res) {
    const { username, email, password } = req.body;

    /* validation logic */

    /* interact with db */

Method 2: Move the validation logic to dedicated middleware:

// middleware/validators.js

exports.validateArticle = function (req, res, next) {};

exports.validateComment = function (req, res, next) {};

exports.validateUser = function (req, res, next) {
    const { username, email, password } = req.body;

    /* validation logic */

    if (!isValid) {
        return res.statusCode(400);
    }

    next();
};

// routes/users.js

const { validateUser } = require('../middlewares/validators');

router.route('/').post(validateUser, createUser);

my concern with method 2 is that the logic for one endpoint method would be scattered among many files, but which one of these methods follow best practices ?

CodePudding user response:

The issue is one of scale. If there are a lot of different routes in a controller, or if you just have multiple controllers, it can be difficult to keep things clean and easy to understand. The controller shouldn't have much more than what is necessary to show how incoming requests are being routed and returned. Everything else that isn't trivial should be passed to a middleware service. Therefore, the second option tends to work out better if you want room to grow.

Additionally, by putting all your validation logic together you can easily reuse code where applicable.

Option 1 can work out if this is very static and you have no expectations that new routes or controllers will be added.

CodePudding user response:

I can suggest you to use a ready-made middlewares express-validator, and setup like that:

// src/validation/validation.js
const { validationResult } = require('express-validator');

const validate = (schemas) => {
    return async (req, res, next) => {
        await Promise.all(schemas.map((schema) => schema.run(req)));

        const result = validationResult(req);
        if (result.isEmpty()) {
            return next();
        }

        const errors = result.array();
        return res.send({
            message: 'Validation error',
            errors: errors,
        })
    };
}

module.exports = {
    validate
}

this is a function that you can call like middleware in your router, then a file with validation rules.

// src/validation/validationSchemas.js
const { body } = require('express-validator');

const addUserSchema = [
    body('username').isLength({ min: 4, max: 16 }).withMessage('Username must be at least 4 and no more than 16 characters'),
    body('email').isEmail().withMessage('Incorrect email')
];

module.exports = { addUserSchema }

and in your router:

const { validate } = require('../validation/validation'); 
const { registrationSchema, loginSchema } = require('../validation/validationSchemas');

router.post('/registration', validate(registrationSchema), userController.registration);

Page link:https//www.codepudding.com/Backend/256286.html

Prev:Add a local IntelliJ Project as Dependency for another Project via Maven
Next:How can I see an appended text instantly on a different client without using socket.io?[node.js]
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding