NodeJS: Server-side request data validation

621
March 18, 2017, at 07:55 AM

What is the right way to validate incoming data on server side? I'm using lodash for simple validation like isObject or isArray etc, and validator for cases when i need to validate, say, if a string isEmail. But all this looks awkward and i'm not sure if this gonna hurt performance a lot or not so much.

There should be a way to validate incoming data the more elegant way.

Answer 1

One way to do it would be to use schema-inspector.

It's a module meant to validate json objects based on a json-schema description.

Here is an example from the github README :

var inspector = require('schema-inspector');
// Data that we want to sanitize and validate
var data = {
    firstname: 'sterling  ',
    lastname: '  archer',
    jobs: 'Special agent, cocaine Dealer',
    email: 'NEVER!',
};
// Sanitization Schema
var sanitization = {
    type: 'object',
    properties: {
        firstname: { type: 'string', rules: ['trim', 'title'] },
        lastname: { type: 'string', rules: ['trim', 'title'] },
        jobs: {
            type: 'array',
            splitWith: ',',
            items: { type: 'string', rules: ['trim', 'title'] }
        },
        email: { type: 'string', rules: ['trim', 'lower'] }
    }
};
// Let's update the data
inspector.sanitize(sanitization, data);
/*
data is now:
{
    firstname: 'Sterling',
    lastname: 'Archer',
    jobs: ['Special Agent', 'Cocaine Dealer'],
    email: 'never!'
}
*/
// Validation schema
var validation = {
    type: 'object',
    properties: {
        firstname: { type: 'string', minLength: 1 },
        lastname: { type: 'string', minLength: 1 },
        jobs: {
            type: 'array',
            items: { type: 'string', minLength: 1 }
        },
        email: { type: 'string', pattern: 'email' }
    }
};
var result = inspector.validate(validation, data);
if (!result.valid)
    console.log(result.format());
/*
    Property @.email: must match [email], but is equal to "never!"
*/

The sanitization schema is meant to "clean" your json before validating it (Setting optional values, trying to convert numbers to string, etc).

The validation schema describes the properties your json should respect.

You then call inspector.validate to check if everything is fine.

READ ALSO
X-Frame-Options: DENY not blocking iframes (node)

X-Frame-Options: DENY not blocking iframes (node)

I'm using frameguard on an Express server in an attempt to block iframe requests:

341
How to create blob using the response of url in javascriprt

How to create blob using the response of url in javascriprt

I have tried creating blob using the following code:

380
Parse Server Cloud Code Error 141: Unauthorized

Parse Server Cloud Code Error 141: Unauthorized

I have just created a parse-server deployment for learning on Cloud9 and everything works fine when I am accessing it using the REST API using PostManI am now trying out Cloud Functions

528
Node React structure without view engine

Node React structure without view engine

I'm new to nodeI was using express-handlebars as my view-engine, but now I've added React and I understood that I no longer require handlebars

293