Using express-validator for Request Validation
Fri Apr 14 2023 09:18:26 GMT+0000 (Coordinated Universal Time)
Saved by
@mindplumber
#javascript
#uuid
#guid
const express = require('express');
const { body, sanitizeBody, validationResult } = require('express-validator');
const app = express();
app.use(express.json());
// Define a route handler that uses request validation middleware
app.post('/register',
body('username').trim().isLength({ min: 3, max: 30 })
.withMessage('Username must be between 3 and 30 characters long')
.escape(),
body('email').trim().isEmail()
.withMessage('Please enter a valid email address')
.normalizeEmail(),
body('password').isLength({ min: 6 })
.withMessage('Password must be at least 6 characters long')
.matches(/\d/)
.withMessage('Password must contain at least one number')
.customSanitizer((value, { req }) => {
// Hash the password before storing it in the database
const hashedPassword = hashPassword(value);
req.body.password = hashedPassword;
return hashedPassword;
}),
(req, res) => {
// Check for validation errors
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(422).json({ errors: errors.array() });
}
// Sanitize input data
sanitizeBody('username').escape();
sanitizeBody('email').normalizeEmail();
// Registration logic here
const username = req.body.username;
const email = req.body.email;
const password = req.body.password;
const message = `Registered user: ${username} (${email}, ${password})`;
res.send(message);
});
// Start the server
app.listen(3000, () => {
console.log('Server running on port 3000');
});
content_copyCOPY
We define a route handler for a `POST /register` endpoint that uses the `body()` method from express-validator to define validation rules for the `username`, `email`, and `password` request parameters. We also use the `withMessage()` method to define custom error messages for each rule.
We then use the `normalizeEmail()` method to sanitize the `email` parameter, and the `trim()` method to sanitize the username parameter.
If there are no validation errors, we proceed with the registration logic and send a success response.
We define a custom sanitizer for the password parameter using the `customSanitizer()` method. This sanitizer hashes the password before storing it in the database, and updates the request body with the hashed value.
We also use the `sanitizeBody()` method to sanitize the username and email parameters by escaping special characters and normalizing email addresses.
Note that this is still a simplified example - express-validator provides many more options and features for complex sanitization and data validation.
Comments