What is express-validator?
express-validator is a set of express.js middlewares that wraps validator.js, a library for string validation and sanitization. It provides a comprehensive set of validation and sanitization middlewares for handling user input in express applications.
What are express-validator's main functionalities?
Validation
This feature allows you to validate user input. In this example, the 'username' field must be alphanumeric and the 'password' field must be at least 5 characters long. If the validation fails, a 400 status code with the validation errors is returned.
const { body, validationResult } = require('express-validator');
app.post('/user', [
body('username').isAlphanumeric(),
body('password').isLength({ min: 5 })
], (req, res) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
res.send('User is valid');
});
Sanitization
This feature allows you to sanitize user input. In this example, the 'email' field is normalized to a standard email format and the 'username' field is trimmed of whitespace and escaped to prevent HTML injection.
const { body } = require('express-validator');
app.post('/user', [
body('email').normalizeEmail(),
body('username').trim().escape()
], (req, res) => {
res.send('User input is sanitized');
});
Custom Validators
This feature allows you to create custom validation logic. In this example, the 'age' field must be at least 18. If the validation fails, a 400 status code with the validation errors is returned.
const { body, validationResult } = require('express-validator');
app.post('/user', [
body('age').custom(value => {
if (value < 18) {
throw new Error('Age must be at least 18');
}
return true;
})
], (req, res) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
res.send('User is valid');
});
Other packages similar to express-validator
joi
Joi is a powerful schema description language and data validator for JavaScript. It allows you to create blueprints or schemas for JavaScript objects to ensure validation of key information. Compared to express-validator, Joi is more focused on schema-based validation and is not tied to express.js.
yup
Yup is a JavaScript schema builder for value parsing and validation. It is similar to Joi but is more lightweight and has a more modern API. Like Joi, Yup is not tied to express.js and can be used in various JavaScript environments.
validator
Validator is a library of string validators and sanitizers. It is the underlying library used by express-validator for its validation and sanitization functions. While it provides a comprehensive set of validation and sanitization functions, it does not provide middleware for express.js out of the box.
express-validator
An express.js middleware for
node-validator.
This is basically a copy of a gist by
node-validator author chriso.
Usage
var express = require('express'),
expressValidator = require('express-validator'),
app = express.createServer();
app.use(express.bodyParser());
app.use(expressValidator);
app.post('/:foo', function(req, res) {
var errors = [];
req.onValidationError(function(msg) {
console.log('Validation error: ' + msg);
errors.push(msg);
});
req.mixinParams();
req.assert('postparam', 'Invalid postparam').isInt();
req.assert('getparam', 'Invalid getparam').isInt();
req.assert('foo', 'Invalid foo').isAlpha();
req.sanitize('postparam').toBoolean();
if (errors.length) {
res.send('There have been validation errors: ' + errors.join(', '), 500);
return;
}
res.json(req.params);
});
app.listen(8888);
Which will result in:
$ curl -d 'postparam=1' http://localhost:8888/test?getparam=1
{"foo":"test","getparam":"1","postparam":true}
$ curl -d 'postparam=1' http://localhost:8888/t1est?getparam=1
There have been validation errors: Invalid foo
$ curl -d 'postparam=1' http://localhost:8888/t1est?getparam=1ab
There have been validation errors: Invalid getparam, Invalid foo
Contributors
- Christoph Tavan dev@tavan.de - Wrap the gist in an npm package
Licence
Copyright (c) 2010 Chris O'Hara cohara87@gmail.com, MIT License