Middleware to validate json schema of
req.body
,req.params
andreq.query
. It is based on JSONSchema spec and is-my-schema-valid module.
npm install is-express-schema-valid --save
Create schema validation middleware using the specified keys for each type of request data:
payload
schema object validatesreq.body
params
schema object validatesreq.params
query
schema object validatesreq.query
filter
- filter away fields that are not in the schema, defaults tofalse
filterReadonly
- filter away fields that are marked asreadonly: true
in schema, defaults tofalse
import express from 'express';
import bodyParser from 'body-parser';
import validate from 'is-express-schema-valid';
const app = express();
const loginSchema = {
payload: {
email: {
type: 'string',
required: true,
format: 'email'
},
password: {
type: 'string',
required: true,
minLength: 1
}
}
};
app.use(bodyParser.json());
app.post('/login',
validate(loginSchema),
findAndLoginUser
);
app.use(handleErrors);
function findAndLoginUser (req, res, next) {
// if schema validation fails
// this middleware won't be called
}
function handleErrors (err, req, res, next) {
// validation error will be passed as first argument
// you can return it or match with your api responses
}
app.listen(3000);
When defining a schema for request's payload / params / query you are able to pass a plain object. In this case is-express-schema-valid
will automagically populate your schema with default object
properties:
const schema = {
payload: {
foo: {
type: 'string',
required: true
}
}
};
// will be passed to validator as:
// {
// type: 'object',
// required: true,
// additionalProperties: false,
// properties: {
// foo: {
// type: 'string',
// required: true
// }
// }
// }
In other cases when you need a different type
use a full schema. For example, when payload needs to be an array
:
const schema = {
payload: {
type: 'array',
uniqueItems: true,
items: {
type: 'number'
}
}
};
// it will be used as is by validator
There are several additional formats added for easy validating the requests:
"mongo-object-id"
- check if the string is a valid hex-encoded representation of a MongoDB ObjectId"alpha"
- check if the string contains only letters (a-zA-Z)"alphanumeric"
- check if the string contains only letters and numbers"numeric"
- check if the string contains only numbers"hexadecimal"
- check if the string is a hexadecimal number"hexcolor"
- check if the string is a hexadecimal color"base64"
- check if a string is Base64 encoded"decimal"
- check if a string is a decimal number, such as 0.1, .3, 1.1, 1.00003, 4.0, etc."int"
- check if a string is an integer"float"
- check if a string is a float"uuid"
- check if the string is UUID
In the example below we can ensure that id passed as param is valid MongoDB ObjectId:
import validate from 'is-express-schema-valid';
const schema = {
params: {
id: {
type: 'string',
format: 'mongo-object-id'
}
}
};
app.get('/items/:id',
validate(schema)
//...
);
Just a reminder that there are default built-in formats supported by JSONSchema:
"date-time"
- date representation, as defined by RFC 3339, section 5.6."email"
- internet email address, see RFC 5322, section 3.4.1."hostname"
- internet host name, see RFC 1034, section 3.1."ipv4"
- IPv4 address, according to dotted-quad ABNF syntax as defined in RFC 2673, section 3.2."ipv6"
- IPv6 address, as defined in RFC 2373, section 2.2."uri"
- a universal resource identifier (URI), according to RFC3986.
If provided data doesn't match provided schema is-express-schema-valid middleware passes instance of SchemaValidationError
class down to your app's error handler middleware:
import { SchemaValidationError } from 'is-express-schema-valid';
function errorHandlerMiddleware (err, req, res, next) {
// handle schema validation error
if (err instanceof SchemaValidationError) {
// check lists of errors for each schema
console.log(err.errors);
// { payload: [...], query: [...], params: [...] }
}
}
In order to get comfortable with JSONSchema spec and its' features I advice you to check the book "Understanding JSON Schema" (also PDF version) or look at examples.
MIT Licensed