JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 1148805
  • Score
    100M100P100Q179776F
  • License MIT

Express middleware for the validator module.

Package Exports

  • express-validator
  • express-validator/lib/express_validator

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (express-validator) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

express-validator

Build Status

An express.js middleware for node-validator.

Installation

npm install express-validator

Usage

var util = require('util'),
    express = require('express'),
    expressValidator = require('express-validator'),
    app = express.createServer();

app.use(express.bodyParser());
app.use(expressValidator([options])); // this line must be immediately after express.bodyParser()!

app.post('/:urlparam', function(req, res) {

  // checkBody only checks req.body; none of the other req parameters
  // Similarly checkParams only checks in req.params (URL params) and
  // checkQuery only checks req.query (GET params).
  req.checkBody('postparam', 'Invalid postparam').notEmpty().isInt();
  req.checkParams('urlparam', 'Invalid urlparam').isAlpha();
  req.checkQuery('getparam', 'Invalid getparam').isInt();

  // OR assert can be used to check on all 3 types of params.
  // req.assert('postparam', 'Invalid postparam').notEmpty().isInt();
  // req.assert('urlparam', 'Invalid urlparam').isAlpha();
  // req.assert('getparam', 'Invalid getparam').isInt();

  req.sanitize('postparam').toBoolean();

  var errors = req.validationErrors();
  if (errors) {
    res.send('There have been validation errors: ' + util.inspect(errors), 400);
    return;
  }
  res.json({
    urlparam: req.param('urlparam'),
    getparam: req.param('getparam'),
    postparam: req.param('postparam')
  });
});

app.listen(8888);

Which will result in:

$ curl -d 'postparam=1' http://localhost:8888/test?getparam=1
{"urlparam":"test","getparam":"1","postparam":true}

$ curl -d 'postparam=1' http://localhost:8888/t1est?getparam=1
There have been validation errors: [
  { param: 'urlparam', msg: 'Invalid urlparam', value: 't1est' } ]

$ curl -d 'postparam=1' http://localhost:8888/t1est?getparam=1ab
There have been validation errors: [
  { param: 'getparam', msg: 'Invalid getparam', value: '1ab' },
  { param: 'urlparam', msg: 'Invalid urlparam', value: 't1est' } ]

$ curl http://localhost:8888/test?getparam=1&postparam=1
There have been validation errors: [
  { param: 'postparam', msg: 'Invalid postparam', value: undefined} ]

Middleware Options

####errorFormatter function(param,msg,value)

The errorFormatter option can be used to specify a function that can be used to format the objects that populate the error array that is returned in req.validationErrors(). It should return an Object that has param, msg, and value keys defined.

// In this example, the formParam value is going to get morphed into form body format useful for printing.
app.use(expressValidator({
  errorFormatter: function(param, msg, value) {
      var namespace = param.split('.')
      , root    = namespace.shift()
      , formParam = root;

    while(namespace.length) {
      formParam += '[' + namespace.shift() + ']';
    }
    return {
      param : formParam,
      msg   : msg,
      value : value
    };
  }
}));

####customValidators { "validatorName": function(value, [additional arguments]), ... }

The customValidators option can be used to add additional validation methods as needed. This option should be an Object defining the validator names and associated validation functions.

Define your custom validators:

app.use(expressValidator({
 customValidators: {
    isArray: function(value) {
        return Array.isArray(value);
    },
    gte: function(param, num) {
        return param >= num;
    }
 }
}));

Use them with their validator name:

req.checkBody('users', 'Users must be an array').isArray();
req.checkQuery('time', 'Time must be an integer great than or equal to 5').isInt().gte(5)

####customSanitizers { "sanitizerName": function(value, [additional arguments]), ... }

The customSanitizers option can be used to add additional sanitizers methods as needed. This option should be an Object defining the sanitizer names and associated functions.

Define your custom sanitizers:

app.use(expressValidator({
 customSanitizers: {
    toSanitizeSomehow: function(value) {
        var newValue = value;//some operations
        return newValue;
    },
 }
}));

Use them with their sanitizer name:

req.sanitizer('address').toSanitizeSomehow();

Validation errors

You have two choices on how to get the validation errors:

req.assert('email', 'required').notEmpty();
req.assert('email', 'valid email required').isEmail();
req.assert('password', '6 to 20 characters required').len(6, 20);

var errors = req.validationErrors();
var mappedErrors = req.validationErrors(true);

errors:

[
  {param: "email", msg: "required", value: "<received input>"},
  {param: "email", msg: "valid email required", value: "<received input>"},
  {param: "password", msg: "6 to 20 characters required", value: "<received input>"}
]

mappedErrors:

{
  email: {
    param: "email",
    msg: "valid email required",
    value: "<received input>"
  },
  password: {
    param: "password",
    msg: "6 to 20 characters required",
    value: "<received input>"
  }
}

Optional input

You can use the optional() method to check an input only when the input exists.

req.checkBody('email').optional().isEmail();
//if there is no error, req.body.email is either undefined or a valid mail.

Nested input data

Example:

<input name="user[fields][email]" />

Provide an array instead of a string:

req.assert(['user', 'fields', 'email'], 'valid email required').isEmail();
var errors = req.validationErrors();
console.log(errors);

Output:

[
  {
    param: "user_fields_email",
    msg: "valid email required",
    value: "<received input>"
  }
]

Alternatively you can use dot-notation to specify nested fields to be checked:

req.assert(['user.fields.email'], 'valid email required').isEmail();

Regex routes

Express allows you to define regex routes like:

app.get(/\/test(\d+)/, function() {});

You can validate the extracted matches like this:

req.assert(0, 'Not a three-digit integer.').len(3, 3).isInt();

Extending

You can add your own validators using the customValidators option. See Middleware Options for usage details.

Changelog

See CHANGELOG.md

Contributors

  • Christoph Tavan dev@tavan.de - Wrap the gist in an npm package
  • @orfaust - Add validationErrors() and nested field support
  • @zero21xxx - Added checkBody function

License

Copyright (c) 2010 Chris O'Hara cohara87@gmail.com, MIT License