express-request-stripdeprecated

Express pre-validation and auto-error handler.

Usage no npm install needed!

<script type="module">
  import expressRequestStrip from 'https://cdn.skypack.dev/express-request-strip';
</script>

README

express-request-strip

This is a module that helps validate express param, query, and body data to prevent bad data from passing through to endpoints. It will automatically send errors back to the requester if it finds any in JSON format. Must be used with body-parser.

Installation

npm install --save express-request-strip

Example

Place the single function before your normal request handler, this will check for the required params, body, or query based on the options you provide to it.

const express = require('express'),
      bodyParser = require('body-parser'),
      single = require('express-request-strip').single,
      app = express();

app.use(bodyParser.urlencoded({extended: true}));
app.use(bodyParser.json());

const idRequired = {
    params: {
        id: { type: String, required: true }
    }
}

app.post('/test', single(idRequired), (req, res, next) => {
  // handle usual request if id is found
});

app.listen(3000);

If the above endpoint /test does not have req.params.id a default message will be displayed and the route will be interrupted.

Here is an example of the automatically returned JSON for our missing id.

{
    "params": ["id field is required"]
}

Options

Options can handle multiple types of incoming data, or all three at the same time if necessary. However, the options need to be structured in the following way.

example

const options = {
  params: {
    method: { type: String, required: true, default: 'update' }
  },
  body: {
    username: { type: String, minLength: 8 }
  },
  query: {
    id: { type: Number, minLength: 1 }
  }
}

The above options are expecting a required param with key method to be given as a string, but can default to the word update. It also expects an optional username in the body of the request. And lastly, another optional query, name id.

The above would be satisfied if only the method param was provided.

An example HTTP call with all three

POST /list/delete?id=123 HTTP/1.1
Host: localhost:3009
Content-Type: application/json
Cache-Control: no-cache
Postman-Token: 5b400a0d-43db-3f66-e4ec-ae3deb0c0ec8

{
    "username": "Oprah"
}

In this example delete is the method param

App-wide validation

To handle multiple routes throughout the express app it can make more sense to set up a configuration for these routes and validation in one file.

Below is an example of how to set this up for multiple routes.

config/schema.js

const schemas = {
  '/login': {
    body: {
      username: { type: String, required: true },
      password: { type: String, required: true }
    }
  },
  '/signup': {
    body: {
      username: { type: String, required: true },
      handle: { type String, required: true },
      password: { type: String, required: true },
      email: { type: String, required: true }
    }
  }
}

module.exports = schemas;

Now we import this config to our app.

app.js

const { routes } = require('express-request-strip');
const schemas = require('./schemas');
const express = require('express'),
      app = express();

// routes will check if they match the requested url
app.use(routes(schemas));

For a complete list of object validation schema please look at requespt-strip