Another day, another short article. Today we will focus on validation of numeric query parameters.
Everyone values his/her time, so here is TL;DR:
Each query parameter comes as string, so it's not possible to validate numeric params correctly. Simple solution – use
@Type()decorator fromclass-transformerlibrary, and declare numeric field asNumber. I.e.@Type(() => Number)
Let's take an example URL address with few query parameters:
https://awesomesite.com/users?country=6&name=joe
Our controller would probably look like this:
@Controller('users')
class UsersController{
@Get()
getUsers(@Query() queryParams){}
}
Ok, at the beginning we've extracted our query parameters with @Query() decorator. Time to impose some validation on them. Here is our validation class:
class GetUsersQuery{
@IsInt()
country: number;
@IsString()
name: string;
}
We've defined very basic validation constraints for country and name fields. Then we need to do a little change in our controller method.
@Controller('users')
class UsersController{
@Get()
getUsers(@Query() queryParams: GetUsersQuery){
console.log(queryParams)
}
}
Ok. Time to check if our validation works correctly. Let's try to send GET request for previously mentioned URL. Everything should be just fine, right? Well, not really, here is what we got:
{
"statusCode": 400,
"message": [
"country must be a number conforming to the specified constraints"
],
"error": "Bad Request"
}
What? But country is anumeric field! It's even an integer! Unfortunately, not for our application. Let's try to make one step back, and remove validation, then check what kind of parameters will query object contain.
{
country: '1',
name: 'joe'
}
Ok, now you can see, that each field is passed as a string value. Even an integer field. What can we do with it? After all, we need to validate whether the country field is an integer, or not, right?
Once again, class-transformer library has a simple solution for us. Use @Type decorator, and declare country field as Number:
class GetUsersQuery{
@IsInt()
@Type(() => Number)
country: number;
@IsString()
name: string;
}
Now our request will pass validation, and the response object will look like this:
{
country: 1,
name: 'joe'
}
Country field has numeric type now. When we send an invalid value, for example, a string, we'll get:
{
"statusCode": 400,
"message": [
"country must be an integer number"
],
"error": "Bad Request"
}
But for integer type parameter it will pass. Finally, our integer validation works now correctly. Hope this short article will help you to validate numeric values passed through URL parameters. Cheers!
Top comments (17)
Good article. I read all your articles on validation. And I have an ideas. I think if want to validate numeric,should use
ParseIntPipe, it will transform and if it isn't a number it will throw errorThe main point of my approach is to have the whole validation process in one place :)
Thank you)
Just a little issue with this way of transform & validate query params: try @Type(() => Boolean), you'll have to use @Transform and do it yourself.
Hi! Thank you for your comment. I'm not sure what do you want to achive with your code example. Could you give me an example of URL and final object with values you want to get? Regards!
Just try with some boolean param, or even an array.
export class FilterQuery {
@IsOptional()
@IsBoolean()
@Type(() => Boolean)
prova?: boolean
}
Setting 'prova' as 'false' it will cast it to true. As you said, those query params are just strings that must be serialized first in some way. So, in some cases like Number it just works but in others it follows JS conversion rules... I partially solved it doing using @Transform instead of @Type and looking Nestjs parse implementations github.com/nestjs/nest/tree/99ee3f...
You are totally right! And this is the reason why this article is titled “Validating numeric query params” 😁 I think it’s the most common issue Nest users encounter (at least in my experience).
For array of values in query params I use (exactly as you said) Transform decorator from class-transform package. For bools I prefer to pass just boolean in numeric form (0 or 1) or (depends on context) simple string like yes/no. But I avoid true/false, because as you noted – it can result with some false positives.
Anyway, thank you for your comment, I’m sure somebody finds it helpful! Cheers!
Thank you for the article, it's my first time with Nestjs and I was looking for how to parse & validate params declaratively and without too many hustles. I hadn't noticed "numeric" in the title, sorry 😅
How do you manage arrays, i.e. numeric[] ? At the moment I use ParseArray (that also is the only Parse* function that can handle natively missing query params)
I've struggled with arrays a lot, and ended up with some like this. I'm not very proud of it, but it works for me.
I decorate expected field with:
And here is
mapStringToNumberimplementation:It allows me to pass array of numbers and just string with numbers separated with commas as well. It also cleans up non-numeric values. So, when you pass e.g.
categories=1,a,2, you will get an array of[1,2].I'm not the biggest fan of using extra pipes for validating. I rather try to keep my validation in one place (in validation class with class-validator in this case).
If the example is not working on your code, please check if you enabled ValidationPipe. Find more here: docs.nestjs.com/techniques/validat...
Furthermore, I discovered it is required to pass in the following options to
ValidationPipeelse the type of the query param value at runtime will still be string, even though it may pass the class-validator validations.
Information
It would be great if we could do something like :
import IsEmail from 'class-validator'
@Query('email', IsEmail) email:string
Awesome article
awesome, this is just working properly .. thanks buddy
Nice to hear that!
tk u gs