DEV Community

Cover image for Joi — awesome code validation for Node.js and Express

Joi — awesome code validation for Node.js and Express

Chris Noring on July 28, 2019

Follow me on Twitter, happy to take your suggestions on topics or improvements /Chris Validation of data is an interesting topic, we tend to writ...
Collapse
 
josemunoz profile image
José Muñoz

Great Post! I personally use Yup which is based on Joi but tailored for the frontend, smaller footprint and whatnot, its pretty much the same API and it is wonderful to work with, specially with Formik

Collapse
 
softchris profile image
Chris Noring

Hi José. Appreciate the comment. Will look into Yup :)

Collapse
 
nexxado profile image
Netanel Draiman

Cool, didn't know about Yup.
Aside from validating API responses, what other use-cases do you use it for?

Collapse
 
josemunoz profile image
José Muñoz

on the frontend it is useful to validate form data before sending it on a request :)

Collapse
 
slidenerd profile image
slidenerd

does yup work on the backend and frontend, also what is the difference between yup and joi in terms of functionality, is one superior to the other in any way apart from the footprint you mentioned

Collapse
 
tsuki42 profile image
Sudhanshu

Yup doesn't support Dictionary-like structure that Joi does out of the box.
github.com/jquense/yup/issues/1275...

Collapse
 
antonioavelar profile image
António Avelar • Edited

I personally use Joi to validate my REST API routes. Each route has a controller, responsible for getting the user request parameters. That controller then passes those params to a service. On that service i have a Joi validation that looks like this:

   async function create(data) {
      return Joi.validate(data, schemas.accountCreation, async (err, value) => {
         if (err) {
            return {
               success: false,
               message: err.message,
               status: 400
            }
         }

         //service logic....        

      }
   }
Enter fullscreen mode Exit fullscreen mode

Each validation is stored in a file that can be reused across all application/microservice. It looks like this:


module.exports = {
    user: {
        accountCreation: Joi.object().keys({
            firstname: Joi.string().min(1).required(),
            lastname: Joi.string().min(1).required(),
            email: Joi.string().regex(EMAIL_REGEX).email().required(),
            password: Joi.string().regex(/^[\x20-\x7E]+$/).min(8).max(72).required()
        }),
        authentication: Joi.object().keys({
            email: Joi.string().regex(EMAIL_REGEX).email().required(),
            password: Joi.string().regex(/^[\x20-\x7E]+$/).min(8).max(72).required()
        })
    },
    collection: {
        create: Joi.object().keys({
            collectionName: Joi.string().regex(ascii).min(1).max(30).required(),
            fields: Joi.array().min(1).required(),
            fieldsToShow: Joi.number().min(1).optional()
        }),
        getCollectionsByOwner: Joi.string().uuid().required(),
        getCollectionsById: Joi.string().uuid().required()
    },
    items: {
        create: Joi.object().keys({
            collectionId: Joi.string().uuid().required(),
            image: Joi.optional(),
            fields: Joi.object({}).min(1).required().unknown()
        }).unknown(),
        getById: Joi.string().uuid().required(),
        deleteItemByUUID: Joi.string().uuid().required()
    }
}

Enter fullscreen mode Exit fullscreen mode
Collapse
 
softchris profile image
Chris Noring

Thanks for sharing Antonio :)

Collapse
 
dyllandry profile image
Dylan Landry • Edited

I've got it.
The organization which supports Joi is Hapijs. The repository, hapijs/joi sounds like happy joy.

I remember vaguely a song, something like "Happy happy joy joy; happy happy joy." Google reveals it is a song from the old 1996 television show Ren and Stimpy. Could there be a connection?

The hapi.js logo seems familiar, too. Google reveals this 2016 GitHub issue: New Logo?

"I think it's time. We are no longer using the Ren & Stimpy theme so maybe refresh the logo with something cleaner and more up to date?"

Ladies and gentlemen, we got him.

Collapse
 
softchris profile image
Chris Noring

Wow.. Thanks for that added context Dylan :)

Collapse
 
jacobmgevans profile image
Jacob Evans

Would TypeScript eliminate the need for Joi (I've used Joi before at work)?

I know Flow is similar to TypeScript so usually, people won't use both.

Collapse
 
yawaramin profile image
Yawar Amin

You would get the greatest benefit by using a static typechecker like TypeScript or Flow in combination with a dynamic validator like Joi or Ajv. It works roughly like this:

  • Define a static type
  • Define a validator function for that type, using Joi or Ajv as the underlying validation tool
  • Make the validator function return the input value cast to the static type (if validation succeeded) or the validation error (if validation failed)

For example:

interface Person {
  id: string;
  name: string;
}

const personValidator: Validator<Person> = Validator(
  Joi.object().keys({id: Joi.string(), name: Joi.string()}),
);

...

const result = personValidator.validate(personObj);
if (result instanceof ValidationError) {...}
else {
  // Now we know 100% that result is a valid Person with id and name
}
Enter fullscreen mode Exit fullscreen mode
Collapse
 
justintime4tea profile image
Justin Gross

I was thinking about Typescript while reading this too. In Typescript you have Typeguards which are basically a validation function (you write it, it's a normal function) which would, like Joi here, validate that the object is what you are expecting. During design time you're relatively safe, as a developer, from using the wrong type of object (because Typescript tslint will yell at you, and tsc will exception) and then during runtime you can validate using the Typeguards.

In my travels of JavaScript I realized I started writing more and more boilerplate and tons of extra code to address the fact that JavaScript is not typed and is functional first and OO second. When I finally tried Typescript I felt relieved that I could finally stop writing so much extra code to make up for the fact that JavaScript wasnt typed and didn't have OO as a first class paradigm. Also the IDE and tooling support is so amazing in Typescript.

They say JavaScript ate the world... Next will be Typescript.

Collapse
 
jacobmgevans profile image
Jacob Evans

I actually plan on learning TypeScript 🤣😆 I just have to get over the setup and config excuse... I know once I do it ill be able too to spin it up faster the next times... Just being the bad kind of lazy, procrastinating.

The superset though is exciting and I look forward to all its tooling and power! VSCode is a prime example of the awesomeness TS can be utilized for.

Thread Thread
 
softchris profile image
Chris Noring

hi Jacob. Would you benefit from an article that shows how you set up TypeScript + Jest + TS and shows a CI pipeline?

Thread Thread
 
jacobmgevans profile image
Jacob Evans

Definitely. Especially if you can tie it into a project that already exists... I use React, Babel, Eslint, Parcel, Yarn if that helps at all.

Thread Thread
 
justintime4tea profile image
Justin Gross • Edited

I've created a GitHub template for Typescript. It doesn't teach how to set up a new project and it is opinionated but if you wanted to play around with Typescript, unit testing, code coverage, dependency injection, auto-doc creation, hot-reload and dts rollups it's a ready to go template with a VS Code workspace to boot! Take it or leave.

github.com/JustinTime4Tea/ts-template

Collapse
 
dmitrye profile image
Dmitry Erman • Edited

Great Article Chris. Covers something I've had in my code for a while. There is one more feature that you're not covering.

Joi returns sanitized values of parameters in a 2nd parameter. For example, you can have Joi validate (truthy, falsy, etc) that 'false', false, 0, and 'N' are all equivalent to false for your filter=N query parameter. It will then return false as a boolean. By default all query parameters come through as strings.

To apply the above to your code you would do something like this to manipulate the request object with the sanitized version of the objects:

const middleware = (schema, property) => { 
  return (req, res, next) => { 
  const { error, values } = Joi.validate(req[property], schema); 
  const valid = error == null; 

  if (valid) { 

    /**
    * Manipulate the existing request object with sanitized versions from Joi. This is an example
    * and I'm sure there are other and more efficient ways.
   **/
    if(value && Object.keys(value).length > 0){
        for(const prop in value){

          //maybe not necessary, but defensive coding all the way.
          if(value.hasOwnProperty(prop)){
            if(req.query && req.query[prop]){
              req.query[prop] = value[prop];
            }

            if(req.body && req.body[prop]) {
              req.body[prop] = value[prop];
            }

            if(req.params && req.params[prop]) {
              req.params[prop] = value[prop];
            }
          }
        }
      }
    next(); 
  } else { 
    const { details } = error; 
    const message = details.map(i => i.message).join(',');

    console.log("error", message); 
   res.status(422).json({ error: message }) } 
  } 
} 

You can also append the values object to req.options = values that would allow you to have both. But then your code will need to know which one to grab.

Collapse
 
enado95 profile image
O'Dane Brissett

This an excellent Article. I was wonder how I was gonna validate route level instead on controller level. Saved me a ton of time.

Collapse
 
softchris profile image
Chris Noring

Thank you for that. Glad it helped :)

Collapse
 
carlillo profile image
Carlos Caballero

Thanks!

Joi is a essential element in web development today!

Collapse
 
iamdjarc profile image
IG:DjArc [Hey-R-C]

Thank you Chris for a great article, I have a question about Unit testing.... The question is how do you Test the next() or how do you test these schemas in general? thank you again.

Collapse
 
softchris profile image
Chris Noring

hi there. I usually like a mocking approach, cause we are talking middleware right? codewithhugo.com/express-request-r...

Collapse
 
iamdjarc profile image
IG:DjArc [Hey-R-C]

Hey Chris, thank you very much for that prompt reply. I am ACTUALLY please and surprised with your quickness. So I looked at the example you shared. I have to be honest I am still a novice to this testing life. So I have attached my module and test. Any pointer/guidance would be appreciated.

Here is the module

Module

Here is the test
Test Module

Thank you

Collapse
 
devqx profile image
Oluwaseun Paul

Thanks A lot! great post!

Collapse
 
softchris profile image
Chris Noring

Thank you :)

Collapse
 
mohit_knock profile image
《MohitChauhan /》

Use of Typescript and html5 validation will be more adequate for such use cases

Collapse
 
tumee profile image
Tuomo Kankaanpää

This was very helpful post, thank you! :)

Collapse
 
softchris profile image
Chris Noring

Thank you Tuomo :)

Collapse
 
guillermoprados profile image
Guille

Thanks Chris! this was really helpful :)

Collapse
 
dzvid profile image
David

Thank you!

Collapse
 
heshamd profile image
Hesham Eldawy

Hello developers, can someone help me with this error plz. thnx in advance stackoverflow.com/q/69960084/15454800