DEV Community

A Clean Approach to Using Express Validator

Chinedu Orie on August 09, 2019

Express validator is one of the many npm packages for validating a request an express application. I recently used express validator in a project ...

Read full post

Alain • Oct 9 '19

Very useful thanks!

For my purpose I just split validators.js in 2 parts, your validate const is for me a separate middleware in which I've also added a

req.matchedData = matchedData(req)

useful to me to access to validated data in next middleware.

My validateRules middleware looks like:

import { matchedData, validationResult } from 'express-validator';

const validateRules = (req, res, next) => {
    const errors = validationResult(req);

    if (errors.isEmpty()) {
        req.matchedData = matchedData(req);
        return next();
    }

    const extractedErrors = [];
    errors.array().map(err => extractedErrors.push({ [err.param]: err.msg }));

    return res.status(422).json({
        errors: extractedErrors,
    });
}

export default validateRules;

ARNAB MUNSHI • Sep 3 '20

hi Alain

import { matchedData, validationResult } from 'express-validator';

This line not working for me. I don't know why.

But the following code is work for me.

import expressValidator from "express-validator";
const { body, validationResult } = expressValidator;

Chinedu Orie • Oct 10 '19

That was insightful. Thanks for sharing!

PearsonHill • Apr 3 '20 • Edited

Hey Chinedu,

I echo sentiment of others regarding the endless search for finding a tutorial that made sense and was easy to implement! Thank you! Would I check for duplicates in the database in this file as well?

Pearson

PS: I found this:
express-validator.github.io/docs/c...

how would we incorporate it into what we have?

I'm sure your slammed with requests like this - no worries if you don't have the bandwidth to reply

PearsonHill • Apr 3 '20

hey Chinedu - kept searching and found my answer! I am fired up - see below if anyone else is interested:

const { body, check, validationResult } = require('express-validator')
const Team = require('../models/Team')

const teamValidationRules = () => {

return [
// is name present
check('name'," a string 'name' is required.")
.notEmpty().isString()
.custom(
async (value, {req}) => {
const check = await Team.findOne({name: value})

           if(check){
            return Promise.reject('Name is already in use');
           }


        }),

Chinedu Orie • Apr 3 '20

Great job, I just saw your comment, good to know you've been able to tackle it

imk-ivan • Jan 17 '23

Great solution, thanks!

Gil Palikaras • Aug 26 '20 • Edited

Hi Chinedu,

Thank you for the solution, looks great and works great.
I am using PHPStorm/WebStorm and when I implemented this solution, the editor shows warning (yellow underline):
Argument types do not match parameters

const {studentValidationRules, validate} = require('../util/dataValidator');
router.post('/student', studentValidationRules(), validate ,studentController.createStudent);

I thought I was using correctly the pattern of adding middleware to my routes, did I do something wrong?

syed • Jan 10 '20

Hi Chinedu,
I was looking exactly this way,
I want to know how the below line works
"app.post('/user', userValidationRules(), validate, (req, res) => {"

How userValidationRules() related to validate,
Thanks
Syed

Chinedu Orie • Jan 11 '20

Hi Syed, the userValidationRules() is a helper which uses the express-validator methods to intercept the request and enforce the validation, express-validator methods pass the results of the validations to the request, the validate is a middleware which checks if the request contains errors injected by the express-validator methods; as middlewares do, if there's an error in the request object, it returns the error response, if there's no error in the request object, it calls the next function allowing the request to continue to the next stage.

syed • Jan 11 '20

Hi thanks for the reply
I'm sorry, I'm still in learning the middleware. You said userValidationRules() is helper, but not a middleware, since because of the braces ()?, how these two (userValidationRules() and valiadate) differ from each other in that place.
My understanding is, the helper userValidationRules(), executed immediately, and send the errors ,if any, to validate middleware 'validate'?.
If i want to combine those two into one single middleware, how can I achieve that?

Thanks
Syed

atexzonate • Dec 31 '19

Nice post. Was struggling with this for a while until I saw your post.. Thank Omo Naija

Chinedu Orie • Dec 31 '19

Haha, the Omo Naija part. Good to know you found it helpful ✌️

Santanu Biswas • May 25 '22

I found a more simplistic approach of doing this on Stackoverflow.

// validator.js
const { check, validationResult } = require('express-validator')

exports.validateUser = [
check('name')
    .trim()
    .escape()
    .not()
    .isEmpty()
    .withMessage('Name can not be empty!')
    .bail()
    .isLength({min: 3})
    .withMessage('Minimum 3 characters required!')
    .bail(),

(req, res, next) => {
    const errors = validationResult(req);
    if (!errors.isEmpty())
    return res.status(200).json({errors: errors.array()});
    next();
},
];


// router.js
const validateUser = require('../validator)
router.post('/users/create', validateUser, UserController.create)

// UserController.js
async create(req, res) {
     // do stuff
}

Ario Setiawan • Jun 9 '20

My error value just "Invalid value", not described as example :
{
"errors": [
{
"username": "username must be an email"
},
{
"password": "password must be at least 5 chars long"
},
]
}

that is from validator library or from backend?

Chinedu Orie • Jun 9 '20

If you didn't specify a custom error message, then it'll assume the default message from the library

Ario Setiawan • Jun 10 '20

Ok i got it, express-validator.github.io/docs/c... thanks

Reak45 • Jul 29 '20

Great post! However I have a question. Can this be merged in a single middleware? Instead of two functions?

Chinedu Orie • Jul 30 '20 • Edited

Certainly yes, I've recently made an improvement to it in my personal codes. The validator takes schema as a param. I found it cleaner and I'd update the article ASAP. Below is what it looks like:

const { body, validationResult} = require('express-validator');

const validate = (schemas)  => {
    return async (req, res, next) => {
      await Promise.all(schemas.map((schema) => schema.run(req)));

      const result = validationResult(req);
      if (result.isEmpty()) {
        return next();
      }

      const errors = result.array();
      return  res.send(errors)
    };
  }
 const exampleSchema = [
   body('foo', 'The foo field is required').notEmpty(),
   ...
];

router.post('/foos', validate(exampleSchema), fooHandler);

Leblanc Meneses • Jan 5 '21

How would you implement mutually exclusive properties like google maps geocoding?
can be either: address or latlng but not both

github.com/express-validator/expre...

seems oneOf is middleware not a ValidationChain[]. I'm handling it manually using a custom rule because that allows me to continue using similar "validate" middleware, although, what else are we missing by having this convenience "validate" wrapper .

Great writeup!

Reak45 • Jul 30 '20

This is just awesome! Thank you so much!

Chinedu Orie • Jul 30 '20

Anytime!

Chinedu Orie • Oct 3 '19

Hi Mohammad, If I got your question clearly it means you're using server side rendering. The example above would serve well for an API where all responses are JSON objects. In your case, you return a view instead of a JSON object. So what you should do is to return a view then passing the error object as a data to the view.

Damien1990 • Oct 5 '20

Love this approach to validation but wondering how I would compare the value of one field to another with it? For example password and confirmpassword. Any help would be appreciated.

Chinedu Orie • Oct 5 '20

You can use a custom rule

See example from the docs:

const { body } = require('express-validator');

app.post('/user', body('passwordConfirmation').custom((value, { req }) => {
  if (value !== req.body.password) {
    throw new Error('Password confirmation does not match password');
  }

  // Indicates the success of this synchronous custom validator
  return true;
}), (req, res) => {
  // Handle the request
});

Damien1990 • Oct 5 '20

Thank you, it worked beautifully. I'm guessing you can use a similar approach to checking for 'unique' emails/usernames by requiring the model in the validator class, using the value to search for existing emails/usernames in the database and if one is returned, to throw an error?

Chinedu Orie • Oct 6 '20

yes

sanwar1 • Aug 26 '20

Thank you Chinedu. Just what I was looking for. Very elegant. However, this is just for one API handle. What if there are multiple request handles and each of them with multiple parameters?

Should I create a separate layer for validations for a real-world application??

Farzin Khaleghian • Dec 7 '21

In this function if we want to support multiple validation rules and make a condition based on one key in the request body, do you have any ideas? In the other hand how we can pass req in this function?