I'm using sails js 0.11. Are the inputs using req.body or req.params.all() sanitized? If not, what should be done to sanitize them?
Secondly, for validations - where can the validations be done? Eg: req.params.all().id should be an integer type.
For sanitazing you can write hook or service
Validation rules should be described in your models
Related
I am trying to use fastify+NestJS. However, in order to use, in my opinion, the main strength of fastify, its speed, I need to get profit of fastify json schema. However, I do not understand how can I inject such a schema in a NestJS controller. Can you help me please?
I have developed an API using expressjs and Sequelize is the ORM I have used. I want to integrate express-validation to my API to validate the request body and params. The express-validation framework uses the Joi validation rules. But as I have already defined the validation rules in my Sequalize model, I' don't like to redefine validation rules using Joi for request body validations.
I'm just wondering if there's any method or library to generate Joi validation rules based on validations defined in Sequelize model. Else, what would be the best approach to handle this?
Have you checked out joi-sequelize ?
This question is too old however this answer maybe helpful for those newbies who are learning the language or maybe started working with sequelize
Sequelize provides validation by default. You can look into the docs
Sequelize Validation docs
However if you want to provide your own custom validators with custom "pretty" messages. You can always use the
#hapi/joi
package the "normal" way. joi-sequelize or sequelize-joi are not required just to provide custom error message.(period)
function validateData(datas) {
const schema = Joi.object({
user_name: Joi.string().min(3).required(),
user_address: Joi.string().required()
});
return schema.validate(datas);
}
and then validate the data using
const { error } = validateData(req.body);
which catches if any properties fails the validation.
Is there some middleware function to validate all entries in forms for node js and express js?
I want to check for special characteres and i don't want to validade each form field at each time.
Thanks!
The express-validator could be a good fit. It is built upon validator.js, a popular validation library.
The express-validator is also frequently updated.
1. Set up and init
expressValidator = require('express-validator');
app.use(expressValidator([options]));
see available options
2. Configure the validation
req.checkBody('postparam', 'Invalid postparam').notEmpty().isInt();
req.checkParams('urlparam', 'Invalid urlparam').isAlpha();
req.checkQuery('getparam', 'Invalid getparam').isInt();
I would like to return localized Strings for multilanguage business objects in our RestFul API based on node.js, restify and mongoose. I have the requirement to store the translated resources on our translation resource server, but also need to support dynamic creation of those business objects.
I found a solution to easily plugin the i18n process in the POST/PUT calls using a single pre-'save' mongoose middleware on all Schema, when creating or updating my multi-languate business objects - this works because I am able to pass the request context to the obj.save(req, callback) call.
But, I am struggling to plug in the i18n on simple GETs. I thought of and tried different ways where I can plugin the i18n before returning the response, but don't really find a good way. Options I thought of:
translate in a mongoose middleware pre /post ('init'):
Problem: I don't have access to the request context, and therefore
don't know the locale to return, so I cannot translate there.
translate in the toObject() / toJSON {transform: }:
Same issue - i don't have the request context in these hooks.
translate in the handler/controller methods for each ressource.
Problem: Duplication, I have to do it everywhere, I would really prefer a solution I can define on the model/Schema layer
translate in a restify / express middleware towards the end:
Problem: I don't have access to the mongoose schema metainformation anymore, so I don't know which attriutes to translate.
Edit: just found this additional way:
- translate in a custom restify responseFormatter:
This seems to work nicely, in the reponseformatter I have access to everything I need. It kind of seems a little weird from an architechtural point of view, but if nobody has a better idea, I will add this as an answer.
Maybe (hopefully) I am missing something obvious...
thanks for any hints
Does it make sense to develop a rest service with node.js backed with mongodb? Is there a framework to make this easy like express?
Thanks.
Why can't you use express? It implements all CRUD methods through:
app.get(...);
app.post(...);
app.put(...);
app.del(...);
In these function calls you can handle your mongodb queries and send JSON objects back to the client, if appropriate.
I hope I could help! :)
Like graydsl said express allready supports these verbs. To parse JSON you would just use JSON.parse and to stringify you would use JSON.stringify. I would use Mongoose to talk to mongodb. Also to help you write clean code I would practice TDD/BDD using mocha. Finally I think you should have a look at underscore, async and superagent.