5. Input Validation
1. Input Validation Using Joi
Section titled “1. Input Validation Using Joi”Joi a powerful validation library that helps ensure incoming request data is correct and safe before using it.
1.1 🔍 What is Joi?
Section titled “1.1 🔍 What is Joi?”Joi is an object schema description language and validator for JavaScript objects. It’s commonly used with Express to validate req.body, req.query, or req.params.
✅ Install Joi
Section titled “✅ Install Joi”npm install joi1.2 ✨ Basic Usage Example
Section titled “1.2 ✨ Basic Usage Example”Let’s validate a POST request where a user submits their name and age.
const express = require('express');const Joi = require('joi');
const app = express();app.use(express.json()); // Required to parse JSON bodies
// Define schemaconst userSchema = Joi.object({ name: Joi.string().min(3).required(), age: Joi.number().integer().min(0).required()});
// Routeapp.post('/user', (req, res) => { const { error, value } = userSchema.validate(req.body);
if (error) { return res.status(400).json({ error: error.details[0].message }); }
res.send(`User ${value.name} is ${value.age} years old`);});
app.listen(3000, () => console.log('Server running on port 3000'));🧪 Example Requests
Section titled “🧪 Example Requests”✅ Valid Input
Section titled “✅ Valid Input”POST /user{ "name": "Alice", "age": 30}Response: User Alice is 30 years old
❌ Invalid Input
Section titled “❌ Invalid Input”POST /user{ "name": "A", "age": "not-a-number"}Response: 400 Bad Request — "name" length must be at least 3 characters long
1.3 💡 Validating req.params, req.query, etc.
Section titled “1.3 💡 Validating req.params, req.query, etc.”You can also validate route parameters and query strings:
app.get('/search', (req, res) => { const schema = Joi.object({ q: Joi.string().required(), page: Joi.number().integer().min(1).default(1) });
const { error, value } = schema.validate(req.query); if (error) return res.status(400).send(error.details[0].message);
res.send(`Searching for ${value.q} on page ${value.page}`);});1.4 🧱 Middleware-based Validation
Section titled “1.4 🧱 Middleware-based Validation”To avoid repeating validation code in every route, use a reusable middleware function:
function validateBody(schema) { return (req, res, next) => { const { error } = schema.validate(req.body); if (error) return res.status(400).send(error.details[0].message); next(); };}
// Usageapp.post('/register', validateBody(Joi.object({ email: Joi.string().email().required(), password: Joi.string().min(6).required()})), (req, res) => { res.send('User registered!');});🛠 Extra Features
Section titled “🛠 Extra Features”.required()– field must be provided.min(n)/.max(n)– value or string length.email()– must be a valid email.pattern(/regex/)– match regex.default()– use default value if missing
1.5 📦 Summary
Section titled “1.5 📦 Summary”| Feature | Code Example |
|---|---|
| Schema definition | Joi.object({...}) |
| Validation | schema.validate(data) |
| Error handling | error.details[0].message |
| Middleware | validateBody(schema) |
| Query validation | schema.validate(req.query) |
| Param validation | schema.validate(req.params) |