Loopback-next: How to integrate client request validation

Created on 11 Feb 2019  路  8Comments  路  Source: strongloop/loopback-next

How can I implement express-validator library for client request validation (json)?

In express I used like:
[app.js]
app.use(expressValidator());

[routes/auth.js]
router.post('/login', controller.validate('login'), controller.login);

[controllers/auth.js]

export function validate(method) {
  switch (method) {
    case 'login':
    {
      return [
        // username must be an email
        check.check('username')
          .trim()
          .not().isEmpty({
            ignore_whitespace: true,
          })
          .isEmail()
          .normalizeEmail()
          .withMessage('Must be a valid email'),
      ];
    }
    default:
    {
      return [];
    }
  }
}
Validation question
Source
picture rabota-alexey

Most helpful comment

Joi is another option. How can Joi be used with LB4? @hacksparrow

picture adesege on 12 Feb 2019
👍2

All 8 comments

express-validator's functionality is implemented as a series of middleware, not sure how we'd fit that in LB4. Taking a look.

@bajtos thoughts?

hacksparrow picture hacksparrow on 11 Feb 2019

Joi is another option. How can Joi be used with LB4? @hacksparrow

adesege picture adesege on 12 Feb 2019
👍2

Thanks for the input @adesege, we are taking a looking at how to most optimally use these object validation libraries with LB4.

hacksparrow picture hacksparrow on 12 Feb 2019

  1. We use JSON Schema based validation, the subset supported be OpenAPI. Developers should describe their parameters via OpenAPI and LoopBack will take care of rest. That's the idea. In practice, we validate only request bodies at the moment, see https://github.com/strongloop/loopback-next/issues/1573 for the story covering parameter validation. We do want to validate parameters too, but haven't had bandwidth to implement that change.

  2. It is not possible to use arbitrary Express middleware with LB4 yet. Design-wise, middleware goes against the philosophy of LB4, where request processing is described via Sequence actions. Having said that, we are aware that it will take some time until we have enough LB4-specific functionality to replace Express middleware. Also allowing Express middleware in LB4 routes would make the migration from Express to LB4 easier. I think the issue https://github.com/strongloop/loopback-next/issues/1573 is pretty much covering the pattern described above, where a custom middleware is configured for each route. See also #1293 and #1982.

bajtos picture bajtos on 12 Feb 2019

Hi @bajtos and @hacksparrow , thank you for the response. Can you help with an example of how to use OpenApi for request validation? I have tried looking into the documentation but couldn't find any. Thanks

adesege picture adesege on 12 Feb 2019

@adesege You can find some example in our document regarding validation: https://loopback.io/doc/en/lb4/Parsing-requests.html#validation

jannyHou picture jannyHou on 13 Feb 2019
👍1

Thanks for the share @jannyHou

adesege picture adesege on 13 Feb 2019

I discovered that partially checking is handled on type and required fields of a model in @property decorator. But more deep validation (for example length or format) is not supported out of the box.

I think the alternative now is hapijs joi

rabota-alexey picture rabota-alexey on 14 Feb 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

acrodrig picture acrodrig  路  3Comments
HamzaMansouri7 picture HamzaMansouri7  路  3Comments
mhdawson picture mhdawson  路  3Comments
shahulhameedp picture shahulhameedp  路  3Comments
marioestradarosa picture marioestradarosa  路  3Comments