Express.js simple json validation

Bored of checking incoming JSON data from clients? Try with a middleware and typeguards!

About 4 minutes length

BlogExpress.js simple json validation

If you ever wrote an application using express, you surely have faced the problem of how to handle the request body validation.

In brief, I'll show you how I validate incoming JSON data in a very simple way.

First, install tiinvo

Secondly, create both a typeguard and a factory for your incoming data type.

import { implementing, isstring } from 'tiinvo';
export interface User {
username: string;
password: string;
}
//#region typeguards
export const isUser = implementing<User>({
username: isstring,
password: isstring,
})
//#endregion
//#region factories
export const create = (partial: Partial<User> = {}): User => ({
username: partial.username ?? ``,
password: partial.password ?? ``,
})
//#endregion

Thirdly, create a validation middleware for express.js

import type { Handler } from 'express';
import { Typeguard, str, predicate, pipe } from 'tiinvo';
const ispostmethod = pipe(str.lowercase, predicate.withsamevalue(`post`))
const ispatchmethod = pipe(str.lowercase, predicate.withsamevalue(`patch`))
const ismethodallowed = predicate.or(ispostmethod, ispatchmethod)
export const withtype = <t>(
typeguard: Typeguard<t>,
typename: string = typeguard.name.replace(`is`, ``)
): Handler => {
return (req, res, next) => {
if (!ismethodallowed(req.method)) {
return res.status(406).json({ error: `method not acceptable` })
}
if (typeguard(req.body)) {
return next();
} else {
return res.status(400).json({ error: `not a valid ${typename}` })
}
}
}

Then use the middleware for each route you need to guard

import { Router } from 'express';
import { withtype } from './withtype';
import * as TUser from './User.ts';
export const user = Router();
user.post('/user', withtype(TUser.isUser, 'User'), (req, res) => {
const usr = TUser.create(req.body);
res.status(200).json({ hello: usr.username })
});

If you try to call that endpoint with a valid User type, it will respond properly.

Also, you made data validation a breeze.


Other blog posts: