koa-joiful-validation
v1.1.0
Published
Simple, opinionated request validation middleware for koa-router.
Downloads
4
Maintainers
Readme
koa-joiful-validation
Simple, opinionated request validation middleware for koa-router.
This module currently supports Koa 1 only.
Example
const Joi = require('joi');
const router = require('koa-router')();
const validate = require('koa-joiful-validation');
router.get('/posts', validate({
query: {
offset: Joi.number().integer().positive().default(0).optional()
limit: Joi.number().integer().positive().default(100).optional()
},
body: { /* ... */ }, // for the request body
params: { /* ... */ }, // for route parameters
}), function* () {
// your code here
this.request.query // contains the original, unmodified query
this.state.query // the modified query with defaults applied, etc.
});
Why is the result assigned to this.state
?
Koa's request
wrapper object automatically serializes all values assigned to its query
property. This means that its values can not actually be coerced to other types, e.g. to numbers or booleans. To resolve this the modified data (conversions and defaults applied) are assigned to this.state.body
, this.state.query
and this.state.params
instead.
Installation
Install as usual:
npm install --save koa-joiful-validation
Please note that this module has Joi as a peer dependency (practically any version will do).
In order for the request body validation to work correctly you will want to use koa-bodyparser.
Opinions
This module is quite opinionated. If it doesn't suit your needs, feel free to open an issue, create a pull request or just fork the project. In particular, keep the following things in mind:
- If a validation fails, so does the request with a
422 Unprocessable Entity
error. - All parameters are required by default (
presence: 'required'
). - Additional parameters, i.e. parameters not specified in the schemas, are forbidden by default.
- When no schema is given, the empty schema is assumed. This means that
router.post('/', validate(), ...)
will not accept any query, body or url parameters. - By default, query and url parameters are converted (e.g., cast to numbers as necessary), but body parameters are not.
Details
Route Parameters
If you have route parameters, you need to add them to your validation config in order to work:
router.get('/entity/:id', validate(), function* () {
// this won't work because params.id will be rejected
});
So instead, do it like this:
router.get('/entity/:id', validate({
params: {
id: Joi.number().integer().min(1)
}
}), function* () {
// now this.state.params.id is guaranteed to be a positive integer
});
If you do not want to actually validate the parameter, simply use Joi.any()
.
Custom validation functions
You can pass a list of custom validation functions as a second parameter:
router.get('/equalsTen', validate({
x: Joi.number(),
y: Joi.number()
}, [
function () {
// 'this' is the regular koa context
const { x, y } = this.state.params;
if (x + y !== 10) {
// Joi already converted the parameters from strings to numbers
return 'x plus y must equal ten!';
}
}
]), function* () {
// ...
});
These functions are run in sequence after the schema validations (and only if those succeed). If a function returns a string, that validation is considered to have failed and the string becomes the error message. Any other return value is interpreted as a success.
The functions are executed in the same context as the middleware itself so you have access to this.request
, this.state
etc.
If your validation is asynchronous, simply use a generator:
router.get('/:id', validate({
params: { id: Joi.number() }
}, [
function* () {
const entity = yield this.db.findOne(this.state.params.id);
return entity.isSpecial ? 'too special!' : entity;
}
]), function* () {
// ...
});
Please note that throwing an error from a validation function will abort the request with a 500 Internal Server Error
.
Auto-wrapping
The values given in the configuration object are automatically passed to Joi.object().keys()
if they are not already Joi schemas. In other words, the following two statements are equivalent:
validate({ query: { x: Joi.number() } });
validate({ query: Joi.object().keys({ x: Joi.number() }) });