Enforce request body match validation schema

[erakis]

@fedeci

How to make sure the schema of the body is exactly of this form.

{
    'name': ...
    'description': ...
}

I mean if the body contains other fields than these (name, description), then I want to signal them by raising an exception.

Ex:

{
    'name': 'Bob'
    'description': 'Card player'
    'age' : 54
}

In this case, the validation should fail because the field age is not part of the wanted schema.

Obviously, it's possible to create a custom task, but it would be a great asset to have this functionality in express-validator. Some kind of matchSchema(true)?

Duplicate of #1101 (comment) but this issue has been closed.

[tonysamperi]

If you only care about the first level it's enough to use a custom validator

const mySchema = {foo: "string"}
body().custom(reqBody => {
    let error;
    Object.entries(reqBody).forEach(([key, type]) => {
        mySchema.hasOwnProperty(key) || (error = key);

        return !error; 
    });

    return error ? Promise.reject(`Unknown field "${error}"`) : Promise.resolve();
});

This is very basic, you can also validate the types here at the same time.
if you want deep validation you can refactor this using some recursion.

Cheers.

[erakis]

If you only care about the first level it's enough to use a custom validator

const mySchema = {foo: "string"}
body().custom(reqBody => {
    let error;
    Object.entries(reqBody).forEach(([key, type]) => {
        mySchema.hasOwnProperty(key) || (error = key);

        return !error; 
    });

    return error ? Promise.reject(`Unknown field "${error}"`) : Promise.resolve();
});

This is very basic, you can also validate the types here at the same time. if you want deep validation you can refactor this using some recursion.

Cheers.

Thank you @tonysamperi but I would like to deep validate and ideally be integrated with express-validator ;)

[tonysamperi]

@erakis That's integrated! You can chain that validation with all the others...
As per deep validation, as I said, you just do some refactor using recursion...
Here in Italy we say "Non esiste la pappa pronta", which means you can't find exactly what you need nice and ready to use :)
Cheers

[fedeci]

Here in Italy we say "Non esiste la pappa pronta", which means you can't find exactly what you need nice and ready to use :)

I agree with you that tweaking and learning to use the library a little bit exposes some powerful functionalities to users. What is probably not 100 percent accurate is documentation because it tends to only explain high level features (which in the end are the scope of this library). I'll see if I will finally be able to work on v7 along with docs updates this summer🤞

[tonysamperi]

Here in Italy we say "Non esiste la pappa pronta", which means you can't find exactly what you need nice and ready to use :)

I agree with you that tweaking and learning to use the library a little bit exposes some powerful functionalities to users. What is probably not 100 percent accurate is documentation because it tends to only explain high level features (which in the end are the scope of this library). I'll see if I will finally be able to work on v7 along with docs updates this summer🤞

Cool. Although after all it wouldn't be bad having a ready validation to check request properties, for example with an option to ignore or block additional properties...
What if I had 10 minutes? Would it be worth a pull-request? 😁

[fedeci]

It would, just be sure to open and develop it against the v7-features branch!

[gustavohenke]

Going to be addressed in v7 (see #1204)

[gustavohenke]

Hi hi, https://github.com/express-validator/express-validator/releases/tag/v7.0.0 is out with aforementioned fix 🙂