Blueprint
Blueprint Developer Guide
Quick Start
Getting Started
My First Application
Creating Your Application
Controllers
Routers & Routes
Services
Resources & Resource Controllers
Validating & Sanitizing Input
Developer Guide
Powered by GitBook
Have an account? Sign in

Validating & Sanitizing Input

Last updated 9 months ago

One of the most important lesson you learn with implementing API service is that you never trust the input your receive. You must validate the input, which means check that the input passes constraints, and sanitize the input, which means converting it from a text-based value to its concrete representation, such as a Date or a String.

Blueprint facilitates validating and sanitizing the input on the controller action. The controller action has the option of using the schema property to perform static validation. The value of the schema property is a schema definition from express-validator. You can also use the validate() method, which is used to perform dynamic and asynchronous validation.

In our super-rentals example, we only need to validate the id parameter for getOne(), update(), and delete(). The schema for each method will be the same so we are only going to show the schema for the getOne() method.

app/controllers/rental.js
module.exports = ResourceController.extend ({
  // ...
  
  getOne () {
    return Action.extend ({
      // express-validator schema
      schema: {
        [this.id]: {
          in: 'params',
          optional: false,
        }
      },
  
      execute (req, res) {
        const { rentalId } = req.params;
        const rental = this.controller.rentals.get (rentalId);
  
        if (rental) {
          res.status (200).json ({ data: [rental] });
        }
        else {
          res.sendStatus (404);
        }
      }
    })
  }
});

Previous
Resources & Resource Controllers
Next
Developer Guide