Blueprint
  • Blueprint Developer Guide
  • Quick Start
    • Getting Started
    • My First Application
      • Creating Your Application
      • Controllers
      • Routers & Routes
      • Services
      • Resources & Resource Controllers
      • Validating & Sanitizing Input
      • Unit Testing Your Application
      • Policies
  • Developer Guide
    • The Object Model
      • Introduction
      • Classes and Instances
      • Computed Properties
      • Aggregated Properties
      • Mixins
    • Routers and Controllers
      • Introduction
      • Routers
      • Controllers
      • Resources
    • Models
    • The Server
    • Policy Framework
    • Services
    • Messaging Framework
    • Configuration Management
    • Application and Resources
      • Lookup Operation
      • Views
      • Assets
    • Blueprint Modules
    • Blueprint Cluster
      • What is a Blueprint Cluster?
      • Running a Blueprint Cluster
      • Technical Details
    • Testing Framework
    • Command-line Interface (Coming Soon)
Powered by GitBook
On this page
  1. Quick Start
  2. My First Application

Validating & Sanitizing Input

PreviousResources & Resource ControllersNextUnit Testing Your Application

Last updated 7 years ago

One of the most important lesson you learn with implementing API service is that you never trust the input your receive. You must validate the input, which means check that the input passes constraints, and sanitize the input, which means converting it from a text-based value to its concrete representation, such as a Date or a String.

Blueprint facilitates validating and sanitizing the input on the controller action. The controller action has the option of using the schema property to perform static validation. The value of the schema property is a . You can also use the validate() method, which is used to perform dynamic and asynchronous validation.

In our super-rentals example, we only need to validate the id parameter for getOne(), update(), and delete(). The schema for each method will be the same so we are only going to show the schema for the getOne() method.

app/controllers/rental.js
module.exports = ResourceController.extend ({
  // ...
  
  getOne () {
    return Action.extend ({
      // express-validator schema
      schema: {
        [this.id]: {
          in: 'params',
          optional: false,
        }
      },
  
      execute (req, res) {
        const { rentalId } = req.params;
        const rental = this.controller.rentals.get (rentalId);
  
        if (rental) {
          res.status (200).json ({ data: [rental] });
        }
        else {
          res.sendStatus (404);
        }
      }
    })
  }
});  

schema definition from express-validator