How to integrate client request validation

[rabota-alexey]

How can I implement express-validator library for client request validation (json)?

In express I used like:
[app.js]
app.use(expressValidator());

[routes/auth.js]
router.post('/login', controller.validate('login'), controller.login);

[controllers/auth.js]

export function validate(method) {
  switch (method) {
    case 'login':
    {
      return [
        // username must be an email
        check.check('username')
          .trim()
          .not().isEmpty({
            ignore_whitespace: true,
          })
          .isEmail()
          .normalizeEmail()
          .withMessage('Must be a valid email'),
      ];
    }
    default:
    {
      return [];
    }
  }
}

[hacksparrow]

express-validator's functionality is implemented as a series of middleware, not sure how we'd fit that in LB4. Taking a look.

@bajtos thoughts?

[adesege]

Joi is another option. How can Joi be used with LB4? @hacksparrow

[hacksparrow]

Thanks for the input @adesege, we are taking a looking at how to most optimally use these object validation libraries with LB4.

[bajtos]

1. We use JSON Schema based validation, the subset supported be OpenAPI. Developers should describe their parameters via OpenAPI and LoopBack will take care of rest. That's the idea. In practice, we validate only request bodies at the moment, see Validate parameter values against their schema #1573 for the story covering parameter validation. We do want to validate parameters too, but haven't had bandwidth to implement that change.

2. It is not possible to use arbitrary Express middleware with LB4 yet. Design-wise, middleware goes against the philosophy of LB4, where request processing is described via Sequence actions. Having said that, we are aware that it will take some time until we have enough LB4-specific functionality to replace Express middleware. Also allowing Express middleware in LB4 routes would make the migration from Express to LB4 easier. I think the issue Validate parameter values against their schema #1573 is pretty much covering the pattern described above, where a custom middleware is configured for each route. See also Allow app developers to configure custom Express middleware #1293 and Tutorial/Blog: how to mount LB app as Express/Koa middleware #1982.

[adesege]

Hi @bajtos and @hacksparrow , thank you for the response. Can you help with an example of how to use OpenApi for request validation? I have tried looking into the documentation but couldn't find any. Thanks

[jannyHou]

@adesege You can find some example in our document regarding validation: https://loopback.io/doc/en/lb4/Parsing-requests.html#validation

[adesege]

Thanks for the share @jannyHou

[rabota-alexey]

I discovered that partially checking is handled on type and required fields of a model in @Property decorator. But more deep validation (for example length or format) is not supported out of the box.

I think the alternative now is hapijs joi