A Clean Approach to Using Express Validator
Express validator is one of the many npm packages for validating a request an express application.
I recently used express validator in a project and stumbled upon a few challenges which I'm going to share in this article.
Note: This article assumes that the reader already has an express project and only wants to implement validation using
express validator. Hence, some details may be skipped.
When you visit the express validator docs, you'd notice the way the validator was used in the examples as shown in the snippet below:
// ...rest of the initial code omitted for simplicity. const { check, validationResult } = require('express-validator') app.post( '/user', [ // username must be an email check('username').isEmail(), // password must be at least 5 chars long check('password').isLength({ min: 5 }), ], (req, res) => { // Finds the validation errors in this request and wraps them in an object with handy functions const errors = validationResult(req) if (!errors.isEmpty()) { return res.status(422).json({ errors: errors.array() }) } User.create({ username: req.body.username, password: req.body.password, }).then(user => res.json(user)) } )
Looking at the snippet above, you'd notice that the validation is tightly coupled to the route definition. That pattern may be okay for a very simple use case but when usage scales, it'd be difficult for the codebase to be maintained and also it makes the route definition not readable.
In this article, I'll be showing how the validation above can be made more readable and easier to maintain.
Step 1
Create a file named validator.js
Inside the validator.js, we are going to add two functions, one of the functions will hold the validation rules, while the second will contain the function the does the actual validation.
Copy the snippet below into the validator.js
const { body, validationResult } = require('express-validator')
const userValidationRules = () => {
return [
// username must be an email
body('username').isEmail(),
// password must be at least 5 chars long
body('password').isLength({ min: 5 }),
]
}
const validate = (req, res, next) => {
const errors = validationResult(req)
if (errors.isEmpty()) {
return next()
}
const extractedErrors = []
errors.array().map(err => extractedErrors.push({ [err.param]: err.msg }))
return res.status(422).json({
errors: extractedErrors,
})
}
module.exports = {
userValidationRules,
validate,
}
Step 2
Now re-writing the initial snippet above, we'd have:
const { userValidationRules, validate } = require('./validator.js')
app.post('/user', userValidationRules(), validate, (req, res) => {
User.create({
username: req.body.username,
password: req.body.password,
}).then(user => res.json(user))
})
Now if you try to register a user without meeting the specification for the user data, the validation error response would look like shown below:
{
"errors": [
{
"username": "username must be an email"
},
{
"password": "password must be at least 5 chars long"
},
]
}
Conclusion
With this method in place, you can define the validation rules for each route or module in a separate file as you may deem fit and then chain it with the validate middleware. That way the code looks much cleaner, easier to read and easier to maintain.
This article has a lot of assumptions and hence some details were skipped. However, if you do have any question, feel free to reach out to me.
You can read more about express validator on the official documentation website
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· Manus爆火,是硬核还是营销?
· 一文读懂知识蒸馏
· 终于写完轮子一部分:tcp代理 了,记录一下