feature-schema-validation.md 2.1 KB


id: schema-validation

title: Schema Validation

Schemas are a special, object-based way of defining validations or sanitizations on requests.
At the root-level, you specify field paths as keys, and objects as values -- which define the error messages, locations and validations/sanitizations.

Its syntax looks like this:

const { checkSchema } = require('express-validator');
app.put(
  '/user/:id/password',
  checkSchema({
    id: {
      // The location of the field, can be one or more of body, cookies, headers, params or query.
      // If omitted, all request locations will be checked
      in: ['params', 'query'],
      errorMessage: 'ID is wrong',
      isInt: true,
      // Sanitizers can go here as well
      toInt: true,
    },
    myCustomField: {
      // Custom validators
      custom: {
        options: (value, { req, location, path }) => {
          return value + req.body.foo + location + path;
        },
      },
      // and sanitizers
      customSanitizer: {
        options: (value, { req, location, path }) => {
          let sanitizedValue;

          if (req.body.foo && location && path) {
            sanitizedValue = parseInt(value);
          } else {
            sanitizedValue = 0;
          }

          return sanitizedValue;
        },
      },
    },
    password: {
      isLength: {
        errorMessage: 'Password should be at least 7 chars long',
        // Multiple options would be expressed as an array
        options: { min: 7 },
      },
    },
    firstName: {
      isUppercase: {
        // To negate a validator
        negated: true,
      },
      rtrim: {
        // Options as an array
        options: [[' ', '-']],
      },
    },
    // Support bail functionality in schemas
    email: {
      isEmail: {
        bail: true,
      },
    },
    // Wildcards/dots for nested fields work as well
    'addresses.*.postalCode': {
      // Make this field optional when undefined or null
      optional: { options: { nullable: true } },
      isPostalCode: true,
    },
  }),
  (req, res, next) => {
    // handle the request as usual
  },
);