javascript - where to validate user input on the server side? -
I understand that web development user input should be valid on client and server side.
I find it hard to figure out where to validate the input on the server side. For example, after request, it passes through the middleware and goes to the controllers, in the controllers I have other modules that take input and finally reach their destination and then answer.
Inputers should be fully inputed so that they are put into other modules, as expected? Or should I check the input in these modules that take input? Or should I check the "upheaval" of the input in the controllers (basic primitive type, etc.) and in the module professional logic check should protect itself (value is positive, negative, etc.)?
Example Code:
Controller. Js
var mashUp = Required ('./mashupService'); Var create = function (req, res) {var user = req.body.user; Var imageName = req.body.imageName; Var description = req.body.description; // More recognition here? If (! User) {return APRIPSpoint (Reik, Res, New Error ('No User')); } And if (the name of the image) {return APRIPSpoint (Reich, Race, New Error ('no image name')); } And if (! Details) {return APRIPSpoint (Reiki, Race, New Error ('No Details')); }} Return application (request, ridge, etc.), and / or a new error ('mashup error' {I did}};}); }; `Other modules, lbs, etc. '
var user = requirement (' ./model / user '); Function mashup (user, image name, del, callback) {// more verification here? User.find ({user: user}, function (mistake, _user) {// do stuff callback (err, id);}); } Module.exports = mashUp
There is a slight difference when you have different views Validate the data:
Model Validation: When you have a rule that needs to be applied to your data model such as required, minimum, maximum, matching, e.t.c. Or ODM If in most cases any validation fails which will bubble the middleware and you can handle it from there.
You may have the option of setting up custom valietts, if you need to apply more complex arguments.
This is a mogongo example:
var user schema = new schema ({first name: {type: string, trim: true, default: '', validate: [CustomValidator, 'Please fill in your last name'] / custom verifier}, last name: {type: string, trim: right, default: '', validate: [customValidator, 'please fill in your last name'] / custom validator }, DisplayName: {type: string, trim: true}, email: {type: string, trim: true, unique: true, default: '', validate: [customValidator, 'Please fill in your email'], // Custom Validator Match: [/.+\@.+\..+/, ' Ripya enter a valid email address '] // match legalization} Username: {type: string, unique: true, necessary: "Please username fill', // required verifier trim: true}}); Rule Rules This is more applicable to that scenario. Now that you are describing, to control the rules, which may apply to specific circumstances or user history in the system.
I do not recommend controlling the assumptions in the controllers, one thumbs up rule is to make the fat model and thin controller may be that it is Google but randomly I have taken this and raised it.
It is being said that I like to do those assumptions in the middleware before controlling execution.
We make a case for the following matter
While editing an article it validates that the ID belongs to the user who
exports.validateArticle = function (req, res, next) {var userId = req.param ('userId'), articleId = req.param ('articleId'); // TODO: Logic Validation}
Then you hook your middleware before controlling execution like
app. Root ('/ article'). All (rule. Legitimist article). Post (controller. Edit article);
In this way you are not polluting your controllers with a group of assumptions, you can potentially re-use assumptions from one controller to another.
A side note verification is done for the client-side user experience but does not rely on these as a valid verifier for your system.
Here only my two cents, I hope that helps.
Cheers!
Comments
Post a Comment