This post is created a year ago, the content may be outdated.

Background

The official document of express-validator gives an example usage:

// ...rest of the initial code omitted for simplicity.
const { check, validationResult } = require('express-validator');

app.post('/user', [
  // username must be an email
  check('username').isEmail(),
  // password must be at least 5 chars long
  check('password').isLength({ min: 5 })
], (req, res) => {
  // Finds the validation errors in this request and wraps them in an object with handy functions
  const errors = validationResult(req);
  if (!errors.isEmpty()) {
    return res.status(422).json({ errors: errors.array() });
  }

  User.create({
    username: req.body.username,
    password: req.body.password
  }).then(user => res.json(user));
});

All the rules of a path are written as middleware, which coupled tightly with the router. This pattern may be fine for simple use case, but will make the maintenance difficult for a complex project.

In this article, I am going to use one module validation.js file to hold validation rules etc. and present the function as a middleware.

All in validation.js

import expressValidator from "express-validator";
import pathToRegexp from "path-to-regexp";

const validateBody = expressValidator.body;
const validateParam = expressValidator.param;
const validateQuery = expressValidator.query;
const validationResult = expressValidator.validationResult;

const validateRules = [
    {
        path: "/oauth/token",
        method: "POST",
        mw: [
            validateBody("grant_type").equals("password").withMessage("must be 'password'"),
            validateBody("username").isAlphanumeric().isLength({max: 320}).withMessage("must be alphanumeric string length < 320"),
            validateBody("password").isMD5().withMessage("must be MD5"),
            validateBody("scope").isIn(["admin", "user"]).withMessage("must be one of 'admin', 'user'")
        ]
    },
    {
        path: "/oauth/refresh",
        method: "POST",
        mw: [
            validateBody("grant_type").equals("refresh_token").withMessage("must be 'refresh_token'"),
            validateBody("refresh_token").isJWT().withMessage("must be JWT")
        ]
    },
    {
        path: "/user/:id",
        method: "POST",
        mw: [
            validateBody("content").isJSON().withMessage("must be object")
        ]
    }
];

const validate = async (req, res, next) => {
    const path = req.path,
        method = req.method;
    const validateRule = validateRules.find(x => {
        if (x.method !== method) return false;
        const regexp = pathToRegexp.pathToRegexp(x.path);
        return regexp.test(path);
    });
    if (!validateRule) return next();
    try {
        for (const func of validateRule.mw) {
            await func(req, res, () => void 0);
        }
    } catch (e) {
        return next(e);
    }
    const formatter = ({location, msg, param, value, nestedErrors}) => {
        return `[${location}]${param}: ${msg}`;
    };
    const errors = validationResult(req).formatWith(formatter);
    if (!errors.isEmpty()) {
        res.status(400).json({
            status: 400,
            msg: errors.array({onlyFirstError: true})[0]
        });
    } else {
        return next();
    }
};

export default validate;

Use validator as middleware in router.js

Use for individual router:

import validate from "./validation.js";

// ... rest of the code is omitted for simplicity
router.post("/oauth/token", [validate], async (req, res, next) => {
    try {
        await core.signJwt(req, res);
    } catch (e) {
        return next(e);
    }
});

Or use for all path:

import validate from "./validation.js";

// ... rest of the code is omitted for simplicity
app.use(validate);

EOF

Author: Nobody

License: CC BY-NC-SA 4.0

Link: https://asdasd.page/2020/Express-validator-in-Separate-File/