Request Validation0 ## 1. Problem Statement ## **A Day at “BrightFuture University” Admissions** BrightFuture University’s admissions office is flooded with thousands of online applications every year. - Some students submit forms with missing grades or essays. - Others accidentally enter their birthdate as “202” or upload a selfie instead of a transcript. - Occasionally, a student’s application is processed even though their contact info is incomplete, making it impossible to send them an offer letter. - Sometimes, students are rejected for “missing documents” when they actually uploaded everything, but the system failed to check properly. **The challenge:** How do you ensure that every application is complete, accurate, and checked for mistakes before it’s processed-so no deserving student is lost, and no time is wasted on incomplete forms? ## 2. Learning Objectives By the end of this lesson, you’ll be able to: - Understand the importance of request validation for data quality and fairness. - Use `express-validator` or `class-validator` to enforce rules on incoming data. - Provide clear, actionable feedback to users when their input is invalid. - Prevent downstream errors and confusion by catching mistakes early. ## 3. Concept Introduction with Analogy ## **Analogy: The University Admissions Desk** Imagine a real admissions desk: - Every application is checked by a staff member before it goes to the review committee. - If a transcript is missing, the staff immediately asks the student to provide it-no application moves forward until all requirements are met. - If a student writes their name in the “essay” field, the staff gently points out the mistake and helps them fix it. - Only complete, correct applications reach the decision-makers, ensuring a fair and efficient process. Request validation in software is like this admissions desk: it ensures that every submission is checked for completeness and correctness before it enters the system. **A. Why Validate Requests?** - **Garbage In, Garbage Out:** If you accept bad data, your system will produce bad results. - **User Experience:** Clear feedback helps users fix mistakes quickly. - **Security:** Prevents malicious or malformed data from causing issues. - **Efficiency:** Saves time by catching errors before they reach deeper parts of the system. **B. Validation with `express-validator` (Declarative, Middleware-Based)** - Middleware approach: validation runs before your main logic. - Each rule checks a specific field and fails fast if something’s wrong. **C. Validation with `class-validator` (Decorator-Based, TypeScript/OOP Friendly)** - Uses decorators on classes to define rules. - Great for projects using TypeScript and classes. ## 5. Step-by-Step Data Modeling & Code Walkthrough Let’s walk through how “BrightFuture University” ensures every application is perfect before it’s reviewed: ## **A. Designing the Application Data Structure** Picture the chaos if applications were still paper forms: some missing essays, some with unreadable birthdates, and some with no contact info. To fix this, the university creates a clear digital structure for every application-so nothing is forgotten, and every reviewer knows exactly what to expect. ```typescript interface Application { name: string; email: string; birthdate: string; grades: number[]; essay: string; recommendationLetter: string; // URL to a file } ``` **Explanation:** - Every application must have a name, email, birthdate, grades, essay, and a link to a recommendation letter. - By making these fields required, the system ensures no application is missing crucial details. ## **B. Setting Up Validation Rules** Imagine the admissions staff with a checklist for every application: - Is the name filled in? - Is the email valid? - Is the birthdate a real date? - Are there grades for at least one subject? - Is the essay long enough? - Is the recommendation letter a real link? We translate this checklist into code using `express-validator`: ```typescript import { body, validationResult } from "express-validator"; const applicationValidation = [ body("name") .isString() .notEmpty() .withMessage("Name is required"), body("email") .isEmail() .withMessage("Valid email is required"), body("birthdate") .isISO8601() .withMessage("Birthdate must be a valid date (YYYY-MM-DD)"), body("grades") .isArray({ min: 1 }) .withMessage("At least one grade is required"), body("grades.*") .isNumeric() .withMessage("All grades must be numbers"), body("essay") .isLength({ min: 100 }) .withMessage("Essay must be at least 100 characters"), body("recommendationLetter") .isURL() .withMessage("A valid recommendation letter link is required"), ]; ```typescript **Explanation:** - Each rule matches a real admissions requirement. - If any rule fails, the application is rejected with a specific message. **C. Implementing the Route Handler** Just like a staff member checking each application, our route handler reviews the checklist and gives instant feedback if anything is missing or wrong. ```typescript app.post("/apply", applicationValidation, (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) { // Return all validation errors return res.status(400).json({ errors: errors.array() }); } // If we reach here, the application is valid! res.json({ status: "Application received!" }); }); ``` **Explanation:** - `validationResult(req)` collects any problems found by the validation rules. - If there are errors, the applicant gets a full list of what to fix-no more guessing. - Only applications that pass every check are accepted for review. **D. How This Solves the University’s Problems** - **No more missing essays or grades:** The system blocks incomplete applications. - **No more invalid emails or birthdates:** Only real, usable contact info is accepted. - **No more lost students:** Every valid applicant gets a fair chance, and no one is rejected due to a system oversight. - **Clear, actionable feedback:** Students know exactly what to fix, reducing frustration and support requests. ## **E. Visualizing the Validation Flow** text `[Student submits application] ↓ [Validation Middleware: Checks every field] ↓ [If errors: Respond with all problems] ↓ [If valid: Application accepted for review]` **Example error response:** ```json { "errors": [ { "msg": "Valid email is required", "param": "email" }, { "msg": "Essay must be at least 100 characters", "param": "essay" } ] } ``` ## 6. Interactive Challenge / Mini-Project **Your Turn!** - Add a validation rule that requires a “portfolioLink” field to be a valid URL (for art applicants). - If missing or invalid, return an error message: “A valid portfolio link is required for art applicants.” ## 7. Common Pitfalls & Best Practices | Pitfall | Best Practice | |-----------------------------------|------------------------------------------------| | Only checking some fields | Validate every required field | | Returning generic errors | Give specific, actionable feedback | | Validating after business logic | Always validate first | | Not handling arrays or nested data| Use grades.* or nested DTOs | | Ignoring validation errors | Always check and return errors | ## 8. Quick Recap & Key Takeaways - Request validation is your first line of defense for data quality. - Use `express-validator` or `class-validator` to enforce rules. - Always validate before processing. - Give users clear feedback so they can fix mistakes. - A well-validated system is fairer, safer, and more efficient. ## 9. Optional: Programmer’s Workflow Checklist - Define all required fields and their types. - Use validation middleware before any business logic. - Return all validation errors in a friendly format. - Test with missing, invalid, and edge-case data. - Document validation rules for users and staff. ## 10. Coming up next * Learn how to combine validation with authentication and authorization, so only the right people can submit or review applications!