id: custom-validators-sanitizers
Although express-validator offers plenty of handy validators and sanitizers through its underlying dependency validator.js, it doesn't always suffices when building your application.
For these cases, you may consider writing a custom validator or a custom sanitizer.
A custom validator may be implemented by using the chain method .custom()
.
It takes a validator function.
Custom validators may return Promises to indicate an async validation (which will be awaited upon),
or throw
any value/reject a promise to use a custom error message.
const { body } = require('express-validator/check');
app.post('/user', body('email').custom(value => {
return User.findUserByEmail(value).then(user => {
if (user) {
return Promise.reject('E-mail already in use');
}
});
}), (req, res) => {
// Handle the request
});
const { body } = require('express-validator/check');
app.post('/user', body('passwordConfirmation').custom((value, { req }) => {
if (value !== req.body.password) {
throw new Error('Password confirmation does not match password');
}
}), (req, res) => {
// Handle the request
});
Custom sanitizers can be implemented by using the method .customSanitizer()
, no matter if
the validation chain one or
the sanitization chain one.
Just like with the validators, you specify the sanitizer function, which must be synchronous at the
moment.
const { sanitizeParam } = require('express-validator/filter');
app.post('/object/:id', sanitizeParam('id').customSanitizer(value => {
return ObjectId(value);
}), (req, res) => {
// Handle the request
});