API Design in Node.js, v5

Parameter & Query Validators

Scott Moss
Netflix
API Design in Node.js, v5

Lesson Description

The "Parameter & Query Validators" Lesson is part of the full, API Design in Node.js, v5 course featured in this preview video. Here's what you'd learn in this lesson:

Scott explains validating URL parameters and queries in Express, noting they are always strings. He also suggests using UUIDs over incremental IDs and differentiates local, global, and route-level middleware.

Preview
Close

Transcript from the "Parameter & Query Validators" Lesson

[00:00:00]
>> Scott Moss: That's the validate schema. Validate perams and validate, Query are quite literally the same thing and the only reason I didn't just combine them into one function. So that you can just see them 3 different times, but we could have just combined them into one function and changed just one line, it would have been just fine, but I want you to see them 3 times I'm just gonna copy that one and paste it and change it from Validate body to let's just, let's see the paras on this one. So Validate forams.

[00:00:20]
So Validate forams. It is quite literally the same thing, except we're not gonna be validating on the request.body, we're gonna be validating on the request. Programs, and instead of doing a wreck.body attachment We're not gonna do that at all. We're not actually going to attach anything here.

[00:00:32]
We're not actually going to attach anything here. The reason why we're not attaching anything here is because parameters are always strings no matter what It's not like, it's not like an object like a payload that we're pushing up on a post request and we can modify fields and do stuff and coerce them. A parameter in a URL is always a string no matter what you do. It's always gonna be a string, so I don't need to.

[00:00:52]
It's always gonna be a string, so I don't need to. Modify anything. Anything in a URL is always a string. You can't escape that fact.

[00:01:06]
You can't escape that fact. It's always gonna be a string. Now you can take a query parameter. And try to parse that out as like JSON to do something and that's what the validate query might do but as far as like a parameter and I'm specifically talking about this part, it's always a string.

[00:01:21]
And try to parse that out as like JSON to do something and that's what the validate query might do but as far as like a parameter and I'm specifically talking about this part, it's always a string. This is why I hate using incremental IDs. In my database because I know at some point I'm gonna be doing a parse in somewhere to get a number from a string in the URL and I hate doing it, so I always just try to use. UUIDs which come with their own problems around indexing speed and stuff like that, stuff that I don't care about, but am aware about.

[00:01:34]
UUIDs which come with their own problems around indexing speed and stuff like that, stuff that I don't care about, but am aware about. So that's Validate for Rams. Validate query. All right, I guess we should just change the change this error message to like Invalid For rams, I guess that would be useful.

[00:01:53]
All right, I guess we should just change the change this error message to like Invalid For rams, I guess that would be useful. Cool. Develoras, whatever you want to put there, and then for the query, quite literally the same thing. Validate.

[00:02:11]
Validate. Query Instead of perams it's gonna do this other called query. We didn't really talk about query, but query is the reason I talk about is it's the same thing you already use and React. It's what you think it is, it's.

[00:02:30]
It's what you think it is, it's. An object with all the query variables on them as keys. That's it literally what it is. And key value, right, so.

[00:02:49]
And key value, right, so. So we'll do the same thing, and then here we will say. Invalid. Query perhaps.

[00:03:05]
Query perhaps. Or whatever you wanna put. Same thing. Great.

[00:03:25]
Great. And now we have these 3 helper middleware functions that we can use, and we can stack these, right? Like, for instance, if I go back to I have it route, I can be like, OK, cool, but before we validate them, or actually let's let me see. Here's a delete.

[00:03:39]
Here's a delete. Let's try to delete, so I can say. Validate. Was it Validates for rams, so let's do that.

[00:04:01]
Was it Validates for rams, so let's do that. And then We could also say like validate, well I guess delete doesn't have a body that's not a good use case. There really isn't like 100 here we go, post this one, this one, this one has both, so this one has. Validate pers cause it has an ID and then it also has like a validate a body because it's a post, so you could do both of those really, so.

[00:04:21]
Validate pers cause it has an ID and then it also has like a validate a body because it's a post, so you could do both of those really, so. For the Paris, the way that would work is basically you would just pass in because paras itself is gonna be an object with the parameters on there as keys right? So the object will have an ID property on it. I'm expecting that to be the case.

[00:04:36]
I'm expecting that to be the case. So what I could do is I can go up here and I can say, cons. Complete. Peram's schema, and I could say Z object.

[00:04:54]
Peram's schema, and I could say Z object. And I could say it's an ID and it's gonna be Z. String. You might even say this is somewhat redundant because Express pretty much guarantees that like if somebody passes something in here, it's gonna be there and it's gonna be a strain.

[00:05:08]
You might even say this is somewhat redundant because Express pretty much guarantees that like if somebody passes something in here, it's gonna be there and it's gonna be a strain. It has to, otherwise this would be a feature no one would ever use, but I think it's still good to use it, in my opinion, so, and also like. Express my guarantee that it's there, but what if I said like there was like a min length or a max length or something like that Express won't do that. So, in our example, it might seem redundant, but if you got more advanced with your.

[00:05:22]
So, in our example, it might seem redundant, but if you got more advanced with your. Validation, then, you know, it's a lot better, so. Validates and then you can just say. Complete RAM schema and then begins passing the other one we did here, which is like.

[00:05:38]
Complete RAM schema and then begins passing the other one we did here, which is like. The create Habit schema, we do that. So if you go back and post, you say habits. We put in an ID here.

[00:05:54]
We put in an ID here. And we put in Complete. Run that and then we get the body one that filled because the ID is there so that didn't fail because Express pretty much guarantees that in this case and then we get to complete but if we wanna get the ID one to fill I can say. Dot Min would be, or I'm sorry, let's say dot Max.

[00:06:11]
Dot Min would be, or I'm sorry, let's say dot Max. That'll be 3. So that's got 4 on it, so I did that and Vance. Cool.

[00:06:35]
Cool. Any questions on creating custom Middleware? And using it. Right, so this is circle back.

[00:06:52]
Right, so this is circle back. We got local, I call this local Middleware as in it's right on the route in which it's. Being used, so literally touching the handler or controller, whatever you wanna call it. We have Global middleware, which sits at the top of the app, literally and symbolically, but it's global.

[00:07:06]
We have Global middleware, which sits at the top of the app, literally and symbolically, but it's global. And then technically, these routes are middleware, they just resolved to other routes. You might even go as far as to say that Controllers themselves are middleware because guess what, they actually do have a next function here, we just don't use it. I don't ever recommend doing that.

[00:07:19]
I don't ever recommend doing that. You can, but I promise you it get so much more confusing if you do that. Like that's when you take control away from Express about. When it thinks, like, just don't do that.

[00:07:22]
When it thinks, like, just don't do that. If you're doing that, I think you you wrote your routes wrong. There's a better way to do what you're doing.

[00:07:22]
Please do not add it next inside of your handler.

Learn Straight from the Experts Who Shape the Modern Web

  • In-depth Courses
  • Industry Leading Experts
  • Learning Paths
  • Live Interactive Workshops
Get Unlimited Access Now