Query & Path Parameter Validation Exercise

[00:00:00]
>> Steve Kinney: Your job is to effectively try your best to pattern match here, right? Which is, I've got the middleware that creates a body. You're gonna try to do one that will do the same thing for query params and or path params, if you're feeling up to it. This is the hardest of the bunch, and so there will be a little bit of staring at this type, there will be a little little like, this is not just copy and paste what I did and change a few words.

[00:00:25]
And that's why it's time for you to get some muscle memory. So take a look, try it out. Don't get stressed if you don't get all the way there. If you just build the neural pathways of slamming your head against the wall for a second, that's fine. I think that will then make when I show it to you again, it takes little bit better.

[00:00:41]
I'm hurting you on purpose, but it'll be good, I promise.
>> Steve Kinney: So the tricky part here navigating around this request handler and like I said before, remembering the order, which if you pull it in, there is a cheat sheet. You've got the path parameters, the response body, the request body, the query, and then locals.

[00:01:10]
So pulling in the other ones are not just similar. We'll do a little bit of good old fashioned copy and paste energy here.
>> Steve Kinney: And then kind of play with it. And then we'll look at a version where you can combine them all together again. I am not going to subject you to watching me do that, coz I said before as I was going through it, even I got bored of doing it.

[00:01:37]
So I won't do that to you. So we can go ahead and validate the params. We know that that's the first one. So in this case, and the nice part is, like JavaScript, you only have to put in enough arguments to get to where you need so if it's the first one, we can just do it like this.

[00:01:54]
In this case, anything that comes through should have the params validated. And so now, again, here this one is theoretically a string, but we know that it's really a number on the task. So all I have to do is validate params and say in this case, do I have one of just the ID?

[00:02:19]
>> Steve Kinney: We can even do task schema.
>> Steve Kinney: I don't know if I made one in this example. If you don't remember the comma, then things will break. But now, for free, is the right type.
>> Steve Kinney: Which, yeah, string, number, who cared? Let's say you had a lot of different parameters, a lot of times that we don't just have slash user slash one, we might have slash user slash one, slash profile, slash other thing, right?

[00:02:49]
And so you can kinda get more robust sets of these things just immediately typed under the hood. And again, there was stuff like, getting the user auth token or whatever, and like you had a whole wide range of routes, right? Now they would all get the type, anything I kinda derived from that middleware.

[00:03:08]
And then the other one we wanted to do was the query params. And so we could say const, validate query.. And let's copy this real quick.
>> Steve Kinney: And this one we gotta do,
>> Steve Kinney: Again, the real type is really an object, but it gets angry at me. So I could also change my own rules and stuff like that as well.

[00:03:44]
We don't necessarily know what the response is, but you could also enforce that all the responses are the same too. The response bodies all match a certain type. And that's not gonna protect you from anything from the outside world coz you control the response, but it will protect you from yourself.

[00:03:57]
And so that's good. We can treat that one as an exercise for the later, it's the same basic idea that we're doing no one needs to see me do it a fourth time and then request handler, then the next one was again.
>> Steve Kinney: T, and then we could validate that the query in this case.

[00:04:33]
>> Steve Kinney: And you could also say this could be the partial thing we maybe wanna sort by almost anything, my SQL queries can't handle that. But your API probably really can. And we'll see later when we use other tools for generating. The idea is we do this by hand at first, and then I show you tools for generating all this stuff so that you don't have to do this.

[00:04:52]
But the problem with those tools is they were really great in a Greenfield application. But if you're not in one, then these are sometimes approaches that you have to take, pick true and partial, coz I think they can admit it, right?
>> Steve Kinney: Where did I make Boo?
>> Steve Kinney: Probably with this type somewhere in there.

[00:05:44]
>> Steve Kinney: I didn't do anything differently, did I? Again, this is not totally for the query. The one thing we have to keep in mind is that there are some express oddities, where we said before, query params can be, almost any. But they're not quite any, which is they could be a string, an array of string, an object with key set of strings and values of strings or undefined, and it is not a type that they export.

[00:06:14]
Unfortunately, pull request accepted, I guess, and so I do need to make sure that I do the intersection of everything, express things, Aquarius plus my type, right? Otherwise it will get angry. And, like I said, these think I can. Why don't I live? Try something else, randomly. Okay, all the red squigglies are gone.

[00:06:36]
I did have to because I don't have access to the type you can grab a given property and get it through a little bit of science. But the point is you can kinda create these different middleware, and also, if you suffer with that, you can at least suffer with it once, coz imagine doing that bespoke all the time, right?

[00:06:56]
So in this case, now, anything that uses middleware. I can theoretically, things will be what I think they ought to be, right? Maybe but they will all parse at the very least, which is nice. So check it out. The one thing that I'm not gonna make you endure, but can be the if someone wants to do the kind of graduate level version of this, okay?

[00:07:26]
This is the graduate school most insane version of it, which is, effectively, instead of having three different middleware. I could have one that takes an object, body, params, schema and one middleware where I could pass in three different body, query, params and validate all three in one piece of middleware.

[00:07:54]
>> Steve Kinney: Taking an object it's basically combining all of them together and doing the same basic idea as we go through like I am not going to make you endure me watching the same thing again in various different conditionals, but you can build on top of these things as you need them.