A simple tool to protect your API against bad request parameters
npm install body-checker
var check = require('body-checker');
check([body to validate], [configuration options], [callback]);This is the request object (req.body in express) that you want to validate.
Currently we only support shallow objects, but if there is an overwhelming need for deep objects, let us know in the issues and we will implement deep validation.
This is an object that outlines your allowed request parameters. It takes the following form:
{
paramKey: {
type: 'string', // String: Required
required: false, // Boolean: Optional, defaults to false
default: 'default value' // String: Optional
},
nextParamKey: { ... }
}Type is a required parameter. If you don't care what type it is, you can set type to any.
- string: validates a string
- number: validates a number
- integer: validates a non floating point number
- array: validates an array
- object: validates an object
- null: expects value to be null
- assigned: expects value to be assigned
- any: bypasses type checking
Callback is a traditional callback(err, data) function. It will pass back detailed errors for debugging or the final req.body object. This allows you to send your own generic error to the client to prevent phishing attacks. See example below.
var check = require('body-checker');
module.exports = function(req, res, next) {
check(req.body, {
name: {
type: 'string',
default: 'public',
required: true
},
id: {
type: 'integer',
required: true
}
}, function(err, body) {
if(err) {
// Log detailed error message on server
console.log(err.message);
// Send generic error to client
res.status(400).send({
message: 'Bad Request'
});
} else {
// do stuff with safe parameters
// and eventually...
res.status(200).send(body);
}
});
}npm test