Validating Input

Joystick uses a built-in validation library for validating inputs passed from the browser to the server as part of a call to a getter or setter.

Validation rules are defined using a nested object structure (written to mimic the structure of the data you're passing from the client) along with a few different properties to set the rules for your inputs.

Input validation can be attached to a getter or setter as follows:

/api/books/getters.js

const getters = {
  books: {
    input: {
      category: {
        type: 'string',
        required: true,
      }
    },
    get: (input = {}, context = {}) => {
      return process.databases.mongodb.collection('books').find({
        user_id: context?.user?._id,
        category: input?.category,
      }).toArray();
    }
  }
};

export default getters;

Here, category is the name of the field we want to validate. We expect it to have a data type of string and require it to be passed in the input.

The object assigned to the field name (here, category) is known as the validator, while the properties on that object are known as the rules for that validator.

Before a getter or setter's get() or set() method is executed, if present, the input they pass will be checked against the provided schema. If the input meets expectations, the request will proceed as normal.

In the event that the input of a client's request fails validation, Joystick will return an HTTP 400 Bad Request status code.

Complex Validation

Validator objects can be composed together to create complex validation. For example, consider the following input validation schema:

Example Input Validation Schema

input: {
  name: {
    type: "string",
    required: true,
  },
  instruments: {
    type: "array",
    allowed_values: ["piano", "guitar", "vocals", "bass"],
  },
  albums: {
    type: "array",
    element: {
      type: "object",
      fields: {
        title: {
          type: "string",
          required: true,
        },
        year: {
          type: "string",
          optional: true,
        },
      },
    },
  },
},

This could be used to validate the following input:

Example Input

input: {
  name: "Trent Reznor",
  instruments: ["piano", "guitar", "vocals", "kazoo"],
  albums: [
    { title: 'The Downward Spiral', year: '1994' },
    { title: 'The Fragile', year: '1999' },
    { title: 'Broken EP', year: '1995' },
  ],
},

Above, we'd expect this input to fail validation as the instruments array on the input has a value that isn't listed in the allowed_values array for that field in the schema.

While your data should be kept shallow for the sake of clarity and simplicity, Joystick's validation can technically be nested infinitely as it runs recursively to an arbitrary depth.

Supported Rules

A validator can define the following rules:

Rule name Values Description
allowed_values (alias: allowedValues) An array of values as: strings, integers, floats, or booleans. An enumerable (enum) list of values that are allowed to be passed for the field.
element A validator object that describes the contents of each item in an array. Only required when `type` is equal to `array`. Defines the shape of an element expected in the array.
fields A validator object that describes the contents of an object. Only required when `type` is equal to `object`. Defines the shape of an object passed as the value for an input field.
max A maximum value expressed as an integer or float. Set a maximum value for the field as a number (integer or float).
min A minimum value expressed as an integer or float. Set a minimum value for the field as a number (integer or float).
optional A boolean `true` or `false`. Specifies whether or not a field is optional. If set to `false`, a value is required.
regex A regular expression expressed as a `/thing/g` regular expression, or, a JavaScript RegExp object. Validates whether the field value conforms to the regular expression.
required A boolean `true` or `false`. Specifies whether or not a field is required. If set to `false`, a value is optional.
type As a JavaScript string, one of: any,array, boolean, float, integer, number, object, or string. The expected type of data for the field to contain.