diff --git a/.gitignore b/.gitignore index d224b2f..37b553d 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,5 @@ node_modules *.log coverage .nyc_output -package-lock.json \ No newline at end of file +package-lock.json +example/typescript/*.js diff --git a/CHANGELOG.md b/CHANGELOG.md index 698f5f7..1fefece 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ ## CHANGELOG Date format is DD/MM/YYYY +## 2.0.0 (27/06/2019) +* Improved TypeScript support with better typings +* Changed export from a factory function to a module exposing `createValidator()` +* Improved TypeScript examples and README + ## 1.0.0 (13/06/2019) * Migrated from `joi` to `@hapi/joi`. * Dropped Node.js 6 & 7 support (@hapi/joi forces this) diff --git a/README.md b/README.md index ef6caad..c61da10 100644 --- a/README.md +++ b/README.md @@ -7,83 +7,228 @@ [![npm downloads](https://img.shields.io/npm/dm/express-joi-validation.svg?style=flat)](https://www.npmjs.com/package/express-joi-validation) [![Known Vulnerabilities](https://snyk.io//test/github/evanshortiss/express-joi-validation/badge.svg?targetFile=package.json)](https://snyk.io//test/github/evanshortiss/express-joi-validation?targetFile=package.json) -A middleware for validating express inputs using Joi schemas. Fills some of the -voids I found that other Joi middleware miss such as: - -* Allow the developers to easily specify the order in which request inputs are -validated. -* Replaces the incoming `req.body` and others with converted Joi values. The -same applies for headers, query, and params, but... -* Retains the original `req.body` inside a new property named `req.originalBody` +A middleware for validating express inputs using Joi schemas. Features include: + +* TypeScript support. +* Specify the order in which request inputs are validated. +* Replaces the incoming `req.body`, `req.query`, etc and with the validated result +* Retains the original `req.body` inside a new property named `req.originalBody`. . The same applies for headers, query, and params using the `original` prefix, -e.g `req.originalQuery` will contain the `req.query` as it looked *before* -validation. -* Passes sensible default options to Joi for headers, params, query, and body. -These are detailed below. +e.g `req.originalQuery` +* Chooses sensible default Joi options for headers, params, query, and body. * Uses `peerDependencies` to get a Joi instance of your choosing instead of using a fixed version. +## Quick Links + +* [API](#api) +* [Usage (JavaScript)](#usage-javascript) +* [Usage (TypeScript)](#usage-typescript) +* [Behaviours](#behaviours) + * [Joi Versioning](#joi-versioning) + * [Validation Ordering](#validation-ordering) + * [Error Handling](#error-handling) + * [Joi Options](#joi-options) + * [Custom Express Error Handler](#custom-express-error-handler) ## Install -You need to install `joi` along with this module for it to work since it relies -on it as a peer dependency. Currently this module has only been tested with joi -version 10.0 and higher. +You need to install `@hapi/joi` with this module since it relies on it in +`peerDependencies`. ``` -# we install our middleware AND joi since it's required by our middleware -npm i express-joi-validation joi --save +npm i express-joi-validation @hapi/joi --save ``` +For TypeScript developers you also need to install Joi types. JavaScript +developers can benefit from this too: -## Example Code +``` +npm i @types/hapi__joi --save-dev +``` -An example application can be found in the [example/](https://github.com/evanshortiss/express-joi-validation/tree/master/example) -folder of this repository. +## Example +A JavaScript and TypeScript example can be found in the `example/` folder of +this repository. -## Usage +## Usage (JavaScript) ```js const Joi = require('joi') const app = require('express')() -const validator = require('express-joi-validation')({ +const validator = require('express-joi-validation').createValidator({ // You can pass a specific Joi instance using this option. By default the // module will load the @hapi/joi version you have in your package.json - // so 99% of the time you won't need this option - // joi: require('joi') + // joi: require('@hapi/joi') }) const querySchema = Joi.object({ - type: Joi.string().required().valid('food', 'drinks', 'entertainment') + name: Joi.string().required() }) -app.get('/orders', validator.query(querySchema, {joi: joiOpts}), (req, res, next) => { - console.log( - `original query ${JSON.stringify(req.originalQuery)} vs. the sanatised query ${JSON.stringify(req.query)}` - ) - - // if we're in here then the query was valid! - res.end(`you placed an order of type ${req.query.type}`) +app.get('/orders', validator.query(querySchema), (req, res) => { + // If we're in here then the query was valid! + res.end(`Hello ${req.query.name}!`) +}) +``` + +## Usage (TypeScript) + +For TypeScript a helper `ValidatedRequest` type is provided. This extends the +`express.Request` type and allows you to pass a schema using generics to +ensure type safety in your handler function. + +One downside to this is that there's some duplication. You can minimise this +duplication by using [joi-extract-type](https://github.com/TCMiranda/joi-extract-type/). + +```ts +import * as Joi from '@hapi/joi' +import * as express from 'express' +import { + // Use this as a replacement for express.Request + ValidatedRequest, + // Extend from this to define a valid schema type/interface + ValidatedRequestSchema, + // Creates a validator that generates middlewares + createValidator +} from 'express-joi-validation' + +// This is optional, but without it you need to manually generate +// a type or interface for ValidatedRequestSchema members +import 'joi-extract-type' + +const app = express() +const validator = createValidator() + +const querySchema = Joi.object({ + name: Joi.string().required() +}) + +interface HelloRequestSchema extends ValidatedRequestSchema { + [ContainerTypes.Query]: Joi.extractType + + // Without Joi.extractType you would do this: + // query: { + // name: string + // } +} + +app.get( + '/hello', + validator.query(querySchema), + (req: ValidatedRequest, res) => { + // Woohoo, type safety and intellisense for req.query! + res.end(`Hello ${req.query.name}!`) + } +) +``` + +## API + +### Structure + +* module (express-joi-validation) + * [createValidator(config)](#createvalidatorconfig) + * [query(options)](#validatorqueryschema-options) + * [body(options)](#validatorbodyschema-options) + * [headers(options)](#headersschema-options) + * [params(options)](#validatorparamsschema-options) + * [fields(options)](#validatorfieldsschema-options) + + +### createValidator(config) +Creates a validator. Supports the following options: + +* passError (default: `false`) - Passes validation errors to the express error +hander using `next(err)` when `true` +* statusCode (default: `400`) - The status code used when validation fails and +`passError` is `false`. + +#### validator.query(schema, [options]) +Creates a middleware instance that will validate the `req.query` for an +incoming request. Can be passed `options` that override the config passed +when the validator was created. + +Supported options are: + +* joi - Custom options to pass to `Joi.validate`. +* passError - Same as above. +* statusCode - Same as above. + +#### validator.body(schema, [options]) +Creates a middleware instance that will validate the `req.body` for an incoming +request. Can be passed `options` that override the options passed when the +validator was created. + +Supported options are the same as `validator.query`. + +#### validator.headers(schema, [options]) +Creates a middleware instance that will validate the `req.headers` for an +incoming request. Can be passed `options` that override the options passed +when the validator was created. + +Supported options are the same as `validator.query`. + +#### validator.params(schema, [options]) +Creates a middleware instance that will validate the `req.params` for an +incoming request. Can be passed `options` that override the options passed +when the validator was created. + +Supported options are the same as `validator.query`. + +#### validator.response(schema, [options]) +Creates a middleware instance that will validate the outgoing response. +Can be passed `options` that override the options passed when the instance was +created. + +Supported options are the same as `validator.query`. + +#### validator.fields(schema, [options]) +Creates a middleware instance that will validate the fields for an incoming +request. This is designed for use with `express-formidable`. Can be passed +`options` that override the options passed when the validator was created. + +The `instance.params` middleware is a little different to the others. It _must_ +be attached directly to the route it is related to. Here's a sample: + +```js +const schema = Joi.object({ + id: Joi.number().integer().required() +}); + +// INCORRECT +app.use(validator.params(schema)); +app.get('/orders/:id', (req, res, next) => { + // The "id" parameter will NOT have been validated here! +}); + +// CORRECT +app.get('/orders/:id', validator.params(schema), (req, res, next) => { + // This WILL have a validated "id" }) ``` +Supported options are the same as `validator.query`. ## Behaviours ### Joi Versioning -This module uses `peerDependencies` for the Joi version being used. This means -whatever `@hapi/joi` version is in the `dependencies` of your `package.json` will be -used by this module. +You can explicitly pass a versiong of Joi using the `joi` option supported by +the `createValidator` function. + +Otherwise, this module uses `peerDependencies` for the Joi version being used. +This means whatever `@hapi/joi` version is in the `dependencies` of your +`package.json` will be used by this module. + ### Validation Ordering -If you'd like to validate different request inputs in differing orders it's -simple, just define the the middleware in the order desired. +Validation can be performed in a specific order using standard express +middleware behaviour. Pass the middleware in the desired order. -Here's an example where we do headers, body, and finally the query: +Here's an example where the order is headers, body, query: ```js -// verify headers, then body, then query route.get( '/tickets', validator.headers(headerSchema), @@ -97,8 +242,12 @@ route.get( When validation fails, this module will default to returning a HTTP 400 with the Joi validation error as a `text/plain` response type. -A `passError` option is supported to override this behaviour, and force the -middleware to pass the error to the express error handler you've defined. +A `passError` option is supported to override this behaviour. This option +forces the middleware to pass the error to the express error handler using the +standard `next` function behaviour. + +See the [Custom Express Error Handler](#custom-express-error-handler) section +for an example. ### Joi Options It is possible to pass specific Joi options to each validator like so: @@ -122,7 +271,7 @@ route.get( ); ``` -The following sensible defaults are applied if you pass none: +The following sensible defaults for Joi are applied if none are passed: #### Query * convert: true @@ -151,14 +300,13 @@ The following sensible defaults are applied if you pass none: * abortEarly: false -## Custom Express Error handler - -If you don't like the default error format returned by this module you can -override it like so: +## Custom Express Error Handler ```js -const validator = require('express-joi-validation')({ - passError: true // NOTE: this tells the module to pass the error along for you +const validator = require('express-joi-validation').createValidator({ + // This options forces validation to pass any errors the express + // error handler instead of generating a 400 error + passError: true }); const app = require('express')(); @@ -174,7 +322,7 @@ app.get('/orders', validator.query(require('./query-schema')), (req, res, next) // After your routes add a standard express error handler. This will be passed the Joi // error, plus an extra "type" field so we can tell what type of validation failed app.use((err, req, res, next) => { - if (err.error.isJoi) { + if (err && err.error && err.error.isJoi) { // we had a joi error, let's return a custom 400 json response res.status(400).json({ type: err.type, // will be "query" here, but could be "headers", "body", or "params" @@ -187,73 +335,22 @@ app.use((err, req, res, next) => { }); ``` +In TypeScript environments `err.type` can be verified against the exported +`ContainerTypes`: -## API +```ts +import { ContainerTypes } from 'express-joi-validation' -### module(config) - -A factory function an instance of the module for use. Can pass the following -options: - -* passError - Set this to true if you'd like validation errors to get passed -to the express error handler so you can handle them manually vs. the default behaviour that returns a 400. -* statusCode - The status code to use when validation fails and _passError_ -is false. Default is 400. - -### Instance Functions - -Each instance function can be passed an options Object with the following: - -* joi - Custom options to pass to `Joi.validate`. -* passError - Same as above. -* statusCode - Same as above. - -#### instance.query(schema, [options]) -Create a middleware instance that will validate the query for an incoming -request. Can be passed `options` that override the options passed when the -instance was created. - -#### instance.body(schema, [options]) -Create a middleware instance that will validate the body for an incoming -request. Can be passed `options` that override the options passed when the -instance was created. - -#### instance.headers(schema, [options]) -Create a middleware instance that will validate the headers for an incoming -request. Can be passed `options` that override the options passed when the -instance was created. - -#### instance.params(schema, [options]) -Create a middleware instance that will validate the params for an incoming -request. Can be passed `options` that override the options passed when the -instance was created. - -#### instance.response(schema, [options]) -Create a middleware instance that will validate the outgoing response. -Can be passed `options` that override the options passed when the instance was -created. - -#### instance.fields(schema, [options]) -Create a middleware instance that will validate the fields for an incoming -request. This is designed for use with `express-formidable`. Can be passed -`options` that override the options passed when the instance was created. - -The `instance.params` middleware is a little different to the others. It _must_ -be attached directly to the route it is related to. Here's a sample: - -```js -const schema = Joi.object({ - id: Joi.number().integer().required() -}); - -// INCORRECT -app.use(validator.params(schema)); -app.get('/orders/:id', (req, res, next) => { - // The "id" parameter will NOT have been validated here! -}); - -// CORRECT -app.get('/orders/:id', validator.params(schema), (req, res, next) => { - // This WILL have a validated "id" +app.use((err: any|ExpressJoiError, req: express.Request, res: express.Response, next: express.NextFunction) => { + // ContainerTypes is an enum exported by this module. It contains strings + // such as "body", "headers", "query"... + if (err && err.type in ContainerTypes) { + const e: ExpressJoiError = err + // e.g "you submitted a bad query paramater" + res.status(400).end(`You submitted a bad ${e.type} paramater`) + } else { + res.status(500).end('internal server error') + } }) ``` + diff --git a/example/javascript/router.js b/example/javascript/router.js new file mode 100644 index 0000000..bd97b8a --- /dev/null +++ b/example/javascript/router.js @@ -0,0 +1,112 @@ +'use strict' + +const route = (module.exports = require('express').Router()) +const users = require('./users') +const Joi = require('joi') +const _ = require('lodash') +const validator = require('../index.js')({}) + +/** + * This "GET /:id" endpoint is used to query users by their ID + * Try accessing http://localhost:8080/users/1001 to see it in action. + * Now try http://localhost:8080/users/bananas - it will fail since the ID must be an integer + */ +const paramsSchema = Joi.object({ + id: Joi.number().required() +}) + +route.get('/:id', validator.params(paramsSchema), (req, res) => { + console.log(`\nGetting user by ID ${req.params.id}.`) + console.log( + `req.params was ${JSON.stringify(req.originalParams)} before validation` + ) + console.log(`req.params is ${JSON.stringify(req.params)} after validation`) + console.log('note that the ID was correctly cast to an integer') + + const u = _.find(users, { id: req.params.id }) + + if (u) { + res.json(u) + } else { + res.status(404).json({ + message: `no user exists with id "${req.params.id}"` + }) + } +}) + +/** + * This "GET /" endpoint is used to query users by a querystring + * Try accessing http://localhost:8080/users?name=j&age=25 to get users that are 25 or with a name containing a "j". + * Now try http://localhost:8080/users - it will fail since name is required + */ +const querySchema = Joi.object({ + name: Joi.string() + .required() + .min(1) + .max(10), + age: Joi.number() + .integer() + .min(1) + .max(120) +}) + +route.get('/', validator.query(querySchema), (req, res) => { + console.log(`\nGetting users for query ${JSON.stringify(req.query)}.`) + console.log( + `req.query was ${JSON.stringify(req.originalQuery)} before validation` + ) + console.log(`req.query is ${JSON.stringify(req.query)} after validation`) + console.log( + 'note that the age was correctly cast to an integer if provided\n' + ) + + res.json( + _.filter(users, u => { + return ( + _.includes(u.name, req.query.name) || + (req.query.age && u.age === req.query.age) + ) + }) + ) +}) + +/** + * This "POST /" endpoint is used to create new users + * POST to http://localhost:8080/users with '{"name": "jane", "age": "26"}' to see it work + * Now try posting '{"name": "jane", "age": 1000}' - it will fail since the age is above 120 + */ +const bodySchema = Joi.object({ + name: Joi.string() + .required() + .min(1) + .max(10), + age: Joi.number() + .integer() + .required() + .min(1) + .max(120) +}) + +route.post( + '/', + require('body-parser').json(), + validator.body(bodySchema), + (req, res) => { + console.log(`\Creating user with data ${JSON.stringify(req.body)}.`) + console.log( + `req.body was ${JSON.stringify(req.originalBody)} before validation` + ) + console.log(`req.body is ${JSON.stringify(req.body)} after validation`) + console.log( + 'note that the age was correctly cast to an integer if it was a string\n' + ) + + // Generate data required for insert (new id is incremented from previous max) + const prevMaxId = _.maxBy(users, u => u.id).id + const data = Object.assign({}, req.body, { id: prevMaxId + 1 }) + + users.push(data) + + res.json({ message: 'created user', data: data }) + } +) diff --git a/example/javascript/server.js b/example/javascript/server.js new file mode 100644 index 0000000..6bdefbe --- /dev/null +++ b/example/javascript/server.js @@ -0,0 +1,32 @@ +'use strict' + +process.title = 'express-joi-validation' + +const port = 8080 + +const app = require('express')() +const Joi = require('joi') +const validator = require('../index.js')({}) + +const headerSchema = Joi.object({ + host: Joi.string().required(), + 'user-agent': Joi.string().required() +}) + +app.use(validator.headers(headerSchema)) + +app.use('/users', require('./router')) + +app.listen(port, err => { + if (err) { + throw err + } + + console.log(`\napp started on ${port}\n`) + console.log( + `Try accessing http://localhost:${port}/users/1001 or http://localhost:${port}/users?name=dean to get some data.\n` + ) + console.log( + `Now try access http://localhost:${port}/users?age=50. You should get an error complaining that your querystring is invalid.` + ) +}) diff --git a/example/javascript/users.js b/example/javascript/users.js new file mode 100644 index 0000000..e8fe4c0 --- /dev/null +++ b/example/javascript/users.js @@ -0,0 +1,12 @@ +'use strict' + +module.exports = [ + { id: 1000, name: 'anne, a.', age: 25 }, + { id: 1001, name: 'barry, a.', age: 52 }, + { id: 1002, name: 'clare, a.', age: 25 }, + { id: 1003, name: 'joe, a.', age: 67 }, + { id: 1004, name: 'anne, b.', age: 47 }, + { id: 1005, name: 'barry, b.', age: 80 }, + { id: 1006, name: 'clare, b.', age: 28 }, + { id: 1007, name: 'joe, b.', age: 15 } +] diff --git a/example/router.js b/example/router.js deleted file mode 100644 index ba00f0f..0000000 --- a/example/router.js +++ /dev/null @@ -1,87 +0,0 @@ -'use strict'; - - -const route = module.exports = require('express').Router(); -const users = require('./users'); -const Joi = require('joi'); -const _ = require('lodash'); -const validator = require('../index.js')({}); - - - -/** - * This "GET /:id" endpoint is used to query users by their ID - * Try accessing http://localhost:8080/users/1001 to see it in action. - * Now try http://localhost:8080/users/bananas - it will fail since the ID must be an integer - */ -const paramsSchema = Joi.object({ - id: Joi.number().required() -}); - -route.get('/:id', validator.params(paramsSchema), (req, res) => { - console.log(`\nGetting user by ID ${req.params.id}.`); - console.log(`req.params was ${JSON.stringify(req.originalParams)} before validation`); - console.log(`req.params is ${JSON.stringify(req.params)} after validation`); - console.log('note that the ID was correctly cast to an integer'); - - const u = _.find(users, {id: req.params.id}); - - if (u) { - res.json(u); - } else { - res.status(404).json({ - message: `no user exists with id "${req.params.id}"` - }); - } -}); - - - -/** - * This "GET /" endpoint is used to query users by a querystring - * Try accessing http://localhost:8080/users?name=j&age=25 to get users that are 25 or with a name containing a "j". - * Now try http://localhost:8080/users - it will fail since name is required - */ -const querySchema = Joi.object({ - name: Joi.string().required().min(1).max(10), - age: Joi.number().integer().min(1).max(120) -}); - -route.get('/', validator.query(querySchema), (req, res) => { - console.log(`\nGetting users for query ${JSON.stringify(req.query)}.`); - console.log(`req.query was ${JSON.stringify(req.originalQuery)} before validation`); - console.log(`req.query is ${JSON.stringify(req.query)} after validation`); - console.log('note that the age was correctly cast to an integer if provided\n'); - - res.json( - _.filter(users, (u) => { - return _.includes(u.name, req.query.name) || req.query.age && u.age === req.query.age; - }) - ); -}); - - -/** - * This "POST /" endpoint is used to create new users - * POST to http://localhost:8080/users with '{"name": "jane", "age": "26"}' to see it work - * Now try posting '{"name": "jane", "age": 1000}' - it will fail since the age is above 120 - */ -const bodySchema = Joi.object({ - name: Joi.string().required().min(1).max(10), - age: Joi.number().integer().required().min(1).max(120) -}); - -route.post('/', require('body-parser').json(), validator.body(bodySchema), (req, res) => { - console.log(`\Creating user with data ${JSON.stringify(req.body)}.`); - console.log(`req.body was ${JSON.stringify(req.originalBody)} before validation`); - console.log(`req.body is ${JSON.stringify(req.body)} after validation`); - console.log('note that the age was correctly cast to an integer if it was a string\n'); - - // Generate data required for insert (new id is incremented from previous max) - const prevMaxId = _.maxBy(users, (u) => u.id).id; - const data = Object.assign({}, req.body, {id: prevMaxId + 1}); - - users.push(data); - - res.json({message: 'created user', data: data}); -}); diff --git a/example/server.js b/example/server.js deleted file mode 100644 index 86ce7f4..0000000 --- a/example/server.js +++ /dev/null @@ -1,29 +0,0 @@ -'use strict'; - -process.title = 'express-joi-validation'; - -const port = 8080; - -const app = require('express')(); -const Joi = require('joi'); -const validator = require('../index.js')({}); - -const headerSchema = Joi.object({ - 'host': Joi.string().required(), - 'user-agent': Joi.string().required() -}); - - -app.use(validator.headers(headerSchema)); - -app.use('/users', require('./router')); - -app.listen(port, (err) => { - if (err) { - throw err; - } - - console.log(`\napp started on ${port}\n`); - console.log(`Try accessing http://localhost:${port}/users/1001 or http://localhost:${port}/users?name=dean to get some data.\n`); - console.log(`Now try access http://localhost:${port}/users?age=50. You should get an error complaining that your querystring is invalid.`); -}); diff --git a/example/typescript/route.ts b/example/typescript/route.ts new file mode 100644 index 0000000..7d3ec34 --- /dev/null +++ b/example/typescript/route.ts @@ -0,0 +1,29 @@ +import * as Joi from '@hapi/joi' +import { + ValidatedRequest, + ValidatedRequestSchema, + createValidator, + ContainerTypes +} from '../../express-joi-validation' +import { Router } from 'express' +import 'joi-extract-type' + +const route = Router() +const validator = createValidator() +const querySchema = Joi.object({ + name: Joi.string().required() +}) + +interface HelloRequestSchema extends ValidatedRequestSchema { + [ContainerTypes.Query]: Joi.extractType +} + +route.get( + '/hello', + validator.query(querySchema), + (req: ValidatedRequest, res) => { + res.end(`Hello ${req.query.name}`) + } +) + +export = route diff --git a/example/typescript/server.js b/example/typescript/server.js deleted file mode 100644 index e49efa6..0000000 --- a/example/typescript/server.js +++ /dev/null @@ -1,34 +0,0 @@ -'use strict' -exports.__esModule = true -var port = 3030 -var express = require('express') -var Joi = require('joi') -var validation = require('../../express-joi-validation') -var app = express() -var validator = validation() -var headerSchema = Joi.object({ - host: Joi.string().required(), - 'user-agent': Joi.string().required() -}) -app.use(validator.headers(headerSchema)) -app.get('/ping', function(req, res) { - return res.end('pong') -}) -app.listen(3030, function(err) { - if (err) { - throw err - } - console.log('\napp started on ' + port + '\n') - console.log( - 'Try accessing http://localhost:' + - port + - '/users/1001 or http://localhost:' + - port + - '/users?name=dean to get some data.\n' - ) - console.log( - 'Now try access http://localhost:' + - port + - '/users?age=50. You should get an error complaining that your querystring is invalid.' - ) -}) diff --git a/example/typescript/server.ts b/example/typescript/server.ts index ead8f2f..a527a18 100644 --- a/example/typescript/server.ts +++ b/example/typescript/server.ts @@ -3,20 +3,45 @@ const port = 3030 import * as express from 'express' -import * as Joi from 'joi' -import * as validation from '../../express-joi-validation' +import * as Joi from '@hapi/joi' +import * as HelloWorld from './route' +import { createValidator, ExpressJoiError } from '../../express-joi-validation' const app = express() -const validator = validation() +const validator = createValidator() const headerSchema = Joi.object({ host: Joi.string().required(), 'user-agent': Joi.string().required() }) +// Validate headers for all incoming requests app.use(validator.headers(headerSchema)) -app.get('/ping', (req, res) => res.end('pong')) +// No extra validations performed on this simple ping endpoint +app.get('/ping', (req, res) => { + res.end('pong') +}) + +app.use('/hello', HelloWorld) + +// Custom error handler +app.use( + ( + err: any | ExpressJoiError, + req: express.Request, + res: express.Response, + next: express.NextFunction + ) => { + if (err && err.error && err.error.isJoi) { + const e: ExpressJoiError = err + // e.g "you submitted a bad query" + res.status(400).end(`You submitted a bad ${e.type} paramater.`) + } else { + res.status(500).end('internal server error') + } + } +) app.listen(port, (err: any) => { if (err) { @@ -25,9 +50,9 @@ app.listen(port, (err: any) => { console.log(`\napp started on ${port}\n`) console.log( - `Try accessing http://localhost:${port}/users/1001 or http://localhost:${port}/users?name=dean to get some data.\n` + `Try accessing http://localhost:${port}/ping or http://localhost:${port}/hello?name=dean to get some data.\n` ) console.log( - `Now try access http://localhost:${port}/users?age=50. You should get an error complaining that your querystring is invalid.` + `Now try access hhttp://localhost:${port}/hello. You should get an error complaining that your querystring is invalid.` ) }) diff --git a/example/users.js b/example/users.js deleted file mode 100644 index 1118e79..0000000 --- a/example/users.js +++ /dev/null @@ -1,12 +0,0 @@ -'use strict'; - -module.exports = [ - {id: 1000, name: 'anne, a.', age: 25}, - {id: 1001, name: 'barry, a.', age: 52}, - {id: 1002, name: 'clare, a.', age: 25}, - {id: 1003, name: 'joe, a.', age: 67}, - {id: 1004, name: 'anne, b.', age: 47}, - {id: 1005, name: 'barry, b.', age: 80}, - {id: 1006, name: 'clare, b.', age: 28}, - {id: 1007, name: 'joe, b.', age: 15} -]; diff --git a/express-joi-validation.d.ts b/express-joi-validation.d.ts index 607edd5..52084ac 100644 --- a/express-joi-validation.d.ts +++ b/express-joi-validation.d.ts @@ -1,29 +1,81 @@ -import * as Joi from 'joi'; +import * as Joi from '@hapi/joi'; import * as express from 'express' +import { IncomingHttpHeaders } from 'http'; -declare module 'express' { - interface Request { - originalBody: Array|object|undefined - originalQuery: object - originalHeaders: object - originalParams: object - originalFields: object - } +/** + * Creates an instance of this module that can be used to generate middleware + * @param cfg + */ +export function createValidator (cfg? : ExpressJoiConfig): ExpressJoiInstance + +/** + * These are the named properties on an express.Request that this module can + * validate, e.g "body" or "query" + */ +export enum ContainerTypes { + Body = 'body', + Query = 'query', + Headers = 'headers', + Fields = 'fields', + Params = 'params' +} + +/** + * Use this in you express error handler if you've set *passError* to true + * when calling *createValidator* + */ +export interface ExpressJoiError extends Joi.ValidationResult { + type: ContainerTypes } -interface ExpressJoiConfig { +/** + * A schema that developers should extend to strongly type the properties + * (query, body, etc.) of incoming express.Request passed to a request handler. + */ +export type ValidatedRequestSchema = Record + +/** + * Use this in conjunction with *ValidatedRequestSchema* instead of + * express.Request for route handlers. This ensures *req.query*, + * *req.body* and others are strongly typed using your + * *ValidatedRequestSchema* + */ +export interface ValidatedRequest extends express.Request { + body: T[ContainerTypes.Body] + query: T[ContainerTypes.Query] + headers: T[ContainerTypes.Headers] + params: T[ContainerTypes.Params] + fields: T[ContainerTypes.Fields] + originalBody: any + originalQuery: any + originalHeaders: IncomingHttpHeaders + originalParams: any + originalFields: any +} + +/** + * Configuration options supportef by *createValidator(config)* + */ +export interface ExpressJoiConfig { joi?: typeof Joi statusCode?: number passError?: boolean } -interface ExpressJoiContainerConfig { +/** + * Configuration options supported by middleware, e.g *validator.body(config)* + */ +export interface ExpressJoiContainerConfig { joi?: Joi.ValidationOptions statusCode?: number passError?: boolean } -interface ExpressJoiInstance { +/** + * A validator instance that can be used to generate middleware. Is returned by + * calling *createValidator* + */ +export interface ExpressJoiInstance { body (schema: Joi.Schema, cfg?: ExpressJoiContainerConfig): express.RequestHandler query (schema: Joi.Schema, cfg?: ExpressJoiContainerConfig): express.RequestHandler params (schema: Joi.Schema, cfg?: ExpressJoiContainerConfig): express.RequestHandler @@ -31,9 +83,3 @@ interface ExpressJoiInstance { fields (schema: Joi.Schema, cfg?: ExpressJoiContainerConfig): express.RequestHandler response (schema: Joi.Schema, cfg?: ExpressJoiContainerConfig): express.RequestHandler } - -declare function validation (cfg? : ExpressJoiConfig): ExpressJoiInstance - -declare namespace validation {} - -export = validation diff --git a/express-joi-validation.js b/express-joi-validation.js index fab3de6..d6a1b54 100644 --- a/express-joi-validation.js +++ b/express-joi-validation.js @@ -59,7 +59,13 @@ function buildErrorString(err, container) { return ret } -module.exports = function generateJoiMiddlewareInstance(cfg) { +module.exports = function() { + throw new Error( + 'express-joi-validation: exported member is no longer a factory function. use exported createValidator function instead' + ) +} + +module.exports.createValidator = function generateJoiMiddlewareInstance(cfg) { cfg = cfg || {} // default to an empty config const Joi = cfg.joi || require('@hapi/joi') diff --git a/index.test.js b/index.test.js index e784e83..12e4c68 100644 --- a/index.test.js +++ b/index.test.js @@ -91,7 +91,7 @@ describe('express joi', function() { .required() }) - mod = require('./express-joi-validation.js')() + mod = require('./express-joi-validation.js').createValidator() }) describe('#headers', function() { @@ -251,7 +251,7 @@ describe('express joi', function() { describe('optional configs', function() { it('should call next on error via config.passError', function(done) { - const mod = require('./express-joi-validation.js')({ + const mod = require('./express-joi-validation.js').createValidator({ passError: true }) const mw = mod.query( @@ -300,7 +300,7 @@ describe('express joi', function() { } resStub.status = sinon.stub().returns(resStub) - const mod = require('./express-joi-validation.js')({ + const mod = require('./express-joi-validation.js').createValidator({ joi: joiStub, statusCode: statusCode }) diff --git a/package.json b/package.json index da6e411..fb2e93d 100644 --- a/package.json +++ b/package.json @@ -1,16 +1,14 @@ { "name": "express-joi-validation", - "version": "1.0.0", + "version": "2.0.0", "description": "validate express application inputs and parameters using joi", "main": "express-joi-validation.js", "scripts": { - "precommit": "npm run format && npm test", - "format": "prettier --no-semi --single-quote --write index.test.js example/**/*.js example/**/*.ts express-joi-validation.js", "unit": "mocha *.test.js", "ts-test": "tsc express-joi-validation.d.ts --target es5 --module commonjs --noEmit", "test": "npm run ts-test && npm run cover && nyc check-coverage --statements 100 --lines 100 --functions 100 --branches 100", "cover": "nyc --reporter=lcov --produce-source-map=true npm run unit", - "example": "nodemon example/server.js", + "example": "nodemon example/javascript/server.js", "example-ts": "tsc example/typescript/server.ts && node example/typescript/server.js", "coveralls": "npm run cover && cat coverage/lcov.info | coveralls" }, @@ -29,14 +27,17 @@ "sanatize", "sanatise", "input", - "parameter" + "parameter", + "typescript", + "ts", + "tsc" ], "author": "Evan Shortiss", "license": "MIT", "devDependencies": { "@hapi/joi": "~15.0.3", "@types/express": "~4.0.39", - "@types/joi": "~13.6.0", + "@types/hapi__joi": "~15.0.2", "@types/node": "^6.0.117", "body-parser": "~1.18.3", "chai": "~3.5.0", @@ -45,6 +46,8 @@ "express": "~4.16.3", "express-formidable": "~1.0.0", "husky": "~1.0.1", + "joi-extract-type": "~15.0.0", + "lint-staged": "~8.2.1", "lodash": "~4.17.4", "mocha": "~5.2.0", "mocha-lcov-reporter": "~1.3.0", @@ -54,12 +57,39 @@ "proxyquire": "~1.7.11", "sinon": "~1.17.7", "supertest": "~3.0.0", - "typescript": "~2.5.3" + "typescript": "~3.5.2" }, "peerDependencies": { "@hapi/joi": "*" }, "engines": { "node": ">=8.0.0" + }, + "directories": { + "example": "example" + }, + "dependencies": {}, + "repository": { + "type": "git", + "url": "git+https://github.com/evanshortiss/express-joi-validation.git" + }, + "bugs": { + "url": "https://github.com/evanshortiss/express-joi-validation/issues" + }, + "homepage": "https://github.com/evanshortiss/express-joi-validation#readme", + "husky": { + "hooks": { + "pre-commit": "lint-staged" + } + }, + "lint-staged": { + "**/*.js": [ + "prettier --no-semi --single-quote --write", + "git add" + ], + "**/*.ts": [ + "prettier --no-semi --single-quote --write", + "git add" + ] } }