Data Validation

Never trust user input. Validating data on the server side is the first line of defense against bugs and security vulnerabilities.

1. Using express-validator

It's a set of middleware that wraps validator.js functions.

const { body, validationResult } = require('express-validator');

      app.post('/register', [
        body('email').isEmail().withMessage('Enter a valid email'),
        body('password').isLength({ min: 5 }).withMessage('Too short')
      ], (req, res) => {
        const errors = validationResult(req);
        if (!errors.isEmpty()) {
          return res.status(400).json({ errors: errors.array() });
        }
        
        res.send('Valid data!');
      });

2. Data Sanitization

Sanitizing ensures that the data is in the format you expect (e.g., trimming whitespace or converting to lower case).

body('email').isEmail().normalizeEmail().trim()

3. Schema-based Validation (Joi)

For complex objects, Joi is a powerful alternative.

const schema = Joi.object({
          username: Joi.string().alphanum().min(3).max(30).required(),
          password: Joi.string().pattern(new RegExp('^[a-zA-Z0-9]{3,30}$')),
      });