Input check, disinfection and level of service

Question

Input check, disinfection and level of service

I try to make my actions with the controller as easy as possible, so I implement the level of service. Now I stuck with validation and disinfection. I know that validation should be done at the service level, but what about sanitation? I want to redisplay them with input when there are validation errors.

//userService.js function
function register(data, callback) {
    if (!data) {
        return callback(new Error('Here some error...'));
    }

    /* Sanitize and validate the data */

    /* Method #1 */
    //If not valid then call back with validationErrors
    if (notValid) {
        return callback({
            validationErrors: {
                'username': 'Username is already in use.',
                'email': 'Invalid characters.',
            }
        });
    }

    /* Method #2 */
    if (notValid) {
        return callback({
            fields: {
                //We put here a sanitized fields

            },
            validationErrors: {
                'username': 'Username is already in use.',
                'email': 'Invalid characters.',
            }
        });
    }

};


//userController.js function
// GET/POST: /register
function registerAction(request, response, next) {
    if (request.method === 'POST') {
        var registerData = {
            username: request.body['username'],
            password: request.body['password'],
            email: request.body['email'],
            firstName: request.body['firstName'],
            lastName: request.body['lastName'],
        };

        register(registerData, function(error, someDataIfSucceed) {
            if (error) {
                //Re-post the data so the user wont have to fill the form again

                //Sanitize registerData variable here.

                return response.render('register', {
                    error: error,
                    validationErrors: error.validationErrors
                });
            };

            //User registered succesfully.
            return response.render('registerSuccess');
        });

        return;
    }

    return response.render('register');
}

I see 2 options there.

The function to call "register" with raw POST data, disinfect and check, and then only check errors are discarded. If there are validation errors, then sanitize them in the controller before rendering the view.
Same as the first, but we discard validation errors and sanitized fields.

+4

node.js validation sanitization express

Rlydontknow 24 . '13 15:51

2

xmikex83 · Answer 1 · 2013-11-24T17:34:51+0000

Express, :

, express-validator, node-validator. (. node -validator /):

exports.validate = function(req, res, next) {

  req.assert('username').notEmpty();
  req.assert('password').notEmpty();
  req.assert('email').isEmail();
  req.assert('firstName').len(2, 20).xss();
  req.assert('lastName').len(2, 20).xss();

  var errors = req.validationErrors(true);

  if (errors){
    res.status(400).json({ status: 'ko', errors: errors });
  }
  else {
    next();
  }

}

( register ),

IMHO, .

Nitzan Shaked · Answer 2 · 2013-11-24T16:21:46+0000

, , , .

, , (: ) , :

"" HTTP/HTML ( ), . : , . API . , HTTP. , HTTP/HTML - , , , .

, , "" - (: ), , , .

Input check, disinfection and level of service

More articles: