Rly*_*now 4 validation sanitization node.js express
我试图让我的控制器操作尽可能轻量级,所以我正在实现服务层.现在我一直坚持验证和消毒.我知道验证应该在服务层完成但是消毒呢?当有验证错误时,我想用输入数据重新渲染.
//userService.js function
function register(data, callback) {
if (!data) {
return callback(new Error('Here some error...'));
}
/* Sanitize and validate the data */
/* Method #1 */
//If not valid then call back with validationErrors
if (notValid) {
return callback({
validationErrors: {
'username': 'Username is already in use.',
'email': 'Invalid characters.',
}
});
}
/* Method #2 */
if (notValid) {
return callback({
fields: {
//We put here a sanitized fields
},
validationErrors: {
'username': 'Username is already in use.',
'email': 'Invalid characters.',
}
});
}
};
//userController.js function
// GET/POST: /register
function registerAction(request, response, next) {
if (request.method === 'POST') {
var registerData = {
username: request.body['username'],
password: request.body['password'],
email: request.body['email'],
firstName: request.body['firstName'],
lastName: request.body['lastName'],
};
register(registerData, function(error, someDataIfSucceed) {
if (error) {
//Re-post the data so the user wont have to fill the form again
//Sanitize registerData variable here.
return response.render('register', {
error: error,
validationErrors: error.validationErrors
});
};
//User registered succesfully.
return response.render('registerSuccess');
});
return;
}
return response.render('register');
}
我看到有2个选项.
小智 5
如果你使用Express,一个有趣的选择是:
使用基于节点验证器的express-validator创建中间件并将其用作验证层.例如(请参阅所有验证/清理选项的node-validator文档):
exports.validate = function(req, res, next) {
req.assert('username').notEmpty();
req.assert('password').notEmpty();
req.assert('email').isEmail();
req.assert('firstName').len(2, 20).xss();
req.assert('lastName').len(2, 20).xss();
var errors = req.validationErrors(true);
if (errors){
res.status(400).json({ status: 'ko', errors: errors });
}
else {
next();
}
}
然后,在您的控制器中,只需获取经过验证的请求参数并运行注册逻辑(您的register函数调用和响应呈现),
恕我直言,这样你可以保持你的代码更干净和解耦.
| 归档时间: |
|
| 查看次数: |
6257 次 |
| 最近记录: |