Custom validators/sanitizers
Although express-validator offers plenty of handy validators and sanitizers through its underlying dependency validator.js, it doesn't always suffice when building your application.
For these cases, you may consider writing a custom validator or a custom sanitizer.
Custom validator
A custom validator may be implemented by using the chain method .custom()
.
It takes a validator function.
Custom validators may return Promises to indicate an async validation (which will be awaited upon),
or throw
any value/reject a promise to use a custom error message.
Note: if your custom validator returns a promise, it must reject to indicate that the field is invalid.
Example: checking if e-mail is in use
const { body } = require('express-validator');
app.post('/user', body('email').custom(value => {
return User.findUserByEmail(value).then(user => {
if (user) {
return Promise.reject('E-mail already in use');
}
});
}), (req, res) => {
// Handle the request
});
Example: checking if password confirmation matches password
const { body } = require('express-validator');
app.post('/user', body('passwordConfirmation').custom((value, { req }) => {
if (value !== req.body.password) {
throw new Error('Password confirmation does not match password');
}
// Indicates the success of this synchronous custom validator
return true;
}), (req, res) => {
// Handle the request
});
Custom sanitizers
Custom sanitizers can be implemented by using the method .customSanitizer()
, no matter if
the validation chain one or
the sanitization chain one.
Just like with the validators, you specify the sanitizer function, which must be synchronous at the
moment.
Example: converting to MongoDB's ObjectID
const { param } = require('express-validator');
app.post('/object/:id', param('id').customSanitizer(value => {
return ObjectId(value);
}), (req, res) => {
// Handle the request
});