Skip to main content

Request Validation

Request Validation0

1. Problem Statement

A Day at “BrightFuture University” Admissions

BrightFuture University’s admissions office is flooded with thousands of online applications every year.

  • Some students submit forms with missing grades or essays.

  • Others accidentally enter their birthdate as “202” or upload a selfie instead of a transcript.

  • Occasionally, a student’s application is processed even though their contact info is incomplete, making it impossible to send them an offer letter.

  • Sometimes, students are rejected for “missing documents” when they actually uploaded everything, but the system failed to check properly.

The challenge:
How do you ensure that every application is complete, accurate, and checked for mistakes before it’s processed-so no deserving student is lost, and no time is wasted on incomplete forms?

2. Learning Objectives

By the end of this lesson, you’ll be able to:

  • Understand the importance of request validation for data quality and fairness.

  • Use express-validator or class-validator to enforce rules on incoming data.

  • Provide clear, actionable feedback to users when their input is invalid.

  • Prevent downstream errors and confusion by catching mistakes early.

3. Concept Introduction with Analogy

Analogy: The University Admissions Desk

Imagine a real admissions desk:

  • Every application is checked by a staff member before it goes to the review committee.

  • If a transcript is missing, the staff immediately asks the student to provide it-no application moves forward until all requirements are met.

  • If a student writes their name in the “essay” field, the staff gently points out the mistake and helps them fix it.

  • Only complete, correct applications reach the decision-makers, ensuring a fair and efficient process.

Request validation in software is like this admissions desk: it ensures that every submission is checked for completeness and correctness before it enters the system.

A. Why Validate Requests?

  • Garbage In, Garbage Out: If you accept bad data, your system will produce bad results.

  • User Experience: Clear feedback helps users fix mistakes quickly.

  • Security: Prevents malicious or malformed data from causing issues.

  • Efficiency: Saves time by catching errors before they reach deeper parts of the system.

B. Validation with express-validator (Declarative, Middleware-Based)

  • Middleware approach: validation runs before your main logic.

  • Each rule checks a specific field and fails fast if something’s wrong.

C. Validation with class-validator (Decorator-Based, TypeScript/OOP Friendly)

  • Uses decorators on classes to define rules.

  • Great for projects using TypeScript and classes.

5. Step-by-Step Data Modeling & Code Walkthrough

Let’s walk through how “BrightFuture University” ensures every application is perfect before it’s reviewed:

A. Designing the Application Data Structure

Picture the chaos if applications were still paper forms: some missing essays, some with unreadable birthdates, and some with no contact info.
To fix this, the university creates a clear digital structure for every application-so nothing is forgotten, and every reviewer knows exactly what to expect.

interface Application {
 name: string;
 email: string;
 birthdate: string;
 grades: number[];
 essay: string;
 recommendationLetter: string; // URL to a file
}

Explanation:

  • Every application must have a name, email, birthdate, grades, essay, and a link to a recommendation letter.

  • By making these fields required, the system ensures no application is missing crucial details.

B. Setting Up Validation Rules

Imagine the admissions staff with a checklist for every application:

  • Is the name filled in?

  • Is the email valid?

  • Is the birthdate a real date?

  • Are there grades for at least one subject?

  • Is the essay long enough?

  • Is the recommendation letter a real link?

We translate this checklist into code using express-validator:

import { body, validationResult } from "express-validator";

const applicationValidation = [
 body("name")
   .isString()
   .notEmpty()
   .withMessage("Name is required"),
 body("email")
   .isEmail()
   .withMessage("Valid email is required"),
 body("birthdate")
   .isISO8601()
   .withMessage("Birthdate must be a valid date (YYYY-MM-DD)"),
 body("grades")
   .isArray({ min: 1 })
   .withMessage("At least one grade is required"),
 body("grades.*")
   .isNumeric()
   .withMessage("All grades must be numbers"),
 body("essay")
   .isLength({ min: 100 })
   .withMessage("Essay must be at least 100 characters"),
 body("recommendationLetter")
   .isURL()
   .withMessage("A valid recommendation letter link is required"),
];

 ```typescript

**Explanation:**

-   Each rule matches a real admissions requirement.
   
-   If any rule fails, the application is rejected with a specific message.
   

**C. Implementing the Route Handler**


Just like a staff member checking each application, our route handler reviews the checklist and gives instant feedback if anything is missing or wrong.

```typescript
app.post("/apply", applicationValidation, (req, res) => {
 const errors = validationResult(req);
 if (!errors.isEmpty()) {
   // Return all validation errors
   return res.status(400).json({ errors: errors.array() });
 }
 // If we reach here, the application is valid!
 res.json({ status: "Application received!" });
});

Explanation:

  • validationResult(req) collects any problems found by the validation rules.

  • If there are errors, the applicant gets a full list of what to fix-no more guessing.

  • Only applications that pass every check are accepted for review.

D. How This Solves the University’s Problems

  • No more missing essays or grades: The system blocks incomplete applications.

  • No more invalid emails or birthdates: Only real, usable contact info is accepted.

  • No more lost students: Every valid applicant gets a fair chance, and no one is rejected due to a system oversight.

  • Clear, actionable feedback: Students know exactly what to fix, reducing frustration and support requests.

E. Visualizing the Validation Flow

text

[Student submits application] ↓ [Validation Middleware: Checks every field] ↓ [If errors: Respond with all problems] ↓ [If valid: Application accepted for review]

Example error response:


{
"errors": [
  { "msg": "Valid email is required", "param": "email" },
  { "msg": "Essay must be at least 100 characters", "param": "essay" }
]
}

6. Interactive Challenge / Mini-Project

Your Turn!

  • Add a validation rule that requires a “portfolioLink” field to be a valid URL (for art applicants).

  • If missing or invalid, return an error message: “A valid portfolio link is required for art applicants.”

7. Common Pitfalls & Best Practices

PitfallBest Practice
Only checking some fieldsValidate every required field
Returning generic errorsGive specific, actionable feedback
Validating after business logicAlways validate first
Not handling arrays or nested dataUse grades.* or nested DTOs
Ignoring validation errorsAlways check and return errors

8. Quick Recap & Key Takeaways

  • Request validation is your first line of defense for data quality.

  • Use express-validator or class-validator to enforce rules.

  • Always validate before processing.

  • Give users clear feedback so they can fix mistakes.

  • A well-validated system is fairer, safer, and more efficient.

9. Optional: Programmer’s Workflow Checklist

  • Define all required fields and their types.

  • Use validation middleware before any business logic.

  • Return all validation errors in a friendly format.

  • Test with missing, invalid, and edge-case data.

  • Document validation rules for users and staff.

10. Coming up next

Learn how to combine validation with authentication and authorization, so only the right people can submit or review applications!