Kommissar

Kommissar is hybrid Validation Framework for the client and the node.js server. The validation rules can be reused.

This guarantees a consistency in client side validation and security validation of the untrusted user data.

Example

I deployed a working example. You can view the source of the example on GitHub. Have a look.

validations

validations are the methods used for validations. Kommissar provides basic methods like isInt, isEmail, len, min, max, ...

You can find the complete list of available methods at node-validator.

If you want to add custom rules the signature of the functions is the following

customRule = (objectToValidate, parameter0, ..., parameterN)

which should return a boolean value

rules

Example rule

userRule = (check)
    # simple rule 
    check('email').isEmail()
    # optional error messages are supported 
    check('password', 'Your Password is too short.').len 8
    # rule are chainable 
    check('string').len(8,64).isAlpha()
    # check if a field is valid in dependency on another field 
    # this rule makes sense if the user wants to edit its 
    # profile and the rule has to check if *no other* user 
    # has this email 
    check.('email').isUnique().with('id')

Rules should be stored in a single file that is made available to the server and the client.

All available validation methods are imported from node-validator. You can have a look at the available validations.

If you want to use custom validations, just extend kommissar.validation:

enable middleware validation (server)

app.post '/route',
    kommissar.middleware() userRule,
    updateModelWithNewDataMiddleware

This will only process updateModelWithNewDataMiddleware if the validation of userRule with the body was successful.

The signature of kommissar.middleware is

kommissar.middleware = (validations, failureMiddleware, successMiddleware)

validations are the available validations. The default option is to use the validations from kommissar.validations. If you want to extend the available validations with custom one, you can use this option.

failureMiddleware is the middleware that gets executed if the verification failed. On default this returns a Bad Request Status Code.

successCallback is executed if the verification was successful. On default this continues with the next middleware. In the example this would be the updateModelWithNewDataMiddleware

enable middleware in the client

It is required that this module with all requirements is available for the client. In the example browserify is used.

form = $ '#form'
kommissar.clientValidate form, validations, rule, callback

Enables the form #form for the validation. The validation is executed if the user presses the submit button.

After the validation is finished the callback is called with the results.

The callback has to decide what to do. An example callback can be found in kommissar.bootstrapDefault, this callback is optimized to print the error messages next to the form in an vanilla bootstrap page.

Concept

Asynchron Validation

The rules need to allow asynchronous validation. For example checking the avalability of an username on the client is asynchronous. Thus a validation framework has to deal with asynchron validation

Isolation

A Validation framework should be decoupled to allow unit testing. It should be easy to unit test the rules. This framework should not force the user to implement the validation process in a specific way.

Easy to use

Writting rules should be fast and easy.

Basic Rules

Default Validators (like isInt, len) should be available by default. It should also be easy to drop in custom rules (like isUsernameTaken).