Validation & Sanitization
Currently inputs received by the server are not checked. Everyone could send anything when requesting POST /api/todos
. That's why client inputs cannot be trusted.
You will use the ValidateBody
and ValidatePathParam
hooks to validate and sanitize incoming data.
A hook is a decorator that is attached to a route handler (a controller method). It is executed before the method and is therefore particularly suitable for validation or access control.
The ValidateBody
and ValidatePathParam
check respectively the body
and params
properties of the request object. They take a schema as unique argument.
FoalTS uses Ajv, a fast JSON Schema validator, to define its schemas.
Let's add validation and sanitization to your application. In fact, you have already defined the todo schema in the create-todo
script earlier.