hapi — Path Parameter Validation With Joi

The process of validating input data is important to avoid security issues or application errors due to malicious intentions by users. It’s essential that you never trust user data, because there’s always the one user that just wants to test if your application has the security glitch and only wants to test the XSS they previously read about …

Validating the user input also applies to path parameters and within this tutorial you’ll make use of joi for that use case.

hapi Series Overview

Prepare Your Project and Install Joi

You’ll use the joi module for object schema validation from within hapi’s plugin ecosystem to validate one or many path parameters. Before defining the validation itself, you need to add joi as a dependency to your project:

npm i -S joi  

Installation process finished successfully? Your project is ready to make use of joi for input validation.

Use Joi for Path Parameter Validation

Path parameters are configured within the route setup of your hapi server. While adding various routes, you’re already defining different types of path parameters, like optional or wildcard parameters.

While adding individual routes, you can also apply the validation that should be used for any request that hits the related endpoint. The following code snippet illustrates the actual validation configuration.

In case you’ve path parameter validation in place, hapi applies the defined constraints. Depending on whether the given path parameter data passes the validation process successfully, the request will be proceeded by calling the route handler. If validation fails, hapi will reply with a detailed boom error object including the reason why validation went south.

var Joi = require('joi')

server.route({  
  method: 'GET',
  path: '/tutorials/page/{page}',
  config: {
    handler: …function (request, reply) {
      reply('Hello Future Studio')
    }
    validate: {
      params: {
        page: Joi.number().min(1)
      }
    }
  }
})

Within the code block above, you can see how to apply validation by defining a configuration object for config.validate within your route. To validate path parameters, provide each path parameter within a params object. And within that object, the property name represents the path parameter name and its value contains the actual joi validation constraints.

You can find all applicable methods and constraints within joi’s API reference.

Notice: if you apply validation to one of your path parameters, you need to provide the validation configuration for all other parameters as well.

Outlook

This tutorial walked you through the setup of path parameter validation for a given route by applying constraints using joi. You should never trust provided data from your users and always make sure the input is validated against a set of rules that make sure your server won’t get compromised.

Please keep in mind, that you need to define the validation for each of your parameters and you can’t just pick your favorites. Joi won’t allow only a subset of path parameters to be validated.

Are you looking for a guide to deploy your hapi apps in a zero-downtime manner? Follow the link!

Do you have a question or comment that you would like to ask or share? Please don’t hesitate to leave a comment below or tweet us on Twitter @futurestud_io.

Make it rock & enjoy coding!


Additional Resources

  • Joi validation library on GitHub
  • HTTP-friendly error handling: boom

Explore the Library

Find interesting tutorials and solutions for your problems.