search

arb / celebrate

A joi validation middleware for Express.
MIT License
1.34k stars 66 forks source link

Celebrate stripping out all keys #26

Closed viztastic closed 7 years ago

viztastic commented 7 years ago

My joi schema looks like this:

 export const JUserSchema = Joi.object().keys({
        "name"          : Joi.string().min(3).max(200).required(),
        "description"   : Joi.string().min(0).max(2000).optional()
});

Here is an example value that is not working as expected:

  curl -H "Content-Type: application/json" -X POST -d '{"name":"test", "description":"xyz"}' http://localhost:5000/users

The issue I am having with celebrate is:

import { JUserSchema } from '../schemas/joi/user';
import { MUser } from '../schemas/users';

const Celebrate = require('celebrate');
const users = Router();

users.post('/', Celebrate({body:JUserSchema}), function(request, response, next) {

    MUser.create(request.body, function(error,doc) {
        if(error) response.status(500).json(error);

        response.status(200).json(doc);
    });
 });

Basically this goes ahead and creates an object without the name and description keys (i.e. an object with just the mongo id), even though it is a compliant object. The same happens when the object is incorrectly sent (e.g. if i remove the name key from the POST submission)

So there are three issues:

  1. It is lettering error prone objects flow past the middleware.
  2. They are getting created.
  3. No proper error messaging
arb commented 7 years ago

Can you create a simpler example that demonstrates your problems? Preferably one that doesn't have any notion of mongoDB or multiple routers and is contained in a single file.

How are you verifying that the objects are being created? Looking at your code, it looks like this route will always respond with a 200 because even in error cases, you aren't returning early, so the 200 line will get called always.

As far as no proper error messaging... do you have an error handler in your router somewhere like https://github.com/continuationlabs/celebrate#celebrateerrors or something similar at the bottom of your routing table?

cjihrig commented 7 years ago

Ping @viztastic

cjihrig commented 7 years ago

No follow up. Closing.