search

martini-contrib / binding

Martini handler for mapping and validating a raw request into a structure.
MIT License
140 stars 45 forks source link

suggestion: allow preprocessing of params #12

Closed forwardever closed 10 years ago

forwardever commented 10 years ago

allow preprocessing of params (before validation) via e.g. Preprocess (binding.Preprocess)

use cases: remove leading zeros remove spaces

before putting data into a struct before validating data

Preprocess might receive req.Form use "Set(key, value string)" to modify value

not sure whether to make a copy of req.Form or just modify it

mholt commented 10 years ago

Thanks for your feedback, @forwardever! Help me understand a little better.

What would preprocess do that is different from validation? Where do we draw the line between those two concepts? And also, are there enough standard, common, pre-processing operations that it would merit its own martini-contrib middleware? (At the moment, if this were to be made, I don't think it should be built into the binding package.)

For the use cases you've mentioned, though definitely valid, I'd just write my own middleware or simply have my validation step doing them... they're one- or two-liners.

forwardever commented 10 years ago

it seems that the validator already gets a populated struct

so it might be to late to filter parameters there

lets say a user submits a price, but enters a white space (unintentionally or not), parsing might fail if you require a floating-point number (of course, client side validation is also an option)

You wrote: "For the use cases you've mentioned, though definitely valid, I'd just write my own middleware" It might make sense to create a separate middleware, but this also might make sense for validation.

So I think while creating a separate middleware might make sense, getting parameter processing in a central place also has advantages.

I'm new to golang and martini and just writing kind of a prototype to evaluate my options, so not sure if I got everything right.

mholt commented 10 years ago

That might be a great middleware for your project. I'm just not sure it belongs in this package. I do believe sanitizing user input is different from validating it. I, for one, would have my client app sanitize data before sending it -- things like trimming whitespace and leading zeroes -- basic formatting.

If it's alright, I'm going to close the issue -- thanks for helping me understand it! I definitely think that sanitizing input needs to happen somewhere, though.