Nice article, one thing I’m missing though in your final result is where do you validate the…
Alex Beauchemin

Great question!

I am sorry the result doesn’t follow the initial case, like you would have probably expected. Although it is similar, I thought it might be better to post somewhat more complete examples (i.e. including more services) so as to proof the concept.

Am I missing something?

You’re right! It is not there, not even as Model properties nor validators in the featured User Model.

Just wondering where the validation for request params should happen.

You will find mixed opinions about that. However, most seem to agree that you should do as much validation as you can inside your models.

A couple references: MVC in general, Node.js specific.

The reason is simple, the latter you do the validation the less chances are that developers miss it somehow.

As for the username not being blank, unless you have a very good reason not to do so, I would control it on the Model (as a property in this case required: true ). Not only it is more secure, but also it is quicker to implement. You can either handle Model errors with user.validate() or effortless when you , which automatically returns a JSON-like response.

Like it says on the first link I just wrote you, controllers are good to transforms values that come from the user to make them understandable for your services and Model. The verify password, which is never a field on the Model or if you have a certain choices which you have to translate to another thing before being able to properly store them on a Model.

Also, it is also possible to do validation both on the controller and the Model.

Although that would be secure too (not necessarily more secure), I would avoid doing so since it would result in redundant code (including tests) that will have to be updated everywhere, even if you are sharing the validation functions.