Using AJV for schema validation with NodeJS

If you’re a web developer, especially backend developer, who develops APIs, among the gazillion things you need to consider is validating user input and preventing security leaks from a possible malicious user. Validating requests that hit our API is simply a MUST if you want to have a secure web application.

Manually checking payload properties and validating them can be of good use when you’re dealing with a type of pre-defined data with few properties that won’t subdue any major changes. However, dealing with bigger objects and their properties can be painful and slow if you’re using standard manual methods of validation instead of something like AJV.

AJV stands for Another JSON Schema Validator and represents the fastest validator for JSON schemas around. You can easily find it on npm and in the official github repo.

Let’s go through a simple example where we’ll see how to apply AJV within our NodeJS app.

Suppose you have an entity with the following structure (Typescript):

As you can see, there are plenty of things to be validated here. I’ll ignore the fact that there are database-level constraints I’ve previously defined. Validating the user’s input before it reaches any service that communicates with the database is something you always want to do.

Installing AJV

This is an easy step since AJV is available as an npm package. We will just do the following:
npm i ajv

Defining our JSON Schema

I won’t go into the JSON Schema details. You can find more info here. I’ll explain defined properties as we go.

Here we have defined our JSON schema with our properties and set some rules for each one of them.

There are plenty of other attributes you can find in the official documentation. We have set our rules for required properties, and each property has its own constraints defined, and that is what’s important.

Be cautious when defining rules here if your model will be persisted into the database and make sure rules here don’t break the rules defined on the database level.

Using ajv to validate against the defined schema

import tutorSchema from './schema/tutor-schema.json';
import ajv, { ErrorObject } from 'ajv';

We’ll import our ajv library and the ErrorObject for accessing validation error properties if you want to do some parsing, as well as our defined schema.

1. We’re initializing our ajv with the following options of allErrors and async for asynchronous usage.
   allErrors option is very important. If not provided, the program will end after the first validation first occurs.
2. The next step is to compile our schema using the compile method that will create a validate function for our schema. This is a faster way of validating by compiling our schema.
3. We use our validate method to validate against our model that represents our user input.
4. We check if there are some errors and can do some parsing

Here I’ve created a small parser method for parsing our errors (this is just for testing purposes and my predefined properties, you should use some of the npm libraries for humanizing ajv errors).

If I send some invalid payload towards my API, I’ll get a response like this:

Ajv does not format our error messages. We can directly access ErrorObject and do some parsing instead, or use another library such as better-ajv-errors to humanize our error messages. In the end, it all should be readable to end users without any generic data.