Implementing Data Validation in Node.js with Yup and Express

Learn to validate data in Node.js using Yup and Express, ensuring robust APIs with reusable schemas, middleware, and error handling.

Data validation is an essential part of developing robust applications. It ensures that the data received by your API meets the expected structure and constraints. In this article, we’ll explore how to perform data validation in a Node.js application using the Yup library and the popular Express framework.

Why Use Yup?

Yup is a JavaScript schema builder and validator with a declarative API for defining validation rules. It is a powerful and flexible library offering features such as:

• Schema Composition: Reusable validation schemas.
• Nested Validation: Validate deeply nested objects and arrays.
• Custom Messages: Tailor error messages to your needs.
• Asynchronous Validation: Handle validations that require async checks (e.g., checking unique values in a database).

Let’s start by setting up a simple Express application and integrating Yup for data validation.

Install Required Dependencies

Run the following command to install Express and Yup:

npm install express yup        

Create the Basic Server

Set up an Express application. Create a file named server.js and include the following code:

import express from 'express';

const app = express();

// Middleware to parse JSON payloads
app.use(express.json());

app.listen(3000, () => {
  console.log('Server is running on https://localhost:3000');
});        

Define a Validation Schema

Create a file schemas.js to define a validation schema. This schema will validate the payload for a user registration endpoint:

import * as yup from 'yup';

export const userSchema = yup.object({
  name: yup.string().required('Name is required').min(3, 'Name must be at least 3 characters'),
  email: yup.string().required('Email is required').email('Invalid email format'),
  password: yup.string().required('Password is required').min(8, 'Password must be at least 8 characters'),
});        

Create a Validation Middleware

To validate requests dynamically based on the schema, create a reusable middleware function. Add this to a file named validate.js:

export const validate = (schema) => async (req, res, next) => {
  try {
    await schema.validate(req.body, { abortEarly: false }); // Validate the request body
    next(); // Proceed to the next middleware or route
  } catch (error) {
    res.status(400).json({ errors: error.errors }); // Return validation errors
  }
};        

Integrate Validation in Routes

Now, add the validation logic to your routes. Modify server.js to include the user registration endpoint:

import { validate } from './validate.js'; // Validation middleware
import { userSchema } from './schemas.js'; // User schema

app.post('/register', validate(userSchema), (req, res) => {
  res.status(201).json({ message: 'User registered successfully', data: req.body });
});        

Testing the Validation Logic

Testing with Invalid Data

Send an invalid request using curl or a tool like Postman:

curl -X POST https://localhost:3000/register \
-H "Content-Type: application/json" \
-d '{
  "name": "Jo",
  "email": "invalid-email",
  "password": "123"
}'        

Response:

{
  "errors": [
    "Name must be at least 3 characters long",
    "Invalid email format",
    "Password must be at least 8 characters long"
  ]
}        

Testing with Valid Data

curl -X POST https://localhost:3000/register \
-H "Content-Type: application/json" \
-d '{
  "name": "John Doe",
  "email": "[email protected]",
  "password": "securePassword123"
}'        

Response:

{
  "message": "User registered successfully",
  "data": {
    "name": "John Doe",
    "email": "[email protected]",
    "password": "securePassword123"
  }
}        

Advanced Yup Features

Nested Object Validation

If your data includes nested objects, Yup handles them seamlessly:

const profileSchema = yup.object({
  user: yup.object({
    name: yup.string().required('User name is required'),
    email: yup.string().email('Invalid email format').required(),
  }),
  age: yup.number().positive('Age must be positive').required(),
});        

Array Validation

Validate arrays using yup.array():

const tagsSchema = yup.object({
  tags: yup.array().of(yup.string().min(2)).required(),
});        

Custom Validations

Define custom rules for specific requirements:

const customPasswordSchema = yup
  .string()
  .test('has-special-char', 'Password must contain at least one special character', (value) => {
    return /[!@#$%^&*]/.test(value);
  });        

Error Handling in Production

For production environments, you can centralize error handling for validation and other errors. Use an Express error-handling middleware:

app.use((err, req, res, next) => {
  if (err.name === 'ValidationError') {
    return res.status(400).json({ errors: err.errors });
  }
  console.error(err); // Log unexpected errors
  res.status(500).json({ message: 'Internal Server Error' });
});        

Conclusion

Integrating Yup with Express provides a powerful, flexible, and scalable solution for data validation. It allows developers to focus on core business logic while ensuring the integrity of incoming data. By leveraging Yup’s declarative API, you can simplify validation, maintain cleaner code, and provide better error messages to users.

This setup can be extended to handle dynamic schemas, database lookups for unique values, or even validate query parameters and headers. Start using Yup today to streamline your validation process and build more reliable Node.js applications!