为什么 express-validator 不拒绝这个请求?
Why is express-validator not rejecting this request?
为什么 express-validator 不拒绝这个请求?
import { Router, Request, Response } from 'express'
import { header } from 'express-validator'
if (!process.env.CRONJOB_SECRET) {
console.error('Please set CRONJOB_SECRET')
process.exit(1)
}
const router = Router()
/**
* start/stop jobs every minute
*/
router.get(
'/start-stop-jobs',
header('x-cronjob-secret').equals(process.env.CRONJOB_SECRET),
async (req: Request, res: Response) => {
const log = {
secret: process.env.CRONJOB_SECRET,
equals: req.headers['x-cronjob-secret'],
started: [],
stopped: [],
error: {},
}
// stop any events
console.log('Completed /start-stop-jobs', log)
return res.json({ status: 'ok', log })
},
)
当我 GET /start-stop-jobs 没有 header 时,我得到这样的回复:
{"status":"ok","log":{"secret":"CRONJOB_SECRET","started":[],"stopped":[],"error":{}}}
这似乎是一个微不足道的用例。我错过了什么?
那应该是因为“express-validator”需要调用另一个 validationResult 函数。每 the doc:
// ...rest of the initial code omitted for simplicity.
const { body, validationResult } = require('express-validator');
app.post(
'/user',
// username must be an email
body('username').isEmail(),
// password must be at least 5 chars long
body('password').isLength({ min: 5 }),
(req, res) => {
// Finds the validation errors in this request and wraps them in an object with handy functions
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
User.create({
username: req.body.username,
password: req.body.password,
}).then(user => res.json(user));
},
);
请注意在验证规范代码之后对 const errors = validationResult(req); 的调用,如果有错误会导致立即返回 res.status(400)。那是您的代码中缺少的部分。
如果您不想重复代码,可以将此功能提取到另一个中间件中
// middlewares/handleValidationError.js
const { validationResult } = require("express-validator");
exports.handleValidationError = function (req, res, next) {
// Finds the validation errors in this request and wraps them in an object with handy functions
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
next();
};
// Using the middleware
// App.js
const { handleValidationError } = require("/middlewares/handleValidationError");
router.get(
"/start-stop-jobs",
header("x-cronjob-secret").equals(process.env.CRONJOB_SECRET),
handleValidationError,
async (req: Request, res: Response) => {
const log = {
secret: process.env.CRONJOB_SECRET,
equals: req.headers["x-cronjob-secret"],
started: [],
stopped: [],
error: {},
};
// stop any events
console.log("Completed /start-stop-jobs", log);
return res.json({ status: "ok", log });
}
);
为什么 express-validator 不拒绝这个请求?
import { Router, Request, Response } from 'express'
import { header } from 'express-validator'
if (!process.env.CRONJOB_SECRET) {
console.error('Please set CRONJOB_SECRET')
process.exit(1)
}
const router = Router()
/**
* start/stop jobs every minute
*/
router.get(
'/start-stop-jobs',
header('x-cronjob-secret').equals(process.env.CRONJOB_SECRET),
async (req: Request, res: Response) => {
const log = {
secret: process.env.CRONJOB_SECRET,
equals: req.headers['x-cronjob-secret'],
started: [],
stopped: [],
error: {},
}
// stop any events
console.log('Completed /start-stop-jobs', log)
return res.json({ status: 'ok', log })
},
)
当我 GET /start-stop-jobs 没有 header 时,我得到这样的回复:
{"status":"ok","log":{"secret":"CRONJOB_SECRET","started":[],"stopped":[],"error":{}}}
这似乎是一个微不足道的用例。我错过了什么?
那应该是因为“express-validator”需要调用另一个 validationResult 函数。每 the doc:
// ...rest of the initial code omitted for simplicity.
const { body, validationResult } = require('express-validator');
app.post(
'/user',
// username must be an email
body('username').isEmail(),
// password must be at least 5 chars long
body('password').isLength({ min: 5 }),
(req, res) => {
// Finds the validation errors in this request and wraps them in an object with handy functions
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
User.create({
username: req.body.username,
password: req.body.password,
}).then(user => res.json(user));
},
);
请注意在验证规范代码之后对 const errors = validationResult(req); 的调用,如果有错误会导致立即返回 res.status(400)。那是您的代码中缺少的部分。
如果您不想重复代码,可以将此功能提取到另一个中间件中
// middlewares/handleValidationError.js
const { validationResult } = require("express-validator");
exports.handleValidationError = function (req, res, next) {
// Finds the validation errors in this request and wraps them in an object with handy functions
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
next();
};
// Using the middleware
// App.js
const { handleValidationError } = require("/middlewares/handleValidationError");
router.get(
"/start-stop-jobs",
header("x-cronjob-secret").equals(process.env.CRONJOB_SECRET),
handleValidationError,
async (req: Request, res: Response) => {
const log = {
secret: process.env.CRONJOB_SECRET,
equals: req.headers["x-cronjob-secret"],
started: [],
stopped: [],
error: {},
};
// stop any events
console.log("Completed /start-stop-jobs", log);
return res.json({ status: "ok", log });
}
);