I have requests in my controller, the @Param is the string version of the MongoId.
If I call this request with an invalid format of the string, not Matching the MongoId format, the request goes through until the MongoDB call throws an internal server Error.
How do I validate that for example "aaa" or "ANWPINREBAFSOFASD" is not validated and stops as early as possible in my requests
Current Controller Endpoint:
@Get(':id')
@ApiOperation({ summary: 'Get nice information' })
findOne(
@Param('id') id: string) {
return this.niceService.findOne(id);
}
The service that is called:
async findOne(id: string): Promise<NiceDocument> {
const niceResult: NiceDocument = await this.NiceSchema.findById(id)
if (!niceResult) {
throw new NotFoundException()
}
return table
}
CodePudding user response:
The answer to this is to use a custom Validation pipe:
Create the pipe and export it:
import { ArgumentMetadata, BadRequestException, Injectable, PipeTransform } from "@nestjs/common";
import {ObjectId} from 'mongodb'
@Injectable()
export class ValidateMongoId implements PipeTransform<string> {
transform(value: string, metadata: ArgumentMetadata): string{ // Optional casting into ObjectId if wanted!
if(ObjectId.isValid(value)){
if((String)(new ObjectId(value)) === value)
return value;
throw new BadRequestException
}
throw new BadRequestException
};
}
Use the pipe in the controller to validate the string
@Get(':id')
@ApiOperation({ summary: 'Get nice information' })
findOne(
@Param('id', ValidateMongoId) id: string) {
return this.niceService.findOne(id);
}
Alternatively you could change the returntype in the pipe from string to ObjectId if you are using mongoDB instead of mongoose, mongoose supports requests witht he id in a string format
CodePudding user response:
use class-validator in nestjs
by using @IsMongoIdObject()
like this:
class ParamDTO{
@IsMongoIdObject()
id:string
}
----Your Funcation---
@Get(':id')
@ApiOperation({ summary: 'Get nice information' })
findOne(
@Param() id: ParamDTO) {
return this.niceService.findOne(id.id);
}