Why is data validation important? What are effective ways to ensure data is valid? In this session we'll explore how data validation is directly linked to security, stability and developer productivity when dealing with untrusted or unknown data sources. We'll discuss the dangers of code that does not validate its data - everything from injection to DOS attacks. We'll go hands on with joi (https://github.com/hapijs/joi) and Express (http://expressjs.com/) to see how data validation can make code easier to work with. No more "Uncaught ReferenceError" or if null checks littered around the code base. In the end, we'll see how code can be secure, stable and magically awesome to work with.
16. All In
const schema = Joi.object().keys({
username: Joi.string().email({tldWhiteList: ["wildworks"]}).required(),
});
Joi.validate({
username: "paul.milham@wildworks.com",
password: "justinbieber",
}, schema, (err, value) => {
console.log(err); // justinbieber is not allowed
});
17. All In
• Validating one field means validating them all
• Hard for devs to forget
18. Data Normalization
• Normalization is being a good citizen
• Normalization creates a contract with your consumer
• Normalization goes a lot deeper than this (we'll get to that later)
21. Tean
•Declarative syntax (schemas are POJOs)
•Async
•Convert data into models
•Strict by default
•https://www.npmjs.com/package/tean
•Note that custom validators were recently added to Joi
23. Tean Failure
tean.object({animal: "string"}, {animal: null}, (isValid, result) => {
console.log(isValid); // false
console.log(result); // ["animal (null) is not a string"]
});
24. Tean Normalization
// optional parameters
tean.object({animal: “string(kangaroo,tiger)=tiger”, sparkles: "bool=true"}, {animal: "tiger"},
(isValid, result) => {
console.log(isValid); // true
console.log(result); // {animal: "tiger", sparkles: true}
// Note that the original object is not altered! Normalized and validated data is passed into
"result" in the callback
});
35. Take Away
• FORCE validation of data - an opt in system isn't good enough
• Make sure shape of data is acceptable
• No validation, no data
• This ensures malicious data does not enter your application
36. Take Away
• FORCE normalization of data shape
• Data should always have a consistent shape
• Make data access and usage reliable
• Eliminates lots of “stupid” bugs
37. On the Way Out
• Have you thought about data security on the way out?
• Mind blown!
• Prevent Data Leaks from "heartbleed" or SQL Injection
• Provide same stability contract for your client app