class-validator CLI Plugin? | NestJS | Page 1

pine fable Jan 10, 2025, 4:19 AM

#

I just enabled the swagger CLI plugin in my project and its so good, now I'm wondering if we can't have the same thing for class-validator, to get all the types from typescript and use those to add validation rules instead of having to add a decorator for every property.

So, the following dto can just be written like a plain class

export class CreateUserDto {
  @IsString()
  email: string;

  @IsString()
  password: string;

  @IsEnum(RoleEnum)
  roles: RoleEnum[] = [];

  @IsOptional()
  @IsBoolean()
  isEnabled?: boolean = true;
}

can be just this:

export class CreateUserDto {
  email: string;
  password: string;
  roles: RoleEnum[] = [];
  isEnabled?: boolean = true;
}

I imagine it should be possible since the swagger cli plugin does the same thing for swagger, and I imagine the code from the swagger plugin could be reused to build this ( I think... I haven't looked at the plugin's code ). But I just wanted to ask if something like this already exists? or is someone working on this? I would like to try and implement this if not.

similiar stackoverflow post: https://stackoverflow.com/questions/76944629/how-to-automatically-add-type-validation-decorators-to-nestjs-dto

lucid prism Jan 10, 2025, 7:36 AM

#

Be careful, remember that static typing does not exist in javascript, when you transpile the code, types and interfaces will not exist.

If you want to force typing at run time in js, you can try to initialize a default value, like email: string = "";

But I'm not sure if this guarantees you from receiving invalid data.

#

And another thing, I don't see any problem in using validation decorators, it doesn't look ugly, it doesn't look bad and everyone uses it.

Besides, you usually have few fields in the body, if your request is receiving 40 fields for example, something is not right.

#

And just one more detail that has nothing to do with the problem, if you are just testing this and that, ok. But in a real application, never send the roles or isEnable of something via the client, this can be intercepted in Burp and everything goes down the drain.

#

And about the StackOverflow topic, if you want a way to just receive what's in the data and nothing else, this might help you
https://docs.nestjs.com/techniques/validation#transform-payload-objects

Documentation | NestJS - A progressive Node.js framework

Nest is a framework for building efficient, scalable Node.js server-side applications. It uses progressive JavaScript, is built with TypeScript and combines elements of OOP (Object Oriented Programming), FP (Functional Programming), and FRP (Functional Reactive Programming).

lucid prism Jan 10, 2025, 8:15 AM

#

This also may help

https://discord.com/channels/520622812742811698/1320704805940891699

pine fable Jan 10, 2025, 11:42 AM

#

lucid prism Be careful, remember that static typing does not exist in javascript, when you t...

I'll try to respond to everything

Be careful, remember that static typing does not exist in javascript, when you transpile the code, types and interfaces will not exist.

Yep... if typescript was a "real" language, this wouldn't be a problem at all XD. but yes, that's why I'm looking for something like this, that would run at build time, and parse the typescript types, and based on those types, essentially "add the decorators" to my dto, so the final result will still have the same effect as if I defined the dto class with all the class-validator decorators.

And I already have the global validation pipe with transform, whitelist, so receiving invalid data is taken care of.

And another thing, I don't see any problem in using validation decorators, it doesn't look ugly, it doesn't look bad and everyone uses it.

I have a different opinion. it might be a personal preference thing then, but if I have already declared types in a DTO, I think it would be really nice if my validator could also use those same types instead of me having to write each type twice.

And everyone uses it because its the only way... I'm sure if people had the option to add decorators vs have them added automatically based on types, they would use the automatic option. ( but again, that could just be me, I don't know ).

Besides, you usually have few fields in the body, if your request is receiving 40 fields for example, something is not right.
And just one more detail that has nothing to do with the problem, if you are just testing this and that, ok. But in a real application, never send the roles or isEnable of something via the client, this can be intercepted in Burp and everything goes down the drain.

This isn't from my code, I should've mentioned that... this dto is just some example code I picked up from the nestjs swagger cli plugin documentation page : )

lucid prism Jan 10, 2025, 12:38 PM

#

I see

#

Anyway, when you need to perform validations like maxLength or NotEmpty, etc., you'll have to use decorators. But I understand your point; it bothers me a lot in TS too, this "fugazi" typing. However, I think it's a matter of understanding and adapting to the pros and cons of the language. This typing issue really is exhausting, annoying, and risky, but what can you do...

#class-validator CLI Plugin?