validation.md

Validation

• enforce business logic
• preserve data integrity
• avert malicious inputs

Directives

Ex: graphql-constraint-directive (featured in Apollo Blog)

Pros

• GraphQL centric and versatile

Cons

• Does not allow for @constraint on query args
• No compat with apollo-server v2, quirks in v1

Resolvers

Ex: validating args.id for an ObjectID

Pros

• Simple and intuitive

Cons

• Too repetitive, not DRY
• Clutters up, doesn't scale

Utils

Ex: pure funcs using validator.js

Pros

• Simple enough, composable, can scale

Cons

• Reinventing the wheel
• Code to maintain

ODM/ORM

Ex: built-in validators in Mongoose

Pros

• Common checks
• Extensible
  • define custom validation logic
  • customize error messages

Cons

• Too many gotchas, e.g.
  • unique is not a validator, but a unique index
  • update* validators are off by default
  • many pre/post hooks don't fire for update*
• Hard to validate a subset of fields
  • e.g. findById then save will validate all fields
• Models grow out of size

Object Schema

Ex:

• ajv
• schm
• joi
  • yup for browsers (used in formik)

Pros

• Very expressive & readable
• DRY, doesn't clutter up
• Extensible & customizable
  • custom validators, plugins, messages

Cons

• Cryptic error messages (though customizable)