Enhancement: Add centralized express-validator system Issue #1234

[100NikhilBro]

Enhancement Request: Add Express Validators (Issue #1234)

Overview

This enhancement introduces a centralized request validation system for the Project Manager API using express-validator.

The goal is to validate all incoming user inputs consistently across different routes, keeping controllers clean and improving overall security.

---

1️⃣ Central Validator

• File: middlewares/validateRequest.js
• Purpose:
  • Handles validation results from express-validator.
  • Returns standardized error responses if validation fails.
  • Can be used in any route where inputs are received via req.body, req.params, or req.query.

Usage Example:

import validateRequest from '../middlewares/validateRequest.js'
router.post('/update-profile', updateProfileValidator, validateRequest, updateProfileController)

---

2️⃣ Route-specific Validators

Four main validator files have been created to cover key routes:

Validator File	Route Group	Purpose
user.validator.js	User routes	Validate inputs for user operations like profile updates, search, etc.
collaborator.validator.js	Collaborator routes	Validate inputs for collaboration requests, accept/reject invitations, and listing collaborators.
collection.validator.js	Collection routes	Validate inputs for creating/deleting collections, saving/removing projects, sorting projects.
auth.validator.js	Auth routes	Validate inputs for signup, login, password reset, and token verification.

---

3️⃣ How It Works

1. Each route imports its specific validator from the validator folder.
2. After the validator, the central validateRequest middleware checks for validation errors.
3. Controllers only handle business logic and database operations.
4. This ensures clean, reusable, and secure code.

---

4️⃣ Future Usage

• Validators are ready but not yet applied to all routes.
• Any route accepting user input can now use the corresponding validator + validateRequest.
• This ensures centralized and consistent validation throughout the project.

---

✅ Benefits

• Controllers are cleaner with no repetitive validation logic.
• Centralized error handling and standardized responses.
• Easy to maintain and extend validators for new routes.
• Improves security by validating all user input consistently.

Related Issue: Enhancement Request: Add express-validator #1234

[vercel]

@100NikhilBro is attempting to deploy a commit to the avdheshvarshney's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

Thank you for submitting your pull request! We'll review it as soon as possible. For further communication, join our discord server https://discord.gg/tSqtvHUJzE.

[100NikhilBro]

Hey @Avdhesh-Varshney ,

I’ve created a central validateRequest middleware which can now be used across all routes wherever we receive user input (req.body, req.params, or req.query).

Additionally, I have prepared route-specific validators for the main route groups (user, auth, collection, collaborator). These validators are already built but not yet applied to the routes. You can integrate and use them as needed based on the requirements of each route.

This setup ensures consistent input validation across the project and keeps controllers clean.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
code-a2z-server	Ready	Preview	Comment	Oct 4, 2025 11:09am

[Avdhesh-Varshney]

@100NikhilBro By keeping the validators apart from the controllers, it will make the code to be confusing.
Both controllers and their validators are should be written in 1 file.
I've already created separate files for each routes to reduce the complexity.

[100NikhilBro]

@Avdhesh-Varshney I understand your point, but I kept validators separate to maintain better separation of concerns.
Putting validation logic directly inside the routes or controllers can make the files look a bit cluttered and harder to maintain.
With separate validator files, it’s easier to manage, test, and update validations independently without touching the core business logic. 🙌

[Avdhesh-Varshney]

@100NikhilBro No bro, Validation for a particular routes are not the same. You have taken some key parameters from those routes and validate them. It's not a good way to handle the validations of those routes.

[100NikhilBro]

@Avdhesh-Varshney
Hey, just wanted to confirm — is there any alternative approach you’d recommend, or should I close the issue and remove the PR for now?
I’ll explore possible improvements as well to see if a more suitable solution can be implemented. 😊

[Avdhesh-Varshney]

No, Right now I'm not having any other alternative for this

[100NikhilBro]

Hi @Avdhesh-Varshney,
I have one approach we could follow: it’s not necessary to create validators for every route.
We can add validators only for the important routes where data integrity or security matters, and skip the less critical ones.
This way, we maintain efficiency while still ensuring that sensitive or high-risk routes are properly validated.
Could you please specify which routes are considered important? I can create validators for those.

[Avdhesh-Varshney]

Business logic should be executed after all the validations are passed.

But I've already re-structure the code of all different routes from single file to each file for each route.

So, I wanted to keep the validations to be in that file to be combined not separate and there will not be any clutter if doing this. Because all validations are at the start of the script, logic will be executed.

[100NikhilBro]

@Avdhesh-Varshney
Hi bro, I have one more option in place of express-validator. We have the option to use AJV for validations on our critical or high-risk routes, and it is the better choice in this case. AJV allows us to define JSON Schemas that describe the exact structure, types, required fields, and nested objects of the request data, which ensures that the incoming data is consistent and matches our database expectations. This aligns closely with Mongoose model validations and provides robust checks before any business logic is executed.

On the other hand, express-validator is more suitable for simple field-level validations like checking the email format, password strength, or query parameters. It works well for flat structures, but is not ideal for validating complex or nested objects in critical routes.

By keeping AJV validation at the top of each route file, we ensure that the business logic runs only after all validations pass, keeping the code clean, maintainable, and reusable. For less critical routes, we can skip validations to maintain efficiency, but for sensitive routes, AJV provides strict, reliable, and production-ready data integrity.