I want to share input validation because:

  • User experience in frontend, instantly tells the user if the input is good/wrong
  • Security concerns in backend, even if the user bypass the frontend javascript, a user cannot mess with the RESTful API
  • Also javascript in frontend is always conditional to the browser interpreting it and cannot be trusted

What is the best way to share input validation in a full javascript web app (frontend: react, backend: nodejs)?

The solution I am thinking of is creating a validator module with all my javascript validators at the root of my codebase:

  • If on localhost, both environments use this module to validate input.
  • If in production/preprod, my deployment script copy the module in both frontend and backend before deploying.
  • Import code would look like this each time I try to validate an input: const validator = process.env.ENV === 'local' ? require('../../validator') : require('/validator')

Is there any other widely accepted method to do this (I guess it is a very common problem but I didn't find similar issues)? If not, is my method correct?

3 Answers

quentin_ch On Best Solutions

Takeaways from answers and implementation:

  • Implementation works and is a good way to take advantage of a fullstack javascript app
  • It creates some complexity and you need to be careful not to implement libraries/javascript methods that won't behave the same between two very different environments (on a client browser and on a nodejs backend). Thus I won't be using any third-party library and only vanilla javascript in my validator (example: don't use the export keyword in my validator but use module.exports = {}, because ES6 export won't work in nodejs)
  • If you want to avoid bugs in production, you shall always deploy both in frontend and backend each time you modify your validator module and test in both environments (I added a script that runs before deploying and check for diff between the 2 modules)
  • Because it makes me gain so much time, I now also share other piece of functional programming in my app
  • Realised that this way of using your own module is just a lot like using an npm module both in frontend and backend (it is just less cumbersome than having to publish it on npm registry if you think it will be useless for the community)
koFTT On

Usually you would make simple validations on front-end and more complex validation on the backend

For example: validate if e-mail with regex on front-end, send a simple mail to confirm existence of that email

EladBash On

It is a good practice to use validations as a module but you should consider what would happen if for some reason you will have/want to change the back-end tech to something that is not Javascript like node.

In case you are going to implement it - you will have a dependency of the client and server on this module and you'll have to maintain different versions of this module or deploy client code and server code any time you have a validation change - which leads to some complexity you should take into your consideration as well .