When the client sends a form with multipart/form-data encoding, the express-validator "check" middleware-chain do not "see" the form fields, let alone validate them. Is it supposed to work with some parsing middleware I'm not aware of or did I miss something? Without the validator, formidable below successfully "sees" and extracts the fields. I've read the express-validator README one too many times without any solution.
const express = require('express');
const router = express.Router();
const formidable = require('formidable');
const bcrypt = require('bcryptjs');
const mysql = require('mysql');
const uuid = require('uuid/v4');
const { check, validationResult } = require('express-validator/check');
router.post('/files', function () {
//Handle profile picture uploads here. End request;
});
//Sanitize, validate. Ends req if err
// noinspection JSUnresolvedFunction
router.post("/",[
check('alias')
.exists()
.withMessage("ER_NO_ALIAS_FIELD") //Message is returned in result yet formidable
.not() //below is able to extract the fields
.isEmpty() //Proves that express-validator doesn't "see"
.withMessage("ER_NO_NAME") //the fields.
.isFullWidth()
.withMessage('ER_NAME_HALF_WIDTH')
.escape()
.trim(),
check('email')
.exists()
.withMessage("ER_NO_EMAIL_FIELD") //Message is returned
.not()
.isEmpty()
.withMessage('ER_NO_EMAIL')
.isEmail()
.withMessage('ER_EMAIL_FORMAT')
.trim()
.normalizeEmail(),
check('sex')
.isIn(['M', 'F'])
.withMessage('ER_SEX'),
check('dob')
.not()
.isEmpty()
.withMessage('ER_NO_DOB'),
check('pref')
.not()
.isEmpty()
.withMessage('ER_NO_PREF'),
check('about')
.not()
.isEmpty()
.withMessage("ER_NO_ABOUT") //To prevent the subsequent errors from being sent. Works because of "onlyFirstError: true"
.isLength({max: 255})
.withMessage('ER_ABOUT_LENGTH')
.isFullWidth()
.withMessage('ER_ABOUT_HALF_WIDTH')
.trim()
.escape(),
check('school')
.not()
.isEmpty()
.withMessage("ER_NO_SCHOOL") //To prevent the subsequent errors from being sent. Works because of "onlyFirstError: true"
.isFullWidth()
.withMessage("ER_SCH_HALF_WIDTH")
.isLength({max: 255})
.withMessage("ER_SCH_LENGTH")
.trim()
.escape(),
check('password')
.not()
.isEmpty()
.withMessage("ER_NO_PASSWD")
], (req, res)=>{
//Check the validation result here
let result = validationResult(req);
if(result.isEmpty()) {
next();
} else {
//Format the errors and echo them back to the client
//The query ends here
res.writeHead(200, {'Content-Type':'text/html', 'Access-Control-Allow-Origin': 'http://localhost:3000'});
res.write("<?xml version='1.0' encoding='UTF-8' ?>");
res.write(`<cookie>${res.getHeader('Set-Cookie')}</cookie>`); //DEV
//Return an array of validation results/errors. Only the first error
let error_array = result.array({onlyFirstError: true});
res.write(`<err_arr>${JSON.stringify(error_array)}</err_arr>`);
res.write("<msg>There was a problem with the form entries</msg>");
res.end("<srv_res_status>8</srv_res_status>");
}
});
router.post('/', function (req, res) {
res.writeHead(200, {'Content-Type':'text/html', 'Access-Control-Allow-Origin': 'http://localhost:3000'});
res.write("<?xml version='1.0' encoding='UTF-8' ?>");
let form = new formidable.IncomingForm();
form.parse(req, (err, fields, files)=>{
if(err) throw err;
//fields contains the form fields
As mentioned in formidable's README, "This is a low-level package". Therefore suitable for usage together with Node's http module.
You can't simply pass it as a express middleware, and the body parsing is done its own way.
Now, to the issues with your code:
body-parser, doesn't handle multipart requests.
Therefore if you send anything else (urlencoded or JSON requests), express-validator will work fine.req.body.As a side note, in my opinion a much better option in case you want to go a 100% express is multer.