英文:
should I add validation pipe as well as validation to ORM in nestjs?
问题
我有一个电子商务应用程序,我为每个请求处理程序放置了全局验证管道和一个DTO。我是否也应该在ORM上进行验证,例如:(名字应该是5个字符)?我认为这是合理的,因为如果我在DTO中忘记了某些内容,你认为呢?
英文:
I have an e-commerce application where I put a global validation pipe and a DTO for each request handler , Should I also put a validation on the ORM for example:(first name should be of 5 characters) ?
I see that it's reasonable to put it because what if I created forgot something in a DTO , what do you think?
答案1
得分: 1
这总是一个好主意使用数据库约束。正如您正确提到的,您可能会在DTO中犯错误,或者您可以从另一个服务中调用该服务(而不是从控制器中调用),因此您将无法验证有效负载。
另一个潜在的故障点是服务器代码可能以某种方式修改有效负载。想象一下,您验证了输入至少为5个字符的字符串,但然后决定仅取第一个字母并将其大写后再写入数据库。我知道这是一个愚蠢的例子,但有时甚至会发生更疯狂的事情。
数据库约束将为您提供保证。这样,您将确保名字至少为5个字符。
换句话说,这将确保“ins”和“outs”得到控制。
英文:
It's always a good idea to use database constraints. As you correctly mentioned you might make a mistake in your DTO or you can call the service from another service (not a controller), so you won't have payload validated.
Another potential point of failure is that the server code might in some way, shape or form alter the payload. Imagine, you validated the input to be a string that is at least 5 characters, but then you decide to take only the first letter and capitalize it before writing to the database. I know this is a stupid example, but sometimes even more insane things might happen.
Database constraints will provide you with guarantees. This way you will be sure that the first name is at least 5 characters.
In other words this will ensure that "ins" and "outs" are being controlled.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论