Bird
Raised Fist0
Expressframework~3 mins

Why Custom validation rules in Express? - Purpose & Use Cases

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
The Big Idea

Discover how custom validation rules save you from endless, error-prone input checks!

The Scenario

Imagine building a web form where users enter their data, and you have to check every input manually in your code.

You write many if-else checks for each field, like checking if an email looks right or if a password is strong enough.

The Problem

Manually checking each input is slow and messy.

It's easy to forget a rule or make mistakes, causing bugs or security holes.

Also, repeating similar checks everywhere makes your code hard to read and maintain.

The Solution

Custom validation rules let you define clear, reusable checks for your data.

Express middleware or libraries can run these rules automatically before your main code runs.

This keeps your code clean, consistent, and easy to update.

Before vs After
Before
if (!email.includes('@')) { return error; } if (password.length < 8) { return error; }
After
app.post('/signup', validateEmail(), validatePassword(), (req, res) => { /* handle signup */ });
What It Enables

You can build reliable, secure forms that automatically check user input with less code and fewer mistakes.

Real Life Example

When signing up on a website, custom validation rules ensure your email and password meet requirements before creating your account.

Key Takeaways

Manual input checks are slow and error-prone.

Custom validation rules make checks reusable and automatic.

This leads to cleaner, safer, and easier-to-maintain code.

Practice

(1/5)
1. What is the main purpose of using custom() in Express validation?
easy
A. To format the response JSON
B. To automatically sanitize all inputs
C. To connect to the database
D. To create your own rules for checking input values

Solution

  1. Step 1: Understand the role of custom()

    The custom() method allows you to write your own validation logic beyond built-in checks.

  2. Step 2: Identify the purpose in input validation

    It is used to check inputs with rules you define, like checking a password strength or a special format.

  3. Final Answer:

    To create your own rules for checking input values -> Option D

  4. Quick Check:

    Custom validation = custom rules [OK]
Hint: Custom means you write your own check function [OK]
Common Mistakes:
  • Thinking custom() sanitizes inputs automatically
  • Confusing custom() with response formatting
  • Assuming custom() connects to databases
2. Which of the following is the correct syntax to add a custom validation rule using Express Validator?
easy
A. check('age').custom(value => { if(value < 18) throw new Error('Too young'); return true; })
B. check('age').custom(value => value < 18 ? true : false)
C. check('age').custom(value => { return false; })
D. check('age').custom(value => { throw 'Error'; })

Solution

  1. Step 1: Review correct custom validation syntax

    The function inside custom() should throw an error if validation fails and return true if it passes.

  2. Step 2: Analyze each option

    check('age').custom(value => { if(value < 18) throw new Error('Too young'); return true; }) throws an error when value is less than 18 and returns true otherwise, which is correct. check('age').custom(value => value < 18 ? true : false) returns true when value is less than 18, which is opposite logic. check('age').custom(value => { return false; }) always returns false, which fails validation. check('age').custom(value => { throw 'Error'; }) throws an error unconditionally, so it always fails.

  3. Final Answer:

    check('age').custom(value => { if(value < 18) throw new Error('Too young'); return true; }) -> Option A

  4. Quick Check:

    Throw error on fail, return true on pass [OK]
Hint: Throw error to fail, return true to pass [OK]
Common Mistakes:
  • Returning false instead of throwing error
  • Throwing error without condition
  • Returning true on invalid input
3. Given this code snippet, what will be the validation result if req.body.username is "abc"? 
check('username').custom(value => {
  if(value.length < 5) throw new Error('Too short');
  return true;
})
medium
A. Validation fails with 'Too short' error
B. Validation passes
C. Validation fails with syntax error
D. Validation passes but logs a warning

Solution

  1. Step 1: Check the input value length

    The input "abc" has length 3, which is less than 5.

  2. Step 2: Apply the custom validation logic

    The function throws an error 'Too short' if length is less than 5, so it throws an error here causing validation to fail.

  3. Final Answer:

    Validation fails with 'Too short' error -> Option A

  4. Quick Check:

    Input too short = error thrown [OK]
Hint: Check input length against condition in custom() [OK]
Common Mistakes:
  • Assuming validation passes for short input
  • Confusing error throwing with warnings
  • Expecting syntax errors from valid code
4. Identify the error in this custom validation code: 
check('email').custom(value => {
  if(!value.includes('@'))
    return new Error('Invalid email');
  return true;
})
medium
A. The function must return false instead of true
B. The condition should check for '.' instead of '@'
C. It should throw an error, not return it
D. No error, code is correct

Solution

  1. Step 1: Understand error signaling in custom validation

    Custom validators must throw an error to indicate failure, not return an Error object.

  2. Step 2: Analyze the given code

    The code returns new Error('Invalid email') instead of throwing it, so validation will not fail as expected.

  3. Final Answer:

    It should throw an error, not return it -> Option C

  4. Quick Check:

    Throw error to fail validation [OK]
Hint: Throw errors, don't return them in custom() [OK]
Common Mistakes:
  • Returning Error object instead of throwing
  • Checking wrong condition for email
  • Returning false instead of throwing error
5. You want to create a custom validation rule that checks if a password contains at least one uppercase letter, one number, and is at least 8 characters long. Which of these implementations correctly achieves this?
hard
A. check('password').custom(value => { if(value.length < 8) return false; if(!/[A-Z]/.test(value)) return false; if(!/\d/.test(value)) return false; return true; })
B. check('password').custom(value => { if(!/[A-Z]/.test(value)) throw new Error('Missing uppercase'); if(!/\d/.test(value)) throw new Error('Missing number'); if(value.length < 8) throw new Error('Too short'); return true; })
C. check('password').custom(value => { if(value.length < 8) throw 'Too short'; if(!/[A-Z]/.test(value)) throw 'Missing uppercase'; if(!/\d/.test(value)) throw 'Missing number'; return false; })
D. check('password').custom(value => { if(value.length >= 8 && /[A-Z]/.test(value) && /\d/.test(value)) return true; else return false; })

Solution

  1. Step 1: Check each condition with proper error throwing

    check('password').custom(value => { if(!/[A-Z]/.test(value)) throw new Error('Missing uppercase'); if(!/\d/.test(value)) throw new Error('Missing number'); if(value.length < 8) throw new Error('Too short'); return true; }) checks each condition separately and throws a specific error if it fails, returning true only if all pass.

  2. Step 2: Compare other options for correctness

    check('password').custom(value => { if(value.length < 8) return false; if(!/[A-Z]/.test(value)) return false; if(!/\d/.test(value)) return false; return true; }) returns false instead of throwing errors, which is incorrect. check('password').custom(value => { if(value.length < 8) throw 'Too short'; if(!/[A-Z]/.test(value)) throw 'Missing uppercase'; if(!/\d/.test(value)) throw 'Missing number'; return false; }) throws string errors and returns false at the end, which breaks the rule of returning true on success. check('password').custom(value => { if(value.length >= 8 && /[A-Z]/.test(value) && /\d/.test(value)) return true; else return false; }) returns false instead of throwing an error if conditions fail, which is incorrect.

  3. Final Answer:

    check('password').custom(value => { if(!/[A-Z]/.test(value)) throw new Error('Missing uppercase'); if(!/\d/.test(value)) throw new Error('Missing number'); if(value.length < 8) throw new Error('Too short'); return true; }) -> Option B

  4. Quick Check:

    Throw specific errors, return true if all pass [OK]
Hint: Throw specific errors for each fail, return true if all pass [OK]
Common Mistakes:
  • Returning false instead of throwing errors
  • Throwing strings instead of Error objects
  • Returning false on success