NestJSframework~30 mins

Whitelist and transform options in NestJS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Whitelist and Transform Options in NestJS

📖 Scenario: You are building a simple NestJS API that accepts user data. To keep your API safe and clean, you want to only allow specific properties from the incoming data and automatically convert data types where needed.

🎯 Goal: Build a NestJS controller that uses ValidationPipe with whitelist and transform options enabled to accept only allowed properties and transform input data types.

📋 What You'll Learn

Create a DTO class CreateUserDto with properties name (string) and age (number)

Set up a controller UsersController with a POST route /users

Use ValidationPipe globally or on the route with whitelist: true and transform: true

Ensure that extra properties sent in the request body are removed and that age is transformed to a number

💡 Why This Matters

🌍 Real World

APIs often receive data from users or other systems. Using whitelist and transform options helps keep data clean and safe by removing unwanted fields and converting types automatically.

💼 Career

Understanding how to validate and sanitize input data is essential for backend developers working with NestJS or similar frameworks to build secure and reliable APIs.

Progress0 / 4 steps

Create the DTO class for user data

Create a class called CreateUserDto with two properties: name of type string and age of type number. Use decorators @IsString() for name and @IsNumber() for age from class-validator.

NestJS

import { IsString, IsNumber } from 'class-validator';

// Create the CreateUserDto class with name and age properties
// Your code here

Need a hint?

Use class-validator decorators to specify the types for validation.

Set up the UsersController with a POST route

Create a controller class called UsersController with a POST route /users. Add a method createUser that accepts a parameter createUserDto of type CreateUserDto decorated with @Body().

NestJS

import { Controller, Post, Body } from '@nestjs/common';

// Create UsersController with POST /users route and createUser method
// Your code here

Need a hint?

Use @Controller('users') and @Post() decorators to define the route.

Enable ValidationPipe with whitelist and transform options

In your main application bootstrap file, import ValidationPipe from @nestjs/common and apply it globally with options whitelist: true and transform: true using app.useGlobalPipes().

NestJS

import { ValidationPipe } from '@nestjs/common';
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';

async function bootstrap() {
  const app = await NestFactory.create(AppModule);

  // Apply ValidationPipe globally with whitelist and transform options
  // Your code here

  await app.listen(3000);
}
bootstrap();

Need a hint?

Use app.useGlobalPipes() with a new ValidationPipe instance and pass the options object.

Complete the setup by exporting the controller and DTO

Ensure that CreateUserDto and UsersController are exported properly from their files so they can be imported in the module.

NestJS

// Check that CreateUserDto and UsersController are exported
// Your code here

Need a hint?

Make sure the classes have the export keyword so they can be imported elsewhere.