Azure - Server Validation

Question

Okay, so I am attempting to validate on the server side. I am using Windows Azure Mobile Services for my Android application. The validation is done in Javascript / Node.js.

I have been doing my best to find solutions to my issue and stumbled upon [this link] (http://blogs.msdn.com/b/carlosfigueira/archive/2012/09/21/playing-with-the-query-object-in-read-operations-on-azure-mobile-services.aspx)!

I intend to use regexp to validate the object before persisting it to the DB.

I would understand how to do this 'pre-query' but as I need access to use regex, I must perform 'post-query' filtering.

Below is the code in which I have (so far) but I want to know how can I validate many fields and deliver appropriate error messages for each invalid fields. If all are valid, then persist to the DB.

Thanks in advance!

function insert(item, user, request) {

    var userTable = tables.getTable('User');
    userTable.where({email: item.email}).read({
                    success: emailExists
                    });

    function emailExists(existingItems)
    {
        if (existingItems.length > 0) 
        {
                    request.respond(statusCodes.CONFLICT, 
                        "An account is already registered with this email!.");
                } 
                else 
                {
                    // Insert the item as normal. 
                    request.execute({
                        success: function (results) 
                        {
                            var regexEmail = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
                            var filtered = results.filter(function(item) 
                            {
                             return regexEmail.test(item.email);
                            });

                            request.respond(statusCodes.OK, filtered);
                       }
                });
          }   
    }
}

Answer 1

If I understand what you want to do correctly, you first need to validate the input's e-mail against the items in the database (to maintain unicity), then validate other fields in the input before inserting that. If that's the case, then after the query validation (to prevent duplicate e-mails) you can validate the item fields individually, as shown in this document. The code below shows an example of such validation.

function insert(item, user, request) {

    var userTable = tables.getTable('User');
    userTable.where({email: item.email}).read({
                        success: emailExists
                    });

    function emailExists(existingItems)
    {
        if (existingItems.length > 0) 
        {
            request.respond(statusCodes.CONFLICT, 
                "An account is already registered with this email!.");
        } 
        else 
        {
            // Validate fields *before* inserting
            var regexEmail = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
            if (!regexEmail.test(item.email)) {
                request.respond(statusCodes.BAD_REQUEST, { error: 'E-mail is invalid' });
                return;
            }

            if (!item.name || item.name.length < 10) {
                request.respond(statusCodes.BAD_REQUEST, { error: 'Item must have a name of at least 10 characters' });
                return;
            }

            // If all validation succeeded, then insert the item
            request.execute();
        }
    }
}