How do I validate input with MongoDB?

Question

I have a simple little user registration form that looks like this:

// POST Register new user
exports.new = function(req, res) {
    var db = require('mongojs').connect('localhost/busapp', ['users']);
    db.users.ensureIndex({email:1}, {unique: true})

    function User(email, username, password, dateCreated) {
        this.email = email;
        this.username  = username;
        this.password = password;
        this.dateCreated = new Date();
        this.admin = 0;
        this.activated = 0
    }

    if (req.body.user.password !== req.body.user.passwordc) {
        res.send('Passwords do not match');
    } else {

        var user = new User(req.body.user.email, req.body.user.username, 
                            req.body.user.password);

        // TODO: Remove this after we clarify that it works.

        console.log(user.email + " " + user.username + " " +  
                    user.password);


        // Save user to database

        db.users.save(user, function(err, savedUser) {
            if (err) {
                res.send(err);
            } else {
            console.log("User " + savedUser.email + " saved");
            }
        });
    }
}

But I'm having trouble validating information submitted, like unique values, is empty, that sort of thing, so nobody can send post requests to the database to bypass the jQuery validation functions. I've read through the docs but I cannot seem to get it right. I tried setting a ensureIndex, but, that doesn't seem to work. Any information on how to validate the input on the database side would be great thanks!

Answer 1

One of the strengths/features of MongoDB is flexible schema. MongoDB does not impose any specific contraints on fields types. In general with web applications, you should try to do validation as early as possible .. so first at the client (JavaScript) level, then the application, and as a last resort in the database server.

MongoDB validation

MongoDB can do a limited amount of validation such as ensuring a unique index. Any data validation such as required fields or field types (string, integer, ..) should be done in your application code.

Clientside/application validation

You could use jQuery validation, but that would only be effective in the client (browser view). Any validation should also be done in your application code/model, otherwise disabling JavaScript in the browser would be a simple way to insert invalid data.

Answer 2

why cant you do stuff like password != "". as for unique values you should do use the find or findOne functions to see if that name exists in the db.

i would highly recommend installing mongoose. it is really useful as it allows you to create schemas. so if you are familiar with MVC, in your models, you would have user.js which contains the schema for the user. basically it gives guidelines on how the user object will be stored in the database. in your controllers, you would try to do what you are doing in the code you have above. you would do a user = require(user.js) and then you would do user.find() or user.findOne() to find that thing in the database. for example. if the username was already in the database, then its not unique. so dont add him.