How to do a series of validations in Elixir the most idiomatic way

jpcaruana · February 29, 2020, 1:48pm

I am new (but curious) to Elixir. I want to validate two aspects of an URL :

it should not be an IP adress
the path should not contains /../

I have a function:

def validate_url(url) do
  URI.parse(url)
  |> validate_profile
end

After some pattern matching (to exclude other cases), I come to 2 (unstatisfying) solutions :

1st :

defp validate_profile(%URI{scheme: "https", path: path, host: host, userinfo: nil, fragment: nil}),
     do: validate_path(path)
         |> validate_host(host)
<snip code>
defp validate_profile(_), do: :invalid

defp validate_path(path) do
  case String.split(path, ["/../"]) do
    [_ | []] -> :valid
    _ -> :invalid
  end
end

defp validate_host(:invalid, _), do: :invalid
defp validate_host(:valid, host) do
  case :inet.parse_address(to_charlist(host)) do
    {:ok, _} -> :invalid
    _ -> :valid
  end
end

2nd:

defp validate_profile(%URI{scheme: "https", path: path, host: host, userinfo: nil, fragment: nil}),
     do: validate_path(path, host)
         |> validate_host
<snip code>
defp validate_profile(_), do: :invalid

defp validate_path(path, host) do
  case String.split(path, ["/../"]) do
    [_ | []] -> host
    _ -> :invalid
  end
end

defp validate_host(:invalid), do: :invalid
defp validate_host(host) do
  case :inet.parse_address(to_charlist(host)) do
    {:ok, _} -> :invalid
    _ -> :valid
  end
end

How can I improve here ? Is there a more idiomatic way of doing this ?

wanton7 · February 29, 2020, 2:06pm

I’m no Elixir guru but probably something like this

def parse_url(url) do
  {:ok, URI.parse(url)}
  |> validate_profile()
  |> validate_stuff()
end

defp validate_profile({:ok, url} = data) do
# validate here
# if ok
data
# if error
{:error, "profile validation failed"}
end

defp validate_stuff({:ok, url} = data) do
# validate here
# if ok
data
# if error
{:error, "stuff validation failed"}
end

defp validate_stuff(x), do: x

In case you need to return nil or string if it’s valid use something like

def parse_url(url) do
  {:ok, URI.parse(url)}
  |> validate_profile()
  |> validate_stuff()
  |> case do
    {:ok, url} -> url
    _ -> nil
  end
end

NobbZ · February 29, 2020, 4:17pm

Why?

I can understand why you do not want the server part to be an IP. But why restricting the path to not contain /../?

http://example.com/path/../foo and http://example.com/foo are different URLs. Not every server will interprete .. as “one folder up”.

jpcaruana · February 29, 2020, 5:01pm

that’s in the protocol I want to implement (and I am not implementing a web server)

NobbZ · February 29, 2020, 5:36pm

Okay, if your protocol explicitly states they are invalid, then you are of course right.

ityonemo · February 29, 2020, 8:42pm

probably a cond statement?

def url_valid?(url) do  # use a ? postfix sigil if you intend it to output a boolean value
  %{path: path, host: host} = URI.parse(url)
  cond do
    is_nil(path) || is_nil(host) -> false
    String.contains?(path, "/../") -> false  # path =~ "/../" also good
    match?({:error, _}, :inet.parse_address...) -> false
    true -> true
  end
end

if you want to output more descriptive errors, I recommend using a with statement, though at some level of complexity you might have to give up on with statements and settle with something ugly. No sense in trying to make something real-world ugly pretty, in the end. Let the code appropriately reflect the system’s messiness.

Don’t forget to spot test this thing. Unless you need more descriptiveness (in which case you should use :ok/{:error, _}) Outputting a true/false instead of valid/invalid is a better choice because it integrates directly with assert and refute.

dimitarvp · March 7, 2020, 11:59am

This could be a good candidate for using the with keyword.

jpcaruana · March 9, 2020, 8:31am

Yes I will look into it.

Thank you

darkbaby123 · March 9, 2020, 1:18pm

Below is an example to use with. Each validation step only return ok/error tuple. The url is not changed so it can be reused in each step.

@spec validate_url(raw_url :: URI.t() | binary) :: {:ok, URI.t()} | :error
def validate_url(raw_url) do
  with url <- URI.parse(raw_url),
       :ok <- validate_path(url),
       :ok <- validate_host(url) do
    {:ok, url}
  else
    :error -> :error
  end
end

@spec validate_path(URI.t()) :: :ok | :error
defp validate_path(%URI{path: path}) do
  # ...
end

@spec validate_host(URI.t()) :: :ok | :error
defp validate_host(%URI{host: host}) do
  # ...
end

Pipeline is suitable when you have a data structure to express both url and validation result. The simplest data structure is {:ok, url} | :error .