Phoenix Framework: Validate route parameter in the router

This is a copy/paste of my question in StackOverflow, but once we have an amazing community, I thought to also put it here :slight_smile:

DISCLAIMER: Still a beginner in Elixir and Phoenix. I just play with time to time, with months of interval. Please fill free to provide honest feedback and say where I am missing something or where i am totally wrong.

Parameter Validation

I want to be able to do in the Phoenix Router the validation of the :date parameter for the route /todos/:date, but I am not able to find any documentation or library to achieve this in the Phoenix Routing docs, but I found the Plug Validator library, that looks like what I need, but doesn’t work with the Phoenix Framework, just with Elixir projects.

The Code

The Router:

defmodule TasksWeb.Router do
  use TasksWeb, :router

  pipeline :browser do
    plug :accepts, ["html"]
    plug :fetch_session
    plug :fetch_live_flash
    plug :protect_from_forgery
    plug :put_secure_browser_headers
    plug :put_root_layout, {TasksWeb.LayoutView, :root}
  end

  pipeline :api do
    plug :accepts, ["json"]
  end

  scope "/", TasksWeb do
    pipe_through :browser

    get "/", PageController, :index
    live "/todos", TodoLive
    
    # THIS IS THE ROUTE I WANT TO VALIDATE THE PARAMETER :date
    live "/todos/:date", TodoLive
  end
end

The validator I am using currently elsewhere in the code:

defmodule Utils.Validators.Date do

  def valid_iso8601?(%Ecto.Changeset{} = changeset, field) when is_atom(field) do
    date = changeset |> Ecto.Changeset.get_field(field)

    case Date.from_iso8601(date) do
      {:ok, _valid_date} ->
        changeset

      {:error, :invalid_format} ->
        Ecto.Changeset.add_error(changeset, field, "Date '#{date}' has an invalid format - Valid format: YYYY-MM-DD")

      {:error, :invalid_date} ->
        Ecto.Changeset.add_error(changeset, field, "Date '#{date}' is invalid - e.g. 2020-04-31 (April only have 30 days)")
    end
  end

  def valid_iso8601?(date) when is_binary(date) do
    case Date.from_iso8601(date) do
      {:ok, _valid_date} ->
        :ok

      {:error, :invalid_format} ->
        {:invalid_format, "Date '#{date}' has an invalid format - Valid format: YYYY-MM-DD"}

      {:error, :invalid_date} ->
        {:invalid_date, "Date '#{date}' is invalid - e.g. 2020-04-31 (April only have 30 days)"}
    end
  end
end

The Goal is to Validate at the Edge

My goal is to be able to call Utils.Validators.Date.valid_iso8601?(date) from the Phoenix Router, but only when the Route is matched.

I know that a lot of libraries exist to validate this in the Controller or from anywhere else, but what I want is to validate the :date at the edge, aka when the route is matched, not inside my application logic.

So my question is if anyone knows a library that allows to achieve this in the Phoenix Router or how I can write a plug that only is invoked when the route matches, because I know I can write one that inspect all requests, but that is not optimal, and a waste of computer resources.

I would love to be able to do like this:

live "/todos/:date", TodoLive, plug: MyValidatorPlug

Or in alternative as I describe below in the Pipeline section.

Pipelines

I forgot to mention them in my original question, but @fhdhsni kindly remembered me of them and pointed me to a possible solution, but while that may achieve the goal for one route, during my thinking about it I found it to not scale when my router grows, because I will need to wrap each route in a scope for that pipeline.

What I want to mean by scoping the routes to use the pipeline is:

  scope "/", TasksWeb do
    pipe_through :browser
    get "/", PageController, :index

    scope "/todos" do
      live "/", TodoLive

      pipe_through :validator
      live "/:date", TodoLive
      # NOW ANY ROUTE ADDED HERE WILL ALSO BE EXECUTED THROUGH THE VALIDATOR PIPELINE
      # And this is why I don't want to go down this path...
    end
  end

But if was possible to do like this:

live "/todos/:date", TodoLive, pipe_through: :my-validator-pipeline 

Then my problem would be solved :wink:

Turns out that I was wrong when said this… I just followed their docs to the letter, and the code was not compiling, but after a night of sleep I realized how to do it:

defmodule TasksWeb.Router do
  use TasksWeb, :router

  pipeline :browser do
    plug :accepts, ["html"]
    plug :fetch_session
    #plug :fetch_flash
    plug :fetch_live_flash
    plug :protect_from_forgery
    plug :put_secure_browser_headers
    plug :put_root_layout, {TasksWeb.LayoutView, :root}

    # *** NEW CODE TO ENABLE THE PLUG VALIDATOR CHECK ***
    plug Plug.Validator, on_error: &TasksWeb.Router.validation_error_callback/2
  end

  pipeline :api do
    plug :accepts, ["json"]
  end

  scope "/", TasksWeb do
    pipe_through :browser
    get "/", PageController, :index

    live "/todos", TodoLive

    # *** NEW CODE TO ENABLE THE PLUG VALIDATOR CHECK ***
    live "/todos/:date", TodoLive, private: %{validate: %{date: &Utils.Validators.Date.valid_iso8601?/1}}
  end

  # *** CALLBACK TO HANDLE THE ERRORS RETURNED BY THE PLUG VALIDATOR CHECK ***
  def validation_error_callback(conn, _errors) do
    conn
    |> put_status(:not_found)
    |> put_view(TasksWeb.ErrorView)
    |> render("404.html")
    |> halt()
  end

  # Other scopes may use custom stacks.
  # scope "/api", TasksWeb do
  #   pipe_through :api
  # end
end

4 Likes

Library author here
I am glad that you found the right way to make it work with Phoenix framework
Would you be kind and make a PR correcting the docs where they are wrong or misleading? This way other developers would be able to use it for their needs

3 Likes

Here it is the pull request :slight_smile:

3 Likes