User-friendly API errors in Phoenix?

mattei · June 12, 2021, 10:33pm

Hi, newcomer to Phoenix and Elixir here, moving over from Django and REST Framework.

Say I have a login function like this…

  def login(conn, %{"username" => username, "password" => password}) do
    ...
  end

If I input the correct parameters, the pattern matching works and the function is accessed just fine. However, if I miss a parameter, it does not find the function, and returns a rather ugly error:

    ** (Phoenix.ActionClauseError) no function clause matching in AuthController.login/2

In production, it simply returns a 400 Bad Request, which is the appropriate error code for this.

However, in something like Django REST Framework the function would return a friendly error detailing which fields are missing, for example:

{
"username": "This field is required."
... etc
}

I was wondering if there’s a way to add friendly field validation errors like this to Phoenix controller functions? It’d improve user experience for API development.

Thanks all!

thojanssens1 · June 12, 2021, 10:41pm

You have to use Ecto.Changeset. Do you know about it?

mattei · June 12, 2021, 10:42pm

I do, but what I’m using isn’t to be inserted to the database, it’s just a login view. Is there a way to use Ecto to validate incoming parameters, even if you’re not using them for database stuff?

EDIT: Oh shoot, I just found this, and it looks perfect: GitHub - vic/params: Easy parameters validation/casting with Ecto.Schema, akin to Rails' strong parameters.
I had no idea you can use regular Ecto schemas as “serializers” to validate any data, even non-database input.

EDIT 2: Whoa, thanks for pointing me in the right direction! Turns out this can be done with vanilla Ecto.Changesets, you can use them schemaless to validate any data (they don’t hit the database until they touch a repo). This is brilliant!

Here’s the end solution.

Create a schemaless changeset to validate the input parameters.

  def login_changeset(params) do
    types = %{username: :string, password: :string}

    {%{}, types}
    |> cast(params, Map.keys(types))
    |> validate_required(:username)
    |> validate_required(:password)
  end

Validate the schema in the controller, making sure to return {:error, changeset} to your FallbackController.

  def login(conn, params) do
    changeset = Accounts.User.login_changeset(params)

    if changeset.valid? do
      %{:username => username, :password => password} = changeset

      case Accounts.authenticate_user(username, password) do
        {:ok, user} ->
          {:ok, jwt, _full_claims} = Guardian.encode_and_sign(user, :api)
          render(conn, "token.json", user, jwt)

        {:error, _reason} ->
          conn
          |> put_status(401)
          |> render("error.json")
      end
    else
      {:error, changeset}
    end
  end

Voila! Your controllers return friendly errors:

HTTP/1.1 422 Unprocessable Entity
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 116
content-type: application/json; charset=utf-8
date: Sat, 12 Jun 2021 23:20:57 GMT
server: Cowboy
x-request-id: Fof5FK1SQzCkJR8AABFD

{
  "errors": {
    "password": [
      "can't be blank"
    ],
    "username": [
      "can't be blank"
    ]
  }
}

I’m so happy right now This is actually more straightforward than DRF serializers.

Thanks y’all!

leather-s · March 29, 2024, 2:50pm

Here is a native Phoenix solution. You cast with types, then validate.

https://hexdocs.pm/ecto/Ecto.Changeset.html#module-schemaless-changesets