Input validation with allowlists and explicit schemas

14554 views

                  RegistrationSchema = Dry::Schema.Params do
  required(:email).filled(:string, format?: URI::MailTo::EMAIL_REGEXP)
  required(:password).filled(:string, min_size?: 12)
  optional(:marketing_opt_in).filled(:bool)
  optional(:country).filled(:string, included_in?: %w[US CA GB AU])
end

result = RegistrationSchema.call(params.to_unsafe_h)
raise ActionController::BadRequest, result.errors.to_h unless result.success?

I validate input at trust boundaries, not halfway through business logic. Explicit schemas force decisions about allowed types, lengths, enums, and nested structure. That keeps weird payloads from becoming security bugs and makes error behavior much easier to reason about.

Kai Nakamura

More from Kai Nakamura

Input validation with allowlists and explicit schemas

0 Comments

More from Kai Nakamura