ruby 9 lines · 1 tab

Input validation with allowlists and explicit schemas

Kai Nakamura Apr 2026
1 tab
RegistrationSchema = Dry::Schema.Params do
  required(:email).filled(:string, format?: URI::MailTo::EMAIL_REGEXP)
  required(:password).filled(:string, min_size?: 12)
  optional(:marketing_opt_in).filled(:bool)
  optional(:country).filled(:string, included_in?: %w[US CA GB AU])
end

result = RegistrationSchema.call(params.to_unsafe_h)
raise ActionController::BadRequest, result.errors.to_h unless result.success?
1 file · ruby Explain with highlit

I validate input at trust boundaries, not halfway through business logic. Explicit schemas force decisions about allowed types, lengths, enums, and nested structure. That keeps weird payloads from becoming security bugs and makes error behavior much easier to reason about.

Share this code

Here's the card — post it anywhere.

Input validation with allowlists and explicit schemas — share card
Link copied