We use cookies to enhance your experience on the site
CodeWorlds

Gate Guard — Introduction to Data Validation

Salve, legionary! You have reached one of the most important locations in our Empire — the Main Gate (Porta Praetoria). Everyone who wants to enter the city must pass through the guards' checkpoint. Similarly, every HTTP request that reaches our server should be thoroughly checked before it reaches the business logic.

Data validation is the process of verifying whether incoming data from users is correct, safe, and meets expectations. Without validation, our server is like an open gate — anyone can enter with anything.

Why Is Validation Essential?

Imagine a legionary approaching the gate and claiming to be a senator. The guard checks:

  • Does he have a proper identity document? (required fields)
  • Is the document not forged? (correct format)
  • Do the details match? (business rules)

In the NestJS world, we deal with an analogous situation:

1// WITHOUT validation - gate wide open!
2@Post('legionaries')
3createLegionary(@Body() body: any) {
4  // Someone can send anything!
5  // { name: 12345, rank: null, age: "cat" }
6  return this.service.create(body);
7}
8
9// WITH validation - guards on duty!
10@Post('legionaries')
11createLegionary(@Body() dto: CreateLegionaryDto) {
12  // Data is verified before it reaches here
13  // name must be a string, rank must exist, age must be a number
14  return this.service.create(dto);
15}

What Is a DTO?

DTO (Data Transfer Object) is like an official imperial document — it defines exactly which fields should be present and what types they should be. In NestJS, we create DTO classes that describe the shape of input data:

1// DTO is like an imperial form
2export class CreateLegionaryDto {
3  name: string;     // Legionary's name
4  rank: string;     // Rank
5  age: number;      // Age
6  legio: string;    // Legion name
7}

Validation Tools in NestJS

NestJS offers three main tools to protect our gates:

  1. class-validator — a library of decorators for defining validation rules
  2. class-transformer — a tool for data transformation (type conversion, field exclusion)
  3. ValidationPipe — a built-in NestJS pipe that automatically runs validation
1// Installing gate guards
2// npm install class-validator class-transformer

How Does It All Work Together?

The entire validation process in NestJS works as follows:

1// 1. HTTP request arrives at the server
2// POST /legionaries { name: "Marcus", age: 25 }
3
4// 2. ValidationPipe intercepts the data
5// ValidationPipe runs class-transformer (type conversion)
6// Then class-validator (rule checking)
7
8// 3. If data is valid → passes to the controller
9// If data is invalid → returns 400 Bad Request error

Without these tools, we would have to manually check every field in every endpoint — it's as if you asked every centurion to personally verify documents instead of having trained gate guards.

In the following lessons, you will learn about each of these tools in detail. Get ready, because the gate guard shows no mercy to invalid data!

Go to CodeWorlds