Validation

Morphis validation is an HTTP-layer feature implemented by ValidateMiddleware. It runs before the controller handler and can validate headers, body, params, and query in the same request.

How validation works

When you attach @Validate({ ... }), Morphis:

• constructs the configured validator classes
• runs all configured validators in parallel
• merges all validation errors into one field-based error object
• throws a validation error when any field fails
• rewrites req.body, req.query, and req.params with each validator’s result.output when validation succeeds

That means validation is not just a check. It is also the point where sanitized output becomes the request data your controller receives.

Generate a validator

morphis new:validator PostBodyValidator

This creates src/validators/PostBodyValidator.ts:

import { SimpleValidationRuleMap, ValidationRule, Validator } from 'morphis';
 
export interface PostBody {
    // TODO: define your data shape here
}
 
export class PostBodyValidator extends Validator<PostBody> {
    getSimpleRules(): SimpleValidationRuleMap<PostBody> {
        const { Required } = this.rules;
        return {
            // TODO: add per-field rules
        };
    }
 
    getRules(): ValidationRule<PostBody>[] {
        return [
            // TODO: add cross-field rules
        ];
    }
}

Attach validation to a handler

The most common usage is the method decorator form:

import { Post, Request, Validate } from 'morphis';
 
@Post()
@Validate({ body: PostBodyValidator })
async create(req: Request) {
  return postService.create(req.body);
}

You can validate any combination of request sources:

@Validate({
  headers: AuthHeadersValidator,
  body: PostBodyValidator,
  params: PostParamsValidator,
  query: PostQueryValidator,
})

Simple rules reference

this.rules exposes the built-in SimpleRules helpers.

Presence

Format

Parameterized

Example validator

import { SimpleValidationRuleMap, Validator } from 'morphis';
 
export interface PostBody {
  title: string;
  body: string;
  status: string;
}
 
export class PostBodyValidator extends Validator<PostBody> {
  getSimpleRules(): SimpleValidationRuleMap<PostBody> {
    const { Required, Length, In } = this.rules;
    return {
      title: [Required, Length(255)],
      body: [Required, Length(10000)],
      status: [Required, In('draft', 'published', 'archived')],
    };
  }
}

Error response shape

When validation fails, Morphis raises a ValidationError, which is serialized into an HTTP 400 response with field-based errors.

{
  "errors": {
    "body": ["body is required"],
    "status": ["status is required"]
  }
}

{
  "errors": {
    "status": ["status must be one of: draft, published, archived"]
  }
}

strictCheck

Validators are permissive by default. Unknown keys are allowed unless you set readonly strictCheck = true.

With strictCheck, unknown fields are rejected and the validator output is reduced to declared keys only.

export class PostBodyValidator extends Validator<PostBody> {
  readonly strictCheck = true;
}

getRules() for complex checks

Use getRules() for logic that cannot be expressed as a single field rule, such as:

• cross-field validation
• nested or array-specific logic
• async lookups
• domain-level constraints

Related pages

• Middleware
• Transformer
• Controllers