Skip to content

Validation Module

Chainable request validation builder with security-first design.

What's Included

  • Chainable validation builder
  • Common validation rules
  • Regex DoS prevention (RE2 engine)
  • Null byte and CRLF rejection
  • Panic recovery
  • HTTP middleware

Quick Copy

bash
cp -r registry/validation/src/go/* yourproject/internal/validation/

Usage

Define Validation Rules

go
type CreateUserRequest struct {
    Name  string `json:"name"`
    Email string `json:"email"`
    Age   int    `json:"age"`
}

rules := validation.For[CreateUserRequest]().
    Field("name").
        Required().
        MinLength(2).
        MaxLength(100).
        CRLF().
        NullByte().
    Field("email").
        Required().
        Email().
        MaxLength(255).
    Field("age").
        Required().
        Min(0).
        Max(150)

Validate Request

go
handler := func(w http.ResponseWriter, r *http.Request) {
    var req CreateUserRequest
    if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
        http.Error(w, "Invalid JSON", http.StatusBadRequest)
        return
    }
    
    if errs := rules.Validate(req); len(errs) > 0 {
        // Return validation errors
        w.WriteHeader(http.StatusBadRequest)
        _ = json.NewEncoder(w).Encode(map[string]any{"errors": errs})
        return
    }
    
    // Process valid request
}

Use Middleware

go
handler := validation.Middleware(rules)(handler)

Available Rules

RuleDescription
Required()Field must not be empty
MinLength(n)Minimum string length
MaxLength(n)Maximum string length
Min(n)Minimum numeric value
Max(n)Maximum numeric value
Email()Valid email format
URL()Valid URL format
Pattern(regex)Regex match (RE2 engine)
In(values...)Value in allowed list
CRLF()Reject CRLF injection
NullByte()Reject null bytes

File Reference

FilePurpose
validator.goCore validation logic
rules.goValidation rules
errors.goError types
middleware.goHTTP middleware

Security Features

  • Regex DoS prevention (RE2 engine, no backtracking)
  • Null byte rejection
  • CRLF injection prevention
  • Panic recovery in validation

Tests

bash
cd registry/validation/src/go
go test -v ./...

Released under the MIT License.