all right then so in this lesson what

i'd like to do is implement on the

server a bit of logic to validate these

two values the email and the password

before we try to sign the user up so

that if the value that a user tries to

use for the email isn't a valid email we

can send an error back and also if the

password is maybe not strong enough we

can send an error back as well so let me

just show you what happens at the minute

if we try to just save something like

yoshi and also a password of just a now

this is not an email and this is not

really a strong password if we try to

send this

then we still get back a 200 response

and we've saved that user to the

database even though that's not an email

and the password is rubbish so we don't

want to do that and also if i try to

send something with a blank password and

a blank email as well if i send that

then we can see this error right here

now this is not a great error response i

wouldn't output this at the bottom of a

form so i want to make a better error

for something like that as well so we

need to check that these values actually

exist as well before we try to save them

so where do we want to put all of this

validation logic well there's a couple

of different places we could do this we

could do it directly in the signup user

controller function right here but what

i'd like to do instead is keep all of

the signup logic together including

these validation checks and put it

inside this sign up static method right

here all right so

the first thing i'm going to do is

actually install a package called

validator and that's instead of me

coming up with a lot of regex to check

against the email and the password it's

going to do that for me so let's install

that package by cancelling out of this

process down here and then typing npm

install

validator

like so

all right and when that's installed we

need to come up here and we need to

require that so const validator

is equal to require

and we want to require the validator

package all right so

down here where do we want to do this

validation well really we want to do it

before we try any of this down here

because if none of the fields are valid

or if one of them is not valid we don't

need to do the rest of this stuff we

just send back some kind of error

so let's do a comment that says

validation and then below that first of

all i want to make sure that we actually

have a value for the email and the

password so we'll do a little lift check

to say if not email

and then or so double pipe not password

so if we don't have a value for either

of these then we're gonna throw an error

and the error that we throw is gonna

have the message all fields

must be filled so now if we try to send

the request whereby the email doesn't

exist or the password or both then we're

going to throw this error and obviously

we catch that error down here and we

respond with a json message which is the

error itself so this message right here

so that is ultimately what would show

underneath the form on the react

application

so that's the first check the second

thing i want to do is check if the email

is a valid email and for this we're

going to use our validator package so

we're going to say if not

validator

and then dots and then we use a method

called is email so this checks if

something is an email and we want to

pass through this email thing right here

so

this is going to return true or false

true if it is a valid email false if

it's not

now if it is a valid email we reverse

that to be false so therefore the if

block won't fire but if it's not a valid

email and this is false we reverse that

using this exclamation and this is going

to evaluate to true and therefore it

will fire so we can throw an error if

it's not a valid email so we can say

throw error

and the message this time is going to be

email

is not valid

all right and there's one more we want

to do and that is to check if the

password is strong enough so i'm going

to say if not again validator

and then we use a method called is

strong

password
all right so this is something like

if the password has uppercase lowercase

and a symbol or something like that and

maybe a minimum length of eight maybe

more i don't know but we'll find out

soon enough anyway we pass in the

password

this thing right here into that and then

therefore if the password is not strong

enough we throw

an error again this time we'll just say

password

not strong enough

like so

spell this correctly all right

and that is pretty much all of the

validation we really need to do here

we're checking that the fields have

values then that we have a valid email

and then that the password is strong

enough and obviously down here we do

another check to make sure that email

hasn't already been used all right so

now this is all done let's try this

again in postman

all right then so first of all to this

endpoint let's try not adding an email

and a password so if we send this

hopefully yeah we get that error message

back all fields must be filled all right

so let's also try adding an email like

yoshi

at

netninja.dev

press send and again all fields must be

filled because we don't have a password

all right let's say abc

like so so let's send this again

so now we can see the password is not

strong enough so let's try

capitals a b c at the start then normal

abc then one two three and then an

exclamation

so if we send this

then we see the email is already in use

because we already tried to sign up with

yoshi at netninja.dev so now let's try

bowser

and hopefully this is all going to work

now

and yeah we can see that document was

created and we get it back right here

with the hashed password so all of that

kind of validation logic is in place now