DEV Community

Darragh O'Riordan
Darragh O'Riordan

Posted on • Originally published at darraghoriordan.com on

2 1

Fixing validation error in NestJS when using forbidUnknwonValues in validation pipe

If you get unexplained validation errors (http status 400) when calling a NestJS api you might want to check your Query() parameters. Parsing and validating these the wrong way can cause issues.

Parsing Query parameters in NestJs

There are two ways to parse query strings in Nest Js. You can parse each variable separately or parse an object. Complex parameters cause issues when parsing from query strings. I would always recommend parsing via an object if you use any kind of non-string parameters.

e.g.

@Controller('myController')
export class MyControllerController {
  @Get()
  async myMethod(
    @Query('param1') param1?: string,
    @Query('param2', new ParseArrayPipe({ items: String, optional: true }))
    param2?: string[]
  ): Promise<void> {}
}
Enter fullscreen mode Exit fullscreen mode

The param2 there will break forbidUnknownValues. Class validator can’t parse it correctly.

Instead you can define an object that describes all the parameters. Define the required transforms and tell nest to run both validation and transformation on the query string to get the right values out.

Create a model that describes the parameters.

import { Type, Transform } from 'class-transformer'
import { IsArray, IsDate, IsDefined, IsEnum, IsOptional } from 'class-validator'

export default class QueryParams {
  @IsString()
  @IsOptional()
  public param1!: string

  @IsOptional()
  @IsArray()
  @IsString({ each: true })
  @Type(() => String)
  @Transform((value: string) => value.split(','))
  public param2?: string[]
}
Enter fullscreen mode Exit fullscreen mode

and then change the controller to use this model instead of individual query string parameters.

@Controller('myController')
export class MyControllerController {
  @Get()
  async myMethod(
    @Query(new ValidationPipe({ transform: true })) allQueryParams: QueryParams
  ): Promise<void> {}
}
Enter fullscreen mode Exit fullscreen mode

Conclusion

You should be able to use the forbidUnknownValues setting in the validation pipe configuration as expected now. In general once I have more than 2-3 query parameters in an api method I think it’s easier to use a query object.

Tiugo image

Modular, Fast, and Built for Developers

CKEditor 5 gives you full control over your editing experience. A modular architecture means you get high performance, fewer re-renders and a setup that scales with your needs.

Start now

Top comments (0)

Sentry image

Make it make sense

Only the context you need to fix your broken code with Sentry.

Start debugging →

👋 Kindness is contagious

Dive into this thoughtful article, cherished within the supportive DEV Community. Coders of every background are encouraged to share and grow our collective expertise.

A genuine "thank you" can brighten someone’s day—drop your appreciation in the comments below!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found value here? A quick thank you to the author makes a big difference.

Okay