Fastify uses a schema-based approach, and even if it is not mandatory we recommend using JSON Schema to validate your routes and serialize your outputs. Internally, Fastify compiles the schema into a highly performant function.
Treat the schema definition as application code. As both validation and serialization features dynamically evaluate code with
new Function()
, it is not safe to use user-provided schemas. See Ajv and fast-json-stringify for more details.
The validation and the serialization tasks are processed by two different, and customizable, actors:
- Ajv for the validation of a request
- fast-json-stringify for the serialization of a response's body
These two separate entities share only the JSON schemas added to Fastify's instance through .addSchema(schema)
.
Thanks to the addSchema
API, you can add multiple schemas to the Fastify instance and then reuse them in multiple parts of your application.
As usual, this API is encapsulated.
The shared schemas can be reused through the JSON Schema $ref
keyword.
Here an overview on how references work:
myField: { $ref: '#foo'}
will search for field with$id: '#foo'
inside the current schemamyField: { $ref: '#/definitions/foo'}
will search for fielddefinitions.foo
inside the current schemamyField: { $ref: 'http://url.com/sh.json#'}
will search for a shared schema added with$id: 'http://url.com/sh.json'
myField: { $ref: 'http://url.com/sh.json#/definitions/foo'}
will search for a shared schema added with$id: 'http://url.com/sh.json'
and will use the fielddefinitions.foo
myField: { $ref: 'http://url.com/sh.json#foo'}
will search for a shared schema added with$id: 'http://url.com/sh.json'
and it will look inside of it for object with$id: '#foo'
Simple usage:
fastify.addSchema({
$id: 'http://example.com/',
type: 'object',
properties: {
hello: { type: 'string' }
}
})
fastify.post('/', {
handler () {},
schema: {
body: {
type: 'array',
items: { $ref: 'http://example.com#/properties/hello' }
}
}
})
$ref
as root reference:
fastify.addSchema({
$id: 'commonSchema',
type: 'object',
properties: {
hello: { type: 'string' }
}
})
fastify.post('/', {
handler () {},
schema: {
body: { $ref: 'commonSchema#' },
headers: { $ref: 'commonSchema#' }
}
})
If the validator and the serializer are customized, the .addSchema
method will not be useful since the actors are no longer
controlled by Fastify.
So, to access the schemas added to the Fastify instance, you can simply use .getSchemas()
:
fastify.addSchema({
$id: 'schemaId',
type: 'object',
properties: {
hello: { type: 'string' }
}
})
const mySchemas = fastify.getSchemas()
const mySchema = fastify.getSchema('schemaId')
As usual, the function getSchemas
is encapsulated and returns the shared schemas available in the selected scope:
fastify.addSchema({ $id: 'one', my: 'hello' })
// will return only `one` schema
fastify.get('/', (request, reply) => { reply.send(fastify.getSchemas()) })
fastify.register((instance, opts, done) => {
instance.addSchema({ $id: 'two', my: 'ciao' })
// will return `one` and `two` schemas
instance.get('/sub', (request, reply) => { reply.send(instance.getSchemas()) })
instance.register((subinstance, opts, done) => {
subinstance.addSchema({ $id: 'three', my: 'hola' })
// will return `one`, `two` and `three`
subinstance.get('/deep', (request, reply) => { reply.send(subinstance.getSchemas()) })
done()
})
done()
})
The route validation internally relies upon Ajv, which is a high-performance JSON Schema validator. Validating the input is very easy: just add the fields that you need inside the route schema, and you are done!
The supported validations are:
body
: validates the body of the request if it is a POST or a PUT.querystring
orquery
: validates the query string.params
: validates the route params.headers
: validates the request headers.
All the validations can be a complete JSON Schema object (with a type
property of 'object'
and a 'properties'
object containing parameters) or a simpler variation in which the type
and properties
attributes are forgone and the parameters are listed at the top level (see the example below).
Example:
const bodyJsonSchema = {
type: 'object',
required: ['requiredKey'],
properties: {
someKey: { type: 'string' },
someOtherKey: { type: 'number' },
requiredKey: {
type: 'array',
maxItems: 3,
items: { type: 'integer' }
},
nullableKey: { type: ['number', 'null'] }, // or { type: 'number', nullable: true }
multipleTypesKey: { type: ['boolean', 'number'] },
multipleRestrictedTypesKey: {
oneOf: [
{ type: 'string', maxLength: 5 },
{ type: 'number', minimum: 10 }
]
},
enumKey: {
type: 'string',
enum: ['John', 'Foo']
},
notTypeKey: {
not: { type: 'array' }
}
}
}
const queryStringJsonSchema = {
type: 'object',
properties: {
name: { type: 'string' },
excitement: { type: 'integer' }
}
}
const paramsJsonSchema = {
type: 'object',
properties: {
par1: { type: 'string' },
par2: { type: 'number' }
}
}
const headersJsonSchema = {
type: 'object',
properties: {
'x-foo': { type: 'string' }
},
required: ['x-foo']
}
const schema = {
body: bodyJsonSchema,
querystring: queryStringJsonSchema,
params: paramsJsonSchema,
headers: headersJsonSchema
}
fastify.post('/the/url', { schema }, handler)
Note that Ajv will try to coerce the values to the types specified in your schema type
keywords, both to pass the validation and to use the correctly typed data afterwards.
You can provide a list of plugins you want to use with Ajv:
Refer to
ajv options
to check plugins format
const fastify = require('fastify')({
ajv: {
plugins: [
require('ajv-merge-patch')
]
}
})
fastify.post('/', {
handler (req, reply) { reply.send({ ok: 1 }) },
schema: {
body: {
$patch: {
source: {
type: 'object',
properties: {
q: {
type: 'string'
}
}
},
with: [
{
op: 'add',
path: '/properties/q',
value: { type: 'number' }
}
]
}
}
}
})
fastify.post('/foo', {
handler (req, reply) { reply.send({ ok: 1 }) },
schema: {
body: {
$merge: {
source: {
type: 'object',
properties: {
q: {
type: 'string'
}
}
},
with: {
required: ['q']
}
}
}
}
})
The validatorCompiler
is a function that returns a function that validates the body, url parameters, headers, and query string.
The default validatorCompiler
returns a function that implements the ajv validation interface.
Fastify uses it internally to speed the validation up.
Fastify's baseline ajv configuration is:
{
removeAdditional: true, // remove additional properties
useDefaults: true, // replace missing properties and items with the values from corresponding default keyword
coerceTypes: true, // change data type of data to match type keyword
nullable: true // support keyword "nullable" from Open API 3 specification.
}
This baseline configuration can be modified by providing ajv.customOptions
to your Fastify factory.
If you want to change or set additional config options, you will need to create your own instance and override the existing one like:
const fastify = require('fastify')()
const Ajv = require('ajv')
const ajv = new Ajv({
// the fastify defaults (if needed)
removeAdditional: true,
useDefaults: true,
coerceTypes: true,
nullable: true,
// any other options
// ...
})
fastify.setValidatorCompiler(({ schema, method, url, httpPart }) => {
return ajv.compile(schema)
})
Note: If you use a custom instance of any validator (even Ajv), you have to add schemas to the validator instead of fastify, since fastify's default validator is no longer used, and fastify's addSchema
method has no idea what validator you are using.
The setValidatorCompiler
function makes it easy to substitute ajv
with almost any Javascript validation library (joi, yup, ...) or a custom one:
const Joi = require('@hapi/joi')
fastify.post('/the/url', {
schema: {
body: Joi.object().keys({
hello: Joi.string().required()
}).required()
},
validatorCompiler: ({ schema, method, url, httpPart }) => {
return data => schema.validate(data)
}
}, handler)
const yup = require('yup')
// Validation options to match ajv's baseline options used in Fastify
const yupOptions = {
strict: false,
abortEarly: false, // return all errors
stripUnknown: true, // remove additional properties
recursive: true
}
fastify.post('/the/url', {
schema: {
body: yup.object({
age: yup.number().integer().required(),
sub: yup.object().shape({
name: yup.string().required()
}).required()
})
},
validatorCompiler: ({ schema, method, url, httpPart }) => {
return function (data) {
// with option strict = false, yup `validateSync` function returns the coerced value if validation was successful, or throws if validation failed
try {
const result = schema.validateSync(data, yupOptions)
return { value: result }
} catch (e) {
return { error: e }
}
}
}
}, handler)
Fastify's validation error messages are tightly coupled to the default validation engine: errors returned from ajv
are eventually run through the schemaErrorsText
function which is responsible for building human-friendly error messages. However, the schemaErrorsText
function is written with ajv
in mind : as a result, you may run into odd or incomplete error messages when using other validation libraries.
To circumvent this issue, you have 2 main options :
- make sure your validation function (returned by your custom
schemaCompiler
) returns errors in the exact same structure and format asajv
(although this could prove to be difficult and tricky due to differences between validation engines) - or use a custom
errorHandler
to intercept and format your 'custom' validation errors
To help you in writing a custom errorHandler
, Fastify adds 2 properties to all validation errors:
- validation: the content of the
error
property of the object returned by the validation function (returned by your customschemaCompiler
) - validationContext: the 'context' (body, params, query, headers) where the validation error occurred
A very contrived example of such a custom errorHandler
handling validation errors is shown below:
const errorHandler = (error, request, reply) => {
const statusCode = error.statusCode
let response
const { validation, validationContext } = error
// check if we have a validation error
if (validation) {
response = {
// validationContext will be 'body' or 'params' or 'headers' or 'query'
message: `A validation error occurred when validating the ${validationContext}...`,
// this is the result of your validation library...
errors: validation
}
} else {
response = {
message: 'An error occurred...'
}
}
// any additional work here, eg. log error
// ...
reply.status(statusCode).send(response)
}
Usually you will send your data to the clients as JSON, and Fastify has a powerful tool to help you, fast-json-stringify, which is used if you have provided an output schema in the route options. We encourage you to use an output schema, as it can drastically increase throughput and help prevent accidental disclosure of sensitive information.
Example:
const schema = {
response: {
200: {
type: 'object',
properties: {
value: { type: 'string' },
otherValue: { type: 'boolean' }
}
}
}
}
fastify.post('/the/url', { schema }, handler)
As you can see, the response schema is based on the status code. If you want to use the same schema for multiple status codes, you can use '2xx'
, for example:
const schema = {
response: {
'2xx': {
type: 'object',
properties: {
value: { type: 'string' },
otherValue: { type: 'boolean' }
}
},
201: {
// the contract syntax
value: { type: 'string' }
}
}
}
fastify.post('/the/url', { schema }, handler)
The serializerCompiler
is a function that returns a function that must return a string from an input object. You must provide a function to serialize every route where you have defined a response
JSON Schema.
fastify.setSerializerCompiler(({ schema, method, url, httpStatus }) => {
return data => JSON.stringify(data)
})
fastify.get('/user', {
handler (req, reply) {
reply.send({ id: 1, name: 'Foo', image: 'BIG IMAGE' })
},
schema: {
response: {
'2xx': {
id: { type: 'number' },
name: { type: 'string' }
}
}
}
})
If you need a custom serializer in a very specific part of your code, you can set one with reply.serializer(...)
.
When schema validation fails for a request, Fastify will automatically return a status 400 response including the result from the validator in the payload. As an example, if you have the following schema for your route
const schema = {
body: {
type: 'object',
properties: {
name: { type: 'string' }
},
required: ['name']
}
}
and fail to satisfy it, the route will immediately return a response with the following payload
{
"statusCode": 400,
"error": "Bad Request",
"message": "body should have required property 'name'"
}
If you want to handle errors inside the route, you can specify the attachValidation
option for your route. If there is a validation error, the validationError
property of the request will contain the Error
object with the raw validation
result as shown below
const fastify = Fastify()
fastify.post('/', { schema, attachValidation: true }, function (req, reply) {
if (req.validationError) {
// `req.validationError.validation` contains the raw validation error
reply.code(400).send(req.validationError)
}
})
If you want to format errors yourself, you can provide a sync function that must return an error as the schemaErrorFormatter
option to Fastify when instantiating.
errors
is an array of Fastify schema errors FastifySchemaValidationError
.
dataVar
is the currently validated part of the schema. (params | body | querystring | headers).
const fastify = Fastify({
schemaErrorFormatter: (errors, dataVar) => {
// ... my formatting logic
return new Error(myErrorMessage)
}
})
You can also use setErrorHandler to define a custom response for validation errors such as
fastify.setErrorHandler(function (error, request, reply) {
if (error.validation) {
reply.status(422).send(new Error('validation failed'))
}
})
If you want custom error response in schema without headaches and quickly, you can take a look at ajv-errors
. Checkout the example usage.
Below is an example showing how to add custom error messages for each property of a schema by supplying custom AJV options. Inline comments in the schema below describe how to configure it to show a different error message for each case:
const fastify = Fastify({
ajv: {
customOptions: { jsonPointers: true },
plugins: [
require('ajv-errors')
]
}
})
const schema = {
body: {
type: 'object',
properties: {
name: {
type: 'string',
errorMessage: {
type: 'Bad name'
}
},
age: {
type: 'number',
errorMessage: {
type: 'Bad age', // specify custom message for
min: 'Too young' // all constraints except required
}
}
},
required: ['name', 'age'],
errorMessage: {
required: {
name: 'Why no name!', // specify error message for when the
age: 'Why no age!' // property is missing from input
}
}
}
}
fastify.post('/', { schema, }, (request, reply) => {
reply.send({
hello: 'world'
})
})
If you want to return localized error messages, take a look at ajv-i18n
const localize = require('ajv-i18n')
const fastify = Fastify()
const schema = {
body: {
type: 'object',
properties: {
name: {
type: 'string',
},
age: {
type: 'number',
}
},
required: ['name', 'age'],
}
}
fastify.setErrorHandler(function (error, request, reply) {
if (error.validation) {
localize.ru(error.validation)
reply.status(400).send(error.validation)
return
}
reply.send(error)
})
JSON Schema has some type of utilities in order to optimize your schemas that, in conjunction with the Fastify's shared schema, let you reuse all your schemas easily.
Use Case | Validator | Serializer |
---|---|---|
$ref to $id |
️️✔️ | ✔️ |
$ref to /definitions |
✔️ | ✔️ |
$ref to shared schema $id |
✔️ | ✔️ |
$ref to shared schema /definitions |
✔️ | ✔️ |
const refToId = {
type: 'object',
definitions: {
foo: {
$id: '#address',
type: 'object',
properties: {
city: { type: 'string' }
}
}
},
properties: {
home: { $ref: '#address' },
work: { $ref: '#address' }
}
}
const refToDefinitions = {
type: 'object',
definitions: {
foo: {
$id: '#address',
type: 'object',
properties: {
city: { type: 'string' }
}
}
},
properties: {
home: { $ref: '#/definitions/foo' },
work: { $ref: '#/definitions/foo' }
}
}
fastify.addSchema({
$id: 'http://foo/common.json',
type: 'object',
definitions: {
foo: {
$id: '#address',
type: 'object',
properties: {
city: { type: 'string' }
}
}
}
})
const refToSharedSchemaId = {
type: 'object',
properties: {
home: { $ref: 'http://foo/common.json#address' },
work: { $ref: 'http://foo/common.json#address' }
}
}
fastify.addSchema({
$id: 'http://foo/shared.json',
type: 'object',
definitions: {
foo: {
type: 'object',
properties: {
city: { type: 'string' }
}
}
}
})
const refToSharedSchemaDefinitions = {
type: 'object',
properties: {
home: { $ref: 'http://foo/shared.json#/definitions/foo' },
work: { $ref: 'http://foo/shared.json#/definitions/foo' }
}
}
- JSON Schema
- Understanding JSON Schema
- fast-json-stringify documentation
- Ajv documentation
- Ajv i18n
- Ajv custom errors
- Custom error handling with core methods with error file dumping example