I am not asking whether to do server-side validation or not.
My question is whether any solution or better practice exist in the software world to address this repetition of code.
Asked
Active
Viewed 193 times
-1
-
This is really open-ended question more suited for discussion than Q&A. Maybe try asking in chat? – Euphoric Jul 02 '19 at 11:52
-
that's one reason why some people like Node.js: you can share the same code between frontend and backend – amon Jul 02 '19 at 12:14
-
That's why some people like PHP. The backend is the frontend. – Kayaman Jul 02 '19 at 12:28
1 Answers
3
Server-side validation is for security, so users can't bypass client-side validation and send potentially harmful requests.
Client-side validation is for usability, so users can immediately see that for example certain fields are required or need a specific format.
They're not necessarily identical, although in many cases very similar. For example a textfield that's limited to 50 characters on the frontend would probably be limited to 50 characters on the backend as well.
In certain cases it may be possible to avoid doing at least some "double" work, but this usually means that the frontend and the backend are very tightly associated (share the same codebase, frontend linked directly to the backend somehow, possibly using a Rapid Application Development tool). In a normal situation where there are no dependencies between the front-end and the backend (such as a REST API and a Javascript client) there are no generic solutions.
Kayaman
- 1,930
- 12
- 16
-
Is any solution or better practice exist in software world, for this repeatation of code? – Rajesh Jul 02 '19 at 11:59
-
Not something that would be applicable across different technologies. If the client were to be generated, such as with [Swagger](https://swagger.io), then you get the "automatic" validation on the front-end. But this is a specific case, and the generated front-end isn't really an application. – Kayaman Jul 02 '19 at 12:05
-
@Rajesh: There is a solution for the duplication, but it comes with a downside of its own. You can create validation end-points on the server and call those from the front-end to do the validation. – Bart van Ingen Schenau Jul 02 '19 at 13:02
-
@BartvanIngenSchenau how would those differ from the actual endpoints which also do validation? I suppose you could have failed validation result in a 400 response with a JSON body describing the constraints. It would result in some additional roundtrips to the server and require some kind of client side support, but it would be doable in simple cases. Not something I'd consider a widely applicable solution though. – Kayaman Jul 02 '19 at 13:45
-
@Rajesh, the validation end-points wouldn't store anything and can be more granular (e.g. validate just an email address, rather than a complete Person object). The additional roundtrips to the server is indeed a downside. – Bart van Ingen Schenau Jul 02 '19 at 13:51
-
@BartvanIngenSchenau it would just be repeating the validation code on the backend then. Besides, something like email validation as a separate endpoint wouldn't be very useful. The server roundtrips are a minor issue due to the cheap computing power these days. The main problem is still the automatic conversion of the server-sent constraints to the user readable UI visuals (something more complicated than "Field x is required"). – Kayaman Jul 03 '19 at 07:56