On 18/08/2013 2:00 PM, "Alexandr Kurilin" <a...@kurilin.net> wrote:
>
> I'd love to know your expert opinion on this, since you wrote Bouncer: say
> you're in the situation I listed above, where you don't care about nice
> error handling, you just want to give the caller a 400 if the input is
> incorrect. Would you still go the route where the validator function
> returns a list of errors? My concern is that now I have to have additional
> checks in place in my controller for whether the model save returned a list
> of errors, which will regardless ultimately result in a 400 status code.
>
Hi Alexandr,
I see your point now and I completely agree your API should leak "as little
as possible, but no less".
By that I mean your API should try and help it users - as Christian pointed
out.
To me, the types of information you would not want leaked are: database
names, table names, server host names, software versions etc.
Validation errors on the other hand are, in my opinion, crucial when using
an API. It's very frustrating to make a request to an API I'm learning and
get a 400 back that tells me nothing about what went wrong - making me go
read the docs - so the information you're trying to hide would still be
available - only in a different medium.
In regards to your question though, about how to handle the validations if
you don't care about the actual messages, I'd approach it in one of two
ways - this is assuming bouncer as the validation library:
The first one is the same as before but highlighting you don't care about
the validation results:
(defn my-fn [my-map]
(match (validate my-map)
[nil original-map] (send-400)
[_ original-map] (save original-map)))
;; bouncer returns nil as the first element of the vector if the validation
is successful
For the second one, I'll use the function 'valid?' , also from bouncer,
which simply returns a boolean - it's meant for the cases where you don't
care about the messages:
(defn my-fn [my-map]
(if (valid? my-map)
(save original-map)
(send-400)))
I hope this is helpful - but I'd encourage you to think about the scenarios
where sending back validation errors could be helpful for your API clients
>
> Thanks!
>
> (BTW, your blog is great, great content)
>
Thank you for the kind words :)
Cheers,
Leonardo Borges
--
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
---
You received this message because you are subscribed to the Google Groups
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
