-
-
Notifications
You must be signed in to change notification settings - Fork 79
Description
Summary
I'm a big fan of Litestar, but I've been a bit lost when it comes to finding the preferred best practices for actually validating data in a strict, security minded fashion, as the main Litestar docs are sadly lacking in that regard.
Fields like emails and passwords are the most obvious examples, but here both are just str
all the places I could find. No minimum lengths, no validating that an email address is an actual email address, etc.
Basic Example
Pydantic has an EmailStr
type: https://docs.pydantic.dev/2.0/usage/types/string_types/#emailstr
Along with other types and features for things like URLs, stripping whitespace, forcing lowercase, etc. So I was hoping to find something similar here (regardless of whether it comes from Litestar directly vs Msgspec). Along the lines of:
class User(Struct):
email: Annotated[EmailStr, Meta(to_lower=True)]
password: Annotated[SecretStr, Meta(min_length=12)]
Drawbacks and Impact
I don't really see any drawbacks to doing this.
Unresolved questions
It seems like even a really solid example of how to do this on your own would be beneficial. Like a guide for the best way to do custom validation per field. But I can't find that either. Am I just missing something?