Skip to content

Enhancement: Production-ready validation of fields like email and password #180

@bdoms

Description

@bdoms

Summary

I'm a big fan of Litestar, but I've been a bit lost when it comes to finding the preferred best practices for actually validating data in a strict, security minded fashion, as the main Litestar docs are sadly lacking in that regard.

Fields like emails and passwords are the most obvious examples, but here both are just str all the places I could find. No minimum lengths, no validating that an email address is an actual email address, etc.

Basic Example

Pydantic has an EmailStr type: https://docs.pydantic.dev/2.0/usage/types/string_types/#emailstr

Along with other types and features for things like URLs, stripping whitespace, forcing lowercase, etc. So I was hoping to find something similar here (regardless of whether it comes from Litestar directly vs Msgspec). Along the lines of:

class User(Struct):
    email: Annotated[EmailStr, Meta(to_lower=True)]
    password: Annotated[SecretStr, Meta(min_length=12)]

Drawbacks and Impact

I don't really see any drawbacks to doing this.

Unresolved questions

It seems like even a really solid example of how to do this on your own would be beneficial. Like a guide for the best way to do custom validation per field. But I can't find that either. Am I just missing something?

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions