0

I am building a Rest API based on flask Restful. And I'm troubled what would be the best way to parse the arguments I am waiting for.

The info:

Table Schema: 

-----------------------------------------
| ID | NAME | IP | MAIL | OS | PASSWORD |
-----------------------------------------

Method that does the job:

def update_entry(data, id):
    ...
    ...
pass

The resource that handles the request:

def put(self, id):        
    json_data = request.get_json(force=True)
    update_entry(json_data, id)
    pass

Json format:

{'NAME': 'john', 'OS': 'windows'}

I have to mention that I do not know if all the above are relevant to my question.

Now what I would like to know is, where is the proper place to check if the client sent the arguments i want or the keys in his request are valid. I have thought a couple of alternatives but i have the feeling that i'm missing a best practice here.

  1. Pass whatever the client sends to the backend let an error happen and catch it.
  2. Create sth like a json template and validate the client's request with that before pass it back.

Ofc the first option is simplier, but the second doesn't create unnecessary load to my db although might become quite complex.

Any opinion for either of the above two or any other suggestion welcome.

Akis
  • 193
  • 10

2 Answers2

1

Why you don't consider to use a library like marchmallow since the flask-restful documentation suggest it? It will answer your problems in a proper and non custom why like if you would right the validation from scratch.

zochamx
  • 850
  • 8
  • 17
0

It's not a good idea to let your database api catch errors. Repeated DB access will hamper performance.

Best case scenario, if you can error check the json at the client, do it. Error check a json in python anyhow. You must always assume that the network is compromised and you will get garbage values/ malicious requests. A design principle I read somewhere (Clean Code I think) was that be strict on output but go easy on the input.

famagusta
  • 160
  • 8