node.js validation user-input jsonschema

Should I validate input in API or BL layer?

I have a node.js application with an API, BL and DAL layers and I want to validate user input.

Currently I'm doing the validation at the beginning of BL functions so it doubles as a user input validator and an inner application validators (calls from other classes)

I'm worried it's not good practice as the validation may happen multiple times on a single API call for some functions (e.g a function that accepts userId and then sends the userId to other functions, validating the same value multiple times)

Solution

You should validate data when it comes from request to your routes using middleware:

router
  .get('/', validators.users.index, actions.users.index)

If you wish I can share the rest of the code of validation with Joi.

Invalid options object. Dev Server has been initialized using an options object that does not match the API schema
What is the (smallest) setup to allow import to be used by Jest?
How can the default node version be set using NVM?
Uncaught ReferenceError: Buffer is not defined
How to properly delete data from a table and chain the deletion
How do I test a Node.JS Script that is not a module and runs as soon as it's called?
Testing JavaScript Written for the Browser in Node JS
'You are running version ' + process.version + ' of Node.js, which is not supported by Angular CLI v6
Update BigQuery table with an array of objects where some of the values may be null
Using multer diskStorage with Typescript
Error: Could not resolve various Storybook dependencies with Storybook 8 and PNPM
Do global augmentations need to be imported as a side effect in the consumer?
npm ERR! Refusing to delete / code EEXIST
How to allow ':' character in Node.js Express routes (Google custom methods)
nodemon + express, listen port =?
NextAuth: how to return custom errors without redirection
npm publish fails with GitLab NPM registry
How to end server in VSCode after closing terminal window
AWS SDK file upload to S3 via Node/Express using stream PassThrough - file is always corrupt
Github API is responding with a 403 when using Request's request function
Refactor AWS cdk stack into multiple smaller stacks
"React.Children.only expected to receive a single React element child" error when putting <Image> and <TouchableHighlight> in a <View>
Firestore set doc with merge option true or update doc
node:console test is producing TypeError: Console is not a constructor
setState doesn't update the state immediately
Unknown file extension ".ts" for a TypeScript file
Axios delete method
Re-throwing exception in NodeJS and not losing stack trace
Firebase Functions "cannot determine backend specification"
Cant access Firebase Admin SDK via Node.js on my VPS, but I can on my local machine