9 stable releases

1.4.0 Mar 11, 2024
1.3.0 Jan 3, 2024
1.2.0 Dec 27, 2023
1.0.12 Oct 7, 2023
1.0.11 Apr 26, 2023

#2 in #validify

Download history 581/week @ 2024-03-14 479/week @ 2024-03-21 430/week @ 2024-03-28 451/week @ 2024-04-04 506/week @ 2024-04-11 472/week @ 2024-04-18 246/week @ 2024-04-25 138/week @ 2024-05-02 59/week @ 2024-05-09 72/week @ 2024-05-16 68/week @ 2024-05-23 124/week @ 2024-05-30 181/week @ 2024-06-06 159/week @ 2024-06-13 114/week @ 2024-06-20 77/week @ 2024-06-27

585 downloads per month
Used in 3 crates (via validify)

MIT license

3.5K SLoC


Build test coverage docs version

Procedural macros that provide attributes for data validation and modification. Particularly useful in the context of web payloads.


Modifier Type Description
trim* String Removes surrounding whitespace
uppercase* String Calls .to_uppercase()
lowercase* String Calls .to_lowercase()
capitalize* String Makes the first char of the string uppercase
custom Any Takes a function whose argument is &mut <Type>
validify impl Validify / impl Iterator<Item = impl Validify> Can only be used on fields that are structs (or collections of) implementing the Validify trait. Runs all the nested struct's modifiers and validations.

*Also works for Vec<String> by running the modifier on each element.


All validators also take in a code and message as parameters, their values are must be string literals if specified.

Validator Type Params Param type Description
email String -- -- Checks emails based on this spec.
ip String format Ident (v4/v6) Checks if the string is an IP address.
url String -- -- Checks if the string is a URL.
length Collection min, max, equal LitInt Checks if the collection length is within the specified params. Works through the HasLen trait.
range Int/Float min, max LitFloat Checks if the value is in the specified range.
must_match Any value Ident Checks if the field matches another field of the struct. The value must be equal to a field identifier on the deriving struct.
contains Collection value Lit/Path Checks if the collection contains the specified value. If used on a K,V collection, it checks whether it has the provided key.
contains_not Collection value Lit/Path Checks if the collection doesn't contain the specified value. If used on a K,V collection, it checks whether it has the provided key.
non_control_char String -- -- Checks if the field contains control characters
custom Function function Path Executes custom validation on the field by calling the provided function
regex String path Path Matches the provided regex against the field. Intended to be used with lazy_static by providing a path to an initialised regex.
credit_card String -- -- Checks if the field's value is a valid credit card number
phone String -- -- Checks if the field's value is a valid phone number
required Option<T> -- -- Checks whether the field's value is Some
is_in impl PartialEq collection Path Checks whether the field's value is in the specified collection
not_in impl PartialEq collection Path Checks whether the field's value is not in the specified collection
validate impl Validate -- -- Calls the underlying struct's validate implementation
iter impl Iterator List of validators Validator Runs the provided validators on each element of the iterable
time NaiveDate[Time] See below See below Performs a check based on the specified op

Time operators

All time operators may take in inclusive = bool. All time operator must take in time = bool when validating datetimes, by default time validators will attempt to validate dates.

in_period and the *_from_now operators are inclusive by default.

The target param must be a string literal date or a path to an argless function that returns a date[time].

If the target is a string literal, it must contain a format param, as per this.

Accepted interval parameters are seconds, minutes, hours, days, weeks.

The _from_now operators should not use negative duration due to how they validate the inputs, negative duration for in_period works fine.

Op Params Description
before target Check whether a date[time] is before the target one
after target Check whether a date[time] is after the target one
before_now -- Check whether a date[time] is before today[now]
after_now -- Check whether a date[time] is after today[now]
before_from_now interval Check whether a date[time] is before the specified interval from today[now]
after_from_now interval Check whether a date[time] is after the specified interval from the today[now]
in_period target, interval Check whether a date[time] falls within a certain period

Annotate the struct you want to modify and validate with the Validify attribute (if you do not need the payload or modification, derive validify::Validate):

use validify::Validify;

#[derive(Debug, Clone, serde::Deserialize, Validify)]
struct Testor {
    #[modify(lowercase, trim)]
    #[validate(length(equal = 8))]
    pub a: String,
    #[modify(trim, uppercase)]
    pub b: Option<String>,
    pub c: String,
    pub d: Option<String>,
    pub nested: Nestor,

#[derive(Debug, Clone, serde::Deserialize, Validify)]
struct Nestor {
    #[modify(trim, uppercase)]
    #[validate(length(equal = 12))]
    a: String,
    #[validate(length(equal = 14))]
    b: String,

fn do_something(input: &mut String) {
    *input = String::from("modified");

let mut test = Testor {
  a: "   LOWER ME     ".to_string(),
  b: Some("  makemeshout   ".to_string()),
  c: "I'll never be the same".to_string(),
  d: Some("Me neither".to_string()),
  nested: Nestor {
    a: "   notsotinynow   ".to_string(),
      b: "capitalize me.".to_string(),

// The magic line
let res = test.validify();

assert!(matches!(res, Ok(_)));

// Parent
assert_eq!(test.a, "lower me");
assert_eq!(test.b, Some("MAKEMESHOUT".to_string()));
assert_eq!(test.c, "modified");
assert_eq!(test.d, Some("modified".to_string()));
// Nested
assert_eq!(test.nested.a, "NOTSOTINYNOW");
assert_eq!(test.nested.b, "Capitalize me.");

Notice how even though field d is an option, the function used to modify the field still takes in &mut String. This is because modifiers and validations are only executed when the field isn't None.


Validify is built around 3 simple traits:

  • Validate
  • Modify
  • Validify

These traits should theoretically never have to be implemented manually.

As their names suggest, the first two traits perform validation and modification, while the third combines those 2 actions into a single one - validify.

The traits contain a single function which is constructed based on struct annotations when deriving them.


Structs annotated with #[derive(Payload)] get an associated payload struct, e.g.

#[derive(validify::Validify, validify::Payload)]
struct Something {
  a: usize,
  b: String,
  c: Option<bool>

behind the scenes will generate an intermediary

#[derive(Debug, Clone, serde::Deserialize, validify::Validate)]
struct SomethingPayload {
  a: Option<usize>,
  b: Option<String>,
  c: Option<bool>,

  /* From and Into impls */

The motivation for this is to aid in deserializing potentially missing fields. Even though the payload struct cannot help with deserializing wrong types, it can still prove useful and provide a bit more meaningful error messages when fields are missing.

The original struct gets a ValidifyPayload implementation with 2 associated fns: validate_from and validify_from whose whose respective arguments are the generated payload.

The ValidifyPayload implementations first validate the required fields of the payload. Then, if any required fields are missing, no further modification/validation is done and the errors are returned. Next, the payload is transformed to the original struct and modifications and/or validations are run on it.

When a struct contains nested validifies (child structs annotated with #[validify]), all the children in the payload will also be transformed and validated as payloads first. This means that any nested structs must also derive Payload.

The payload and serde

Struct level attributes, such as rename_all are propagated to the payload. When attributes that modify field names are present, any field names in returned errors will be represented as the original (i.e. client payload).

There are a few special serde attributes that validify treats differently; rename, with and deserialize_with. It is highly advised these attributes are kept in a separate annotation from any other serde attributes, due to the way they are parsed for the payload.

The rename attribute is used by validify to set the field name in any errors during validation. The with and deserialize_with will be transfered to the payload field and will create a special deserialization function that will call the original and wrap the result in an option. If the custom deserializer already returns an option, it will do nothing.

Schema validation

Schema level validation can be performed using the following:

use validify::{Validify, ValidationErrors, schema_validation, schema_err};
struct Testor {
    a: String,
    b: usize,

fn validate_testor(t: &Testor) -> Result<(), ValidationErrors> {
  if t.a.as_str() == "yolo" && t.b < 2 {
    schema_err!("Invalid Yolo", "Cannot yolo with b < 2");

The #[schema_validation] proc macro expands the function to:

fn validate_testor(t: &Testor) -> Result<(), ValidationErrors> {
    let mut errors = ValidationErrors::new();
    if t.a == "yolo" && t.b < 2 {
        errors.add(ValidationError::new_schema("Invalid Yolo").with_message("Cannot yolo with b < 2".to_string()));
    if errors.is_empty() { Ok(()) } else { Err(errors) }

This makes schema validations a bit more ergonomic and concise. Like field level validation, schema level validation is performed after modification.


The main ValidationError is an enum with 2 variants, Field and Schema. Field errors are, as the name suggests, created when fields fail validation and are usually automatically generated unless using custom handlers (custom field validation functions always must return a result whose Err variant is ValidationError).

If you want to provide a message along with the error, you can directly specify it in the attribute (the same goes for the code), for example:

#[validate(contains(value = "something", message = "Does not contain something", code = "MUST_CONTAIN"))]

Keep in mind, when specifying validations this way, all attribute parameters MUST be specified as NameValue pairs. This means that if you write

#[validate(contains("something", message = "Bla"))],

you will get an error because the parser expects either a single value or multiple name value pairs.

The field_err! macro provides a shorthand for creating field errors when using custom functions.


Locations are tracked for each error in a similar manner to JSON pointers. When using custom validation, whatever field name you specify in the returned error will be used in the location for that field. Keep in mind locations are not reliable when dealing with hashed map/set collections as the item ordering for those is not guaranteed.

Error location display will depend on the original client payload, i.e. they will be displayed in the original case the payload was received (e.g. when using serde's rename_all). Any overriden field names will be displayed as such.


Schema errors are usually created by the user in schema validation. The schema_err! macro alongside #[schema_validation] provides an ergonomic way to create schema errors. All errors are composed to a ValidationErrors struct which contains a vec of all the validation errors.


When sensible, validify automatically appends failing parameters and the target values they were validated against to the errors created to provide more clarity to the client and to save some manual work.

One parameter that is always appended is the actual field which represents the value of the violating field's target property during the validation. Some validators append additional data to the errors representing the expected values for the field.



use chrono::{NaiveDate, NaiveDateTime};

#[derive(Debug, validify::Validate)]
struct DateTimeExamples {
    #[validate(time(op = before, target = "2500-04-20", format = "%Y-%m-%d", inclusive = true))]
    before: NaiveDate,
    #[validate(time(op = before, target = "2500-04-20T12:00:00.000", format = "%Y-%m-%-dT%H:%M:%S%.3f"))]
    before_dt: NaiveDateTime,
    #[validate(time(op = after, target = "2022-04-20", format = "%Y-%m-%d"))]
    after: NaiveDate,
    #[validate(time(op = after, target = "2022-04-20T12:00:00.000", format = "%Y-%m-%-dT%H:%M:%S%.3f"))]
    after_dt: NaiveDateTime,
    #[validate(time(op = in_period, target = "2022-04-20", format = "%Y-%m-%d", weeks = -2))]
    period: NaiveDate,

With route handler

    use validify::{Validify, Payload, ValidifyPayload};

    #[derive(Debug, Validify, Payload)]
    struct JsonTest {
        a: String,
        #[modify(trim, uppercase)]
        #[validate(length(equal = 11))]
        b: String,

    // This would normally come from a framework
    struct Json<T>(T);

    fn test() {
      let jt = JsonTest {
          a: "MODIFIED".to_string(),
          b: "    makemeshout    ".to_string(),
      let json = Json(JsonTestPayload::from(jt));

    fn mock_handler(data: Json<JsonTestPayload>) {
      let data = data.0;
      let data = JsonTest::validify_from(data.into()).unwrap();

    fn mock_service(data: JsonTest) {
      assert_eq!(data.a, "modified".to_string());
      assert_eq!(data.b, "MAKEMESHOUT".to_string())

See more examples in the test directory


If you have any ideas on how to improve Validify, such as common validations you find useful or better error messages, do not hesitate to open an issue or PR. All ideas are welcome!


~89K SLoC