Day 4: Error Handling and Validation | Express.js in 5 Days

Centralized Error Handling

middleware/errorHandler.js

// Error handler middleware: 4 params = Express treats it as error handler
module.exports = (err, req, res, next) => {
  console.error(err.stack);

  // Mongoose validation error
  if (err.name === 'ValidationError') {
    const errors = Object.values(err.errors).map(e => e.message);
    return res.status(400).json({ error: 'Validation failed', details: errors });
  }

  // MongoDB duplicate key
  if (err.code === 11000) {
    const field = Object.keys(err.keyValue)[0];
    return res.status(400).json({ error: `${field} already exists` });
  }

  // JWT errors
  if (err.name === 'JsonWebTokenError') return res.status(401).json({ error: 'Invalid token' });

  // Default
  res.status(err.status || 500).json({ error: err.message || 'Internal server error' });
};

server.js — register error handler

// Error handler must be last middleware
app.use(errorHandler);

// In async routes, pass errors to next()
router.get('/posts/:id', async (req, res, next) => {
  try {
    const post = await Post.findById(req.params.id);
    if (!post) return res.status(404).json({ error: 'Not found' });
    res.json(post);
  } catch (err) {
    next(err);  // sends to errorHandler
  }
});

Zod Validation

npm install zod

const { z } = require('zod');

const createUserSchema = z.object({
  name: z.string().min(2).max(50),
  email: z.string().email(),
  password: z.string().min(8),
});

// Middleware
function validate(schema) {
  return (req, res, next) => {
    const result = schema.safeParse(req.body);
    if (!result.success) {
      return res.status(400).json({ errors: result.error.flatten() });
    }
    req.validatedBody = result.data;
    next();
  };
}

router.post('/users', validate(createUserSchema), async (req, res) => {
  // req.validatedBody is clean and type-safe
});

📝 Day 4 Exercise

Add Error Handling to Your API

A
d
d
t
h
e
c
e
n
t
r
a
l
i
z
e
d
e
r
r
o
r
h
a
n
d
l
e
r
t
o
y
o
u
r
s
e
r
v
e
r
.
C
o
n
v
e
r
t
a
l
l
t
r
y
/
c
a
t
c
h
b
l
o
c
k
s
t
o
u
s
e
n
e
x
t
(
e
r
r
)
.
A
d
d
Z
o
d
v
a
l
i
d
a
t
i
o
n
t
o
y
o
u
r
P
O
S
T
a
n
d
P
U
T
r
o
u
t
e
s
.
T
e
s
t
t
h
a
t
i
n
v
a
l
i
d
i
n
p
u
t
r
e
t
u
r
n
s
p
r
o
p
e
r
4
0
0
e
r
r
o
r
s
.

Day 4 Summary

The 4-param middleware (err, req, res, next) is Express's error handler. Register it last.
next(err) in async routes sends errors to the error handler — don't swallow them.
Zod validates and parses input in one step. safeParse never throws — check result.success.
Consistent error response format matters for frontend developers consuming your API.

→

← Previous

Day 3: Authentication with JWT

Day 5: Deploy to Production

→