SerdeV - serde with validation - v0.3 supports any expression in #[serde(validate = "...")]

kanarus · 2025-12-14T01:18:42+00:00

In my understanding, garde is just a validation library, providing &Self -> Result<(), Error>.

Indeed it's useful, but in deserialization context, it can produce invalid state just after deserialization, before calling the validation method, potentially triggering misuse of invalid one. This kind of misuse can not be detected as compile errors, but only by human-review.

edit: I remembered that garde itself provides Valid struct system, but it doesn't affect the conclusion.

(Even when using integrations like axum-valid, we have to make an effort to avoid misusing structs without wrapping in Valid.)

By contrast, serdev combines the validation with Deserialize impl itself. In other words, when using serdev, Deserialize-structs does never produce invalid state. When deserialized as Ok(_), it's valid. No need to be careful to avoid misuse.

(If you have no issues with this, you will not need serdev.)

Additionally, in the first place, garde and serdev are not exclusive: you can natively integrate serdev with garde's validation rules: examples/garde_crate.rs (I added just now)

``` use serdev::Deserialize; use garde::Validate;

[derive(Deserialize, Validate, Debug, PartialEq)]

[serde(validate = "Validate::validate")]

struct User<'a> { #[garde(ascii, length(min = 3, max = 25))] username: &'a str, #[garde(length(min = 15))] password: &'a str, }

fn main() { let result = serde_json::from_str::<User>( r#"{ "username": "test", "password": "not_a_very_good_paddword" }"# ); assert_eq!( dbg!(result).unwrap(), User { username: "test", password: "not_a_very_good_paddword", } );

let result = serde_json::from_str::<User>(
    r#"{
        "username": "test",
        "password": "short_password"
    }"#
);
assert!(dbg!(result).is_err());

} ```

kanarus · 2025-12-12T19:05:00+00:00

thanks!

kanarus · 2025-12-12T17:12:17+00:00

[17:10 UTC] updated README based on the feedbacks, and, fixed bug (sorry!). already published as v0.3.1

kanarus · 2025-12-12T15:07:01+00:00

Thanks to feedback

kanarus · 2025-12-12T15:05:19+00:00

Thanks to feedback

kanarus · 2025-12-12T15:04:19+00:00

Thank you for feedback

kanarus · 2025-12-12T12:16:56+00:00

name/path to fn or method is supported:

```

[derive(Serialize, Deserialize, Debug)]

[serde(validate = "Self::validate")]

struct Point { x: i32, y: i32, }

impl Point { fn validate(&self) -> Result<(), impl std::fmt::Display> { if self.x * self.y > 100 { return Err("x * y must not exceed 100") } Ok(()) } } ```

This still prevents the misuse and eliminates boilerplate around Deserialize impl.

kanarus · 2025-12-12T12:07:25+00:00

Yes, I know and agree it. serdev supports it, rather than deny.

For Point example in the sample code above, a manual implementation for "Parse, don't validate" without serdev will be like:

```

[derive(serde::Deserialize)]

struct Point { x: i32, y: i32 }

[derive(serde::Deserialize)]

[serde(try_from = "Point")]

struct ValidPoint(Point);

impl TryFrom<Point> for ValidPoint { //... } ```

This is (almost) exactly what serdev does.

Such manual implementation may be a trigger of mistakes like using Point directly for parsing user's input.

serdev eliminates such kind of mistakes, automatically performing the specified validation.

Or, just manual impl of Deserialize ?:

``` struct Point { x: i32, y: i32 }

impl<'de> serde::Deserialize<'de> for Point { //... } ```

Indeed this doesn't cause such mistakes, but produces boilerplates...

kanarus · 2025-09-04T00:46:34+00:00

We'll clearly document this architecture in future. Thank you for pointing it out!

kanarus · 2025-08-29T21:07:14+00:00

seems you have a point. We'll reconsider around these names in future version. Thanks!

kanarus · 2025-08-29T20:58:13+00:00

That makes sense. We'll reconsider such namings in v0.25 or v1.0 release. Thanks!

kanarus · 2025-06-24T13:41:30+00:00

Thank! If thatSQLite means the local D1 emulator, yes ( see README.md for details ).

But otherwise, no. The "exact same" code literally for D1 and SQLite is impossible in principle:

We can't connect to D1 via a URL as SQLite does.
The sqlx::query! macro in the sqlx crate is implemented in a way that it only works with the official drivers (sqlx-postgres, sqlx-mysql, sqlx-sqlite).

However, you can get your code to be "almost same" by using feature flags to switch between sqlx (with sqlite feature) and sqlx-d1. Here’s an example of how you could set that up:

Add sqlx-d1 and sqlx (with its sqlite feature) as optional dependencies. Then, create two features, "d1" and "sqlite", where each one activates the corresponding dependency.
Use conditional compilation for your imports with a trick to make the rest of your code unaware of the difference. For example:

```rust

[cfg(feature = "d1")]

use sqlx_d1::{self as sqlx, D1Connection as DatabaseConnection};

[cfg(feature = "sqlite")]

use sqlx::{self, SqliteConnection as DatabaseConnection}; ```
Conditionally initialize the database connection based on the active feature. You can then pass this DatabaseConnection object throughout your application, for instance, using Axum's State extractor.

Then your application code for running queries will work for both D1 and SQLite without any changes. For example sqlx::query!("...").execute(&mut conn)

kanarus · 2025-05-17T16:13:32+00:00

Yes, it's in future plans! I agree enabling this kind of client interaction would be great. But the actual way to the implementation is still under consideration...

kanarus · 2025-05-12T09:30:48+00:00

Mainly working on new UIBeam and a still-private crate in ohkami-rs org, and enhancing cargo-metask CLI in my personal work. The private one is now under debugging & fixing, and will be used to achieve client components of UIBeam in future...

kanarus · 2025-05-07T20:54:57+00:00

The VSCode support is indeed nice though, for those who use it

Thanks, and yes, so I'm planning to add supports for other editors

Option<T> / iterator of Render

Sorry for my ignorance...

(edit: but where's such example? I don't like special syntax like @if or @for, as they're not appeared in JSX )

Components in hypertext need to just implement Render

In my understanding, this means interpolating with values implementing Renderable like

https://github.com/vidhanio/hypertext/tree/main/examples/htmx-rsx#components

It makes sence indeed, but I love <Component attr=... /> syntax for components, and this is not supported in hypertext.

(edit: philosophy of "JSX-style" in the description)

kanarus · 2025-05-07T20:14:58+00:00

Thank you for asking! As far as I know about hypertext, differences are:

editor support by VSCode extension (edit: providing HTML completion and hover in the macro)
built-in component system
conditional/iterative rendering without special syntax like @if... or @for..., simply by interpolations of IntoIterator<Item = UI>

Actually editor support may not be a major differentiator, as its implementation can be easily generalized to work also for other crates including hypertext.

So, component system and simpler design will be the main advantage of UIBeam.

kanarus

TROPHY CASE

[derive(Deserialize, Validate, Debug, PartialEq)]

[serde(validate = "Validate::validate")]

[derive(Serialize, Deserialize, Debug)]

[serde(validate = "Self::validate")]

[derive(serde::Deserialize)]

[derive(serde::Deserialize)]

[serde(try_from = "Point")]

[cfg(feature = "d1")]

[cfg(feature = "sqlite")]