add ignore fields without tag in struct arrays

Author: siherrmann

README.md

@@ -68,6 +68,7 @@ if err != nil {
 ```
 
 In these examples:
+
 - `vld:"min3"`: Ensures the string field Name has a minimum length of 3 characters.
 - `vld:"rex^[^@]+@[^@]+\\.[^@]+$"`: Validates Email against a regular expression pattern.
 - `vld:"min18"`: Checks that the integer field Age has a minimum value of 18.
@@ -89,7 +90,7 @@ If you want to use the `User` struct for multiple handlers like `CreateUser`, `U
 
 ```go
 type User struct {
-    ID    int    `delete:"min1"`
+    ID    int    `delete:"min1" get:"min1"`
     Name  string `create:"min3" update:"min3, gr1min1"`
     Email string `create:"rex^[^@]+@[^@]+\\.[^@]+$" update:"rex^[^@]+@[^@]+\\.[^@]+$, gr1min1"`
     Age   int    `create:"min18" update:"min18, gr1min1"`
@@ -99,7 +100,7 @@ func CreateUser(w http.ResponseWriter, r *http.Request) {
     user := &User{}
     err := v.UnmapOrUnmarshalValidateAndUpdate(r, user, "create")
     if err != nil {
-        fmt.Println("Validation failed for new user:", err)
+        fmt.Println("Validation failed for creating user:", err)
     }
     ...
 }
@@ -108,7 +109,7 @@ func UpdateUser(w http.ResponseWriter, r *http.Request) {
     user := &User{}
     err := v.UnmapOrUnmarshalValidateAndUpdate(r, user, "update")
     if err != nil {
-        fmt.Println("Validation failed for new user:", err)
+        fmt.Println("Validation failed for updating user:", err)
     }
     ...
 }
@@ -117,7 +118,16 @@ func DeleteUser(w http.ResponseWriter, r *http.Request) {
     user := &User{}
     err := v.UnmapOrUnmarshalValidateAndUpdate(r, user, "delete")
     if err != nil {
-        fmt.Println("Validation failed for new user:", err)
+        fmt.Println("Validation failed for deleting user:", err)
+    }
+    ...
+}
+
+func GetUser(w http.ResponseWriter, r *http.Request) {
+    user := &User{}
+    err := v.UnmapOrUnmarshalValidateAndUpdate(r, user, "ger")
+    if err != nil {
+        fmt.Println("Validation failed for getting user:", err)
     }
     ...
 }
@@ -148,6 +158,7 @@ You can do for example `vld:"max0 || ((min10 && max30) || equTest)"` for a strin
 ### Condition types
 
 Conditions have different usages per variable type:
+
 - `-` - Not validating/update without validating.
 - `equ` - `int/float/string == condition`, `len(array) == condition`
 - `neq` - `int/float/string != condition`, `len(array) != condition`
@@ -179,7 +190,7 @@ type Error struct {
     StatusCode          int       `json:"status_code" vld:"min100" upd:"min100, gr1min1"`
     Message             string    `json:"message" vld:"min1" upd:"min1, gr1min1"`
     UnderlyingException string    `json:"underlying_exception" vld:"min1, gr1min1" upd:"min1, gr1min1"`
-    CreatedAt           time.Time `json:"created_at" vld:"-"`
+    CreatedAt           time.Time `json:"created_at"`
 }
 ```
 
@@ -189,6 +200,30 @@ One of `Message` and `UnderlyingException` is required on creation.
 
 ---
 
+# 🔒 Security
+
+The validator provides built-in security through tag-based field filtering. **Only fields with the specified validation tag will be updated**, protecting sensitive fields from unauthorized modification. This tag filtering also works recursively for nested structs and arrays of structs.
+
+## Tag Behavior
+
+When using `ValidateAndUpdate` or similar functions with a custom tag (e.g., `"upd"`), fields are handled as follows:
+
+```go
+type User struct {
+    ID        int    `json:"id"`                    // No tag: NEVER updated
+    Password  string `json:"password"`              // No tag: NEVER updated
+    Name      string `json:"name" upd:"-"`          // Ignore tag: Updated WITHOUT validation
+    Email     string `json:"email" upd:"rex^[^@]+@[^@]+\\.[^@]+$"` // Full tag: Validated AND updated
+    Role      string `json:"role"`                  // No tag: NEVER updated
+}
+
+// In your update handler:
+user := &User{}
+err := v.ValidateAndUpdate(jsonInput, user, "upd")
+```
+
+---
+
 # Testing
 
 To run the tests run `go test ./...`.

validator.go

@@ -164,17 +164,20 @@ func (r *Validator) ValidateWithValidation(jsonInput map[string]any, validations
 					return map[string]any{}, fmt.Errorf("field %v must be of type array, was %T", validation.Key, jsonValue)
 				}
 
+				validatedArray := []any{}
 				for _, jsonValueInner := range jsonArray {
 					jsonValueInnerMap, err := helper.GetValidMap(jsonValueInner)
 					if err != nil {
 						return map[string]any{}, fmt.Errorf("field %v invalid: %v", validation.Key, err.Error())
 					}
 
-					_, err = r.ValidateWithValidation(jsonValueInnerMap, validation.InnerValidation)
+					validatedInnerMap, err := r.ValidateWithValidation(jsonValueInnerMap, validation.InnerValidation)
 					if err != nil {
 						return map[string]any{}, fmt.Errorf("field %v invalid: %v", validation.Key, err.Error())
 					}
+					validatedArray = append(validatedArray, validatedInnerMap)
 				}
+				jsonValue = validatedArray
 			} else if helper.IsArray(jsonValue) {
 				err = r.ValidateValueWithParser(jsonValue, &validation)
 			} else if helper.IsString(jsonValue) {

validatorExtract.go

@@ -45,7 +45,12 @@ func GetValidationFromStructField(tagType string, fieldValue reflect.Value, fiel
 	validation := &model.Validation{}
 	validation.Key = fieldType.Name
 	if len(fieldType.Tag.Get("json")) > 0 {
-		validation.Key = fieldType.Tag.Get("json")
+		jsonKey := fieldType.Tag.Get("json")
+		// Split on comma to handle omitempty and other options
+		jsonKey = strings.Split(jsonKey, ",")[0]
+		if jsonKey != "-" {
+			validation.Key = jsonKey
+		}
 	}
 	validation.Type = model.ReflectKindToValidatorType(fieldValue.Type().Kind())
 	validation.Requirement = "-"

validator_test.go

@@ -178,6 +178,22 @@ func TestValidateAndUpdate(t *testing.T) {
 		require.Error(t, err, "Expected an error for invalid validation")
 		assert.Contains(t, err.Error(), "invalid group name: gp1", "Expected error to contain 'invalid group name: gp1'")
 	})
+
+	t.Run("Tag filtering in arrays of structs with custom tag", func(t *testing.T) {
+		testStruct := &struct {
+			Items []struct {
+				ID   string `json:"id"`
+				Name string `json:"name" upd:"-"`
+				Age  int    `json:"age" upd:"min18"`
+			} `json:"items" upd:"-"`
+		}{}
+		err := r.ValidateAndUpdate(map[string]any{"items": []any{map[string]any{"id": "123", "name": "test", "age": 19}}}, testStruct, "upd")
+		assert.NoError(t, err, "Expected no error")
+		assert.Len(t, testStruct.Items, 1, "Items should be updated")
+		assert.Equal(t, "", testStruct.Items[0].ID, "ID should not be updated (no upd tag)")
+		assert.Equal(t, "test", testStruct.Items[0].Name, "Name should not be updated (has ignore upd tag)")
+		assert.Equal(t, 19, testStruct.Items[0].Age, "Age should be updated (has full upd tag)")
+	})
 }
 
 func TestValidateAndUpdateWithValidation(t *testing.T) {