OneF (ValidationChains [, Mensaje])

// This protected route must be accessed either by passing both username + password,
// or by passing an access token
app.post(
  '/protected/route',
  oneOf([
    [check('username').exists(), check('password').exists()],
    check('access_token').exists()
  ]),
  someRouteHandler,
);
Odd Oystercatcher