oneOf(validationChains[, message])
// This protected route must be accessed either by passing both username + password,
// or by passing an access token
app.post(
'/protected/route',
oneOf([
[check('username').exists(), check('password').exists()],
check('access_token').exists()
]),
someRouteHandler,
);