strapi/packages/strapi-utils/lib/sanitize-entity.js

'use strict';

module.exports = function sanitizeEntity(data, { model, withPrivate = false }) {
  if (typeof data !== 'object' || data == null) return data;

  let plainData = typeof data.toJSON === 'function' ? data.toJSON() : data;

  if (typeof plainData !== 'object') return plainData;

  const attributes = model.attributes;
  return Object.keys(plainData).reduce((acc, key) => {
    const attribute = attributes[key];
    if (attribute && attribute.private === true && withPrivate !== true) {
      return acc;
    }

    if (
      attribute &&
      (attribute.model ||
        attribute.collection ||
        attribute.type === 'component')
    ) {
      const targetName =
        attribute.model || attribute.collection || attribute.component;

      const targetModel = strapi.getModel(targetName, attribute.plugin);

      if (targetModel && plainData[key] !== null) {
        acc[key] = Array.isArray(plainData[key])
          ? plainData[key].map(entity =>
              sanitizeEntity(entity, { model: targetModel, withPrivate })
            )
          : sanitizeEntity(plainData[key], { model: targetModel, withPrivate });

        return acc;
      }
    }

    acc[key] = plainData[key];
    return acc;
  }, {});
};
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`'use strict';`

			`module.exports = function sanitizeEntity(data, { model, withPrivate = false }) {`
			`if (typeof data !== 'object' \|\| data == null) return data;`

Support toJSON in sanitizeEntity 2019-09-20 09:56:00 +02:00			`let plainData = typeof data.toJSON === 'function' ? data.toJSON() : data;`

Fix sanitize bug with mongo objectid and use lower-case for getModel 2019-10-04 11:38:54 +02:00			`if (typeof plainData !== 'object') return plainData;`

Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`const attributes = model.attributes;`
Support toJSON in sanitizeEntity 2019-09-20 09:56:00 +02:00			`return Object.keys(plainData).reduce((acc, key) => {`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`const attribute = attributes[key];`
			`if (attribute && attribute.private === true && withPrivate !== true) {`
			`return acc;`
			`}`

			`if (`
			`attribute &&`
Rename groups to components 2019-10-22 18:01:03 +02:00			`(attribute.model \|\|`
			`attribute.collection \|\|`
			`attribute.type === 'component')`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`) {`
			`const targetName =`
Rename groups to components 2019-10-22 18:01:03 +02:00			`attribute.model \|\| attribute.collection \|\| attribute.component;`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00
			`const targetModel = strapi.getModel(targetName, attribute.plugin);`

Support toJSON in sanitizeEntity 2019-09-20 09:56:00 +02:00			`if (targetModel && plainData[key] !== null) {`
			`acc[key] = Array.isArray(plainData[key])`
			`? plainData[key].map(entity =>`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`sanitizeEntity(entity, { model: targetModel, withPrivate })`
			`)`
Support toJSON in sanitizeEntity 2019-09-20 09:56:00 +02:00			`: sanitizeEntity(plainData[key], { model: targetModel, withPrivate });`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00
			`return acc;`
			`}`
			`}`

Support toJSON in sanitizeEntity 2019-09-20 09:56:00 +02:00			`acc[key] = plainData[key];`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`return acc;`
			`}, {});`
			`};`