yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-09-19 13:31:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix id field in validate and sanitize

Browse Source
This commit is contained in:
Ben Irvin 2023-08-17 10:35:41 +02:00
parent 85e32e9649
commit 5988f1af8a
3 changed files with 26 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
packages/core/utils/src/sanitize/sanitizers.ts
View File

@ -41,7 +41,13 @@ const defaultSanitizeFilters = curry((schema: Model, filters: unknown) => {
({ key, attribute }, { remove }) => { ({ key, attribute }, { remove }) => {
const isAttribute = !!attribute; const isAttribute = !!attribute;
if (!isAttribute && !isOperator(key) && key !== 'id') { // ID is not an attribute per se, so we need to make
// an extra check to ensure we're not checking it
if (key === 'id') {
return;
}
if (!isAttribute && !isOperator(key)) {
remove(key); remove(key);
} }
}, },
@ -73,7 +79,7 @@ const defaultSanitizeSort = curry((schema: Model, sort: unknown) => {
traverseQuerySort( traverseQuerySort(
({ key, attribute }, { remove }) => { ({ key, attribute }, { remove }) => {
// ID is not an attribute per se, so we need to make // ID is not an attribute per se, so we need to make
// an extra check to ensure we're not removing it // an extra check to ensure we're not checking it
if (key === 'id') { if (key === 'id') {
return; return;
} }
@ -109,6 +115,11 @@ const defaultSanitizeFields = curry((schema: Model, fields: unknown) => {
// Only keep scalar attributes // Only keep scalar attributes
traverseQueryFields( traverseQueryFields(
({ key, attribute }, { remove }) => { ({ key, attribute }, { remove }) => {
// ID is not an attribute per se, so we need to make
// an extra check to ensure we're not checking it
if (key === 'id') {
return;
}
if (isNil(attribute) || !isScalarAttribute(attribute)) { if (isNil(attribute) || !isScalarAttribute(attribute)) {
remove(key); remove(key);
} }

19
packages/core/utils/src/validate/index.ts
View File

@ -12,7 +12,7 @@ import traversals from '../traverse/traversals';
import { Model } from '../types'; import { Model } from '../types';
const { traverseQueryFilters, traverseQuerySort, traverseQueryPopulate } = traversals; const { traverseQueryFilters, traverseQuerySort } = traversals;
export interface Options { export interface Options {
auth?: unknown; auth?: unknown;
@ -80,7 +80,7 @@ const createContentAPIValidators = () => {
return; return;
} }
const transforms = [validators.defaultSanitizeFilters(schema)]; const transforms = [validators.defaultValidateFilters(schema)];
if (auth) { if (auth) {
transforms.push(traverseQueryFilters(visitors.throwRestrictedRelations(auth), { schema })); transforms.push(traverseQueryFilters(visitors.throwRestrictedRelations(auth), { schema }));
@ -90,7 +90,7 @@ const createContentAPIValidators = () => {
}; };
const validateSort: ValidateFunc = async (sort, schema: Model, { auth } = {}) => { const validateSort: ValidateFunc = async (sort, schema: Model, { auth } = {}) => {
const transforms = [validators.defaultSanitizeSort(schema)]; const transforms = [validators.defaultValidateSort(schema)];
if (auth) { if (auth) {
transforms.push(traverseQuerySort(visitors.throwRestrictedRelations(auth), { schema })); transforms.push(traverseQuerySort(visitors.throwRestrictedRelations(auth), { schema }));
@ -100,28 +100,17 @@ const createContentAPIValidators = () => {
}; };
const validateFields: ValidateFunc = (fields, schema: Model) => { const validateFields: ValidateFunc = (fields, schema: Model) => {
const transforms = [validators.defaultSanitizeFields(schema)]; const transforms = [validators.defaultValidateFields(schema)];
return pipeAsync(...transforms)(fields); return pipeAsync(...transforms)(fields);
}; };
const validatePopulate: ValidateFunc = async (populate, schema: Model, { auth } = {}) => {
const transforms = [validators.defaultSanitizePopulate(schema)];
if (auth) {
transforms.push(traverseQueryPopulate(visitors.throwRestrictedRelations(auth), { schema }));
}
return pipeAsync(...transforms)(populate);
};
return { return {
input: validateInput, input: validateInput,
query: validateQuery, query: validateQuery,
filters: validateFilters, filters: validateFilters,
sort: validateSort, sort: validateSort,
fields: validateFields, fields: validateFields,
populate: validatePopulate,
}; };
}; };

63
packages/core/utils/src/validate/validators.ts
View File

@ -12,25 +12,13 @@ import { isOperator } from '../operators';
import type { Model } from '../types'; import type { Model } from '../types';
import { ValidationError } from '../errors'; import { ValidationError } from '../errors';
const { traverseQueryFilters, traverseQuerySort, traverseQueryPopulate, traverseQueryFields } = const { traverseQueryFilters, traverseQuerySort, traverseQueryFields } = traversals;
traversals;
const throwPasswords = (schema: Model) => async (entity: Data) => { const throwPasswords = (schema: Model) => async (entity: Data) => {
return traverseEntity(throwPassword, { schema }, entity); return traverseEntity(throwPassword, { schema }, entity);
}; };
const defaultSanitizeOutput = async (schema: Model, entity: Data) => { const defaultValidateFilters = curry((schema: Model, filters: unknown) => {
return traverseEntity(
(...args) => {
throwPassword(...args);
throwPrivate(...args);
},
{ schema },
entity
);
};
const defaultSanitizeFilters = curry((schema: Model, filters: unknown) => {
return pipeAsync( return pipeAsync(
// Remove keys that are not attributes or valid operators // Remove keys that are not attributes or valid operators
traverseQueryFilters( traverseQueryFilters(
@ -63,7 +51,7 @@ const defaultSanitizeFilters = curry((schema: Model, filters: unknown) => {
)(filters); )(filters);
}); });
const defaultSanitizeSort = curry((schema: Model, sort: unknown) => { const defaultValidateSort = curry((schema: Model, sort: unknown) => {
return pipeAsync( return pipeAsync(
// Remove non attribute keys // Remove non attribute keys
traverseQuerySort( traverseQuerySort(
@ -100,11 +88,14 @@ const defaultSanitizeSort = curry((schema: Model, sort: unknown) => {
)(sort); )(sort);
}); });
const defaultSanitizeFields = curry((schema: Model, fields: unknown) => { const defaultValidateFields = curry((schema: Model, fields: unknown) => {
return pipeAsync( return pipeAsync(
// Only keep scalar attributes // Only keep scalar attributes
traverseQueryFields( traverseQueryFields(
({ key, attribute }) => { ({ key, attribute }) => {
if (key === 'id') {
return;
}
if (isNil(attribute) || !isScalarAttribute(attribute)) { if (isNil(attribute) || !isScalarAttribute(attribute)) {
throw new ValidationError(`invalid key ${key}`); throw new ValidationError(`invalid key ${key}`);
} }
@ -114,44 +105,8 @@ const defaultSanitizeFields = curry((schema: Model, fields: unknown) => {
// Remove private fields // Remove private fields
traverseQueryFields(throwPrivate, { schema }), traverseQueryFields(throwPrivate, { schema }),
// Remove password fields // Remove password fields
traverseQueryFields(throwPassword, { schema }), traverseQueryFields(throwPassword, { schema })
// Remove nil values from fields array
(value) => (isArray(value) ? value.filter((field) => !isNil(field)) : value)
)(fields); )(fields);
}); });
const defaultSanitizePopulate = curry((schema: Model, populate: unknown) => { export { throwPasswords, defaultValidateFilters, defaultValidateSort, defaultValidateFields };
return pipeAsync(
traverseQueryPopulate(
async ({ key, value, schema, attribute }, { set }) => {
if (attribute) {
return;
}
if (key === 'sort') {
set(key, await defaultSanitizeSort(schema, value));
}
if (key === 'filters') {
set(key, await defaultSanitizeFilters(schema, value));
}
if (key === 'fields') {
set(key, await defaultSanitizeFields(schema, value));
}
},
{ schema }
),
// Remove private fields
traverseQueryPopulate(throwPrivate, { schema })
)(populate);
});
export {
throwPasswords,
defaultSanitizeOutput,
defaultSanitizeFilters,
defaultSanitizeSort,
defaultSanitizeFields,
defaultSanitizePopulate,
};