mirror of
https://github.com/strapi/strapi.git
synced 2025-07-18 14:32:56 +00:00
a22f2cefef
- set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds
37 lines
1.0 KiB
JavaScript
37 lines
1.0 KiB
JavaScript
'use strict';
|
|
|
|
module.exports = function sanitizeEntity(data, { model, withPrivate = false }) {
|
|
if (typeof data !== 'object' || data == null) return data;
|
|
|
|
const attributes = model.attributes;
|
|
return Object.keys(data).reduce((acc, key) => {
|
|
const attribute = attributes[key];
|
|
if (attribute && attribute.private === true && withPrivate !== true) {
|
|
return acc;
|
|
}
|
|
|
|
if (
|
|
attribute &&
|
|
(attribute.model || attribute.collection || attribute.type === 'group')
|
|
) {
|
|
const targetName =
|
|
attribute.model || attribute.collection || attribute.group;
|
|
|
|
const targetModel = strapi.getModel(targetName, attribute.plugin);
|
|
|
|
if (targetModel && data[key] !== null) {
|
|
acc[key] = Array.isArray(data[key])
|
|
? data[key].map(entity =>
|
|
sanitizeEntity(entity, { model: targetModel, withPrivate })
|
|
)
|
|
: sanitizeEntity(data[key], { model: targetModel, withPrivate });
|
|
|
|
return acc;
|
|
}
|
|
}
|
|
|
|
acc[key] = data[key];
|
|
return acc;
|
|
}, {});
|
|
};
|