params_sanitizer 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +18 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +22 -0
- data/README.md +105 -0
- data/Rakefile +1 -0
- data/lib/params_sanitizer.rb +2 -0
- data/lib/params_sanitizer/base.rb +97 -0
- data/lib/params_sanitizer/sanitizers/accept_range.rb +60 -0
- data/lib/params_sanitizer/sanitizers/accept_regex.rb +56 -0
- data/lib/params_sanitizer/sanitizers/accept_value.rb +57 -0
- data/lib/params_sanitizer/sanitizers/exist_value.rb +36 -0
- data/lib/params_sanitizer/sanitizers/reject_range.rb +60 -0
- data/lib/params_sanitizer/sanitizers/reject_regex.rb +56 -0
- data/lib/params_sanitizer/sanitizers/reject_value.rb +57 -0
- data/lib/params_sanitizer/version.rb +3 -0
- data/params_sanitizer.gemspec +27 -0
- data/spec/params_sanitizer/base_spec.rb +81 -0
- data/spec/params_sanitizer/sanitizers/accept_range_spec.rb +116 -0
- data/spec/params_sanitizer/sanitizers/accept_regex_spec.rb +72 -0
- data/spec/params_sanitizer/sanitizers/accept_value_spec.rb +63 -0
- data/spec/params_sanitizer/sanitizers/exist_value_spec.rb +64 -0
- data/spec/params_sanitizer/sanitizers/reject_range_spec.rb +116 -0
- data/spec/params_sanitizer/sanitizers/reject_regex_spec.rb +72 -0
- data/spec/params_sanitizer/sanitizers/reject_value_spec.rb +63 -0
- data/spec/spec_helper.rb +8 -0
- metadata +149 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: b5523481cd701304b03081c47b320316489e57f0
|
4
|
+
data.tar.gz: 7c3268be3df43696c0feb443cdbd6910e4ea9bdb
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: e2168ada5f27ce931224fa9a110fcf434fa997b43d209a1f942934bdafd9a2cb6e5fc19efa0aaf5201d3df8fe73ec2e31e8aecf8261975e44ad07cdda1bd90d3
|
7
|
+
data.tar.gz: f242e2ad1879adabda9094c3f75ca9c6e94f5cfa0ac039d5023501d3b479301f0252d0569251e342a40ab26069140ca252c315debc5f98120c975a9dd7d038ca
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2013 Atsushi Nakamura
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,105 @@
|
|
1
|
+
# ParamsSanitizer
|
2
|
+
|
3
|
+
params_sanitizer sanitize parameter.It is really easy and useful.
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
Add this line to your application's Gemfile:
|
8
|
+
|
9
|
+
gem 'params_sanitizer'
|
10
|
+
|
11
|
+
And then execute:
|
12
|
+
|
13
|
+
$ bundle
|
14
|
+
|
15
|
+
Or install it yourself as:
|
16
|
+
|
17
|
+
$ gem install params_sanitizer
|
18
|
+
|
19
|
+
## Usage
|
20
|
+
For example. sanitize params for a search query.
|
21
|
+
### Define sanitizer.
|
22
|
+
|
23
|
+
``` ruby
|
24
|
+
class SearchParamsSanitizer < ParamsSanitizer::Base
|
25
|
+
def self.permit_filter
|
26
|
+
[:word, :order]
|
27
|
+
end
|
28
|
+
|
29
|
+
exist_value :word, '' # set default value '', when param[:word] does not exist.
|
30
|
+
accept_value :order, 1 , ['0','1'] # set default value 1, when param[:order] is not 0 or 1.
|
31
|
+
end
|
32
|
+
```
|
33
|
+
|
34
|
+
other sanitizer look this.
|
35
|
+
[ParamsSanitizer::Sanitizers](http://rubydoc.info/github/alfa-jpn/params_sanitizer/ParamsSanitizer/Sanitizers)
|
36
|
+
|
37
|
+
|
38
|
+
and in controller
|
39
|
+
|
40
|
+
``` ruby
|
41
|
+
def search_params
|
42
|
+
SearchParamsSanitizer.sanitize(params) # can get sanitized params.
|
43
|
+
end
|
44
|
+
```
|
45
|
+
|
46
|
+
result.
|
47
|
+
|
48
|
+
``` ruby
|
49
|
+
{
|
50
|
+
word: 'japanese anime',
|
51
|
+
unknown_params: 'hogehogehoge',
|
52
|
+
}
|
53
|
+
|
54
|
+
after sanitize
|
55
|
+
|
56
|
+
{
|
57
|
+
word: 'japanese anime',
|
58
|
+
order: 1
|
59
|
+
}
|
60
|
+
```
|
61
|
+
|
62
|
+
when params nest.
|
63
|
+
|
64
|
+
``` ruby
|
65
|
+
{
|
66
|
+
search: { word: 'japanese anime' }
|
67
|
+
}
|
68
|
+
```
|
69
|
+
|
70
|
+
``` ruby
|
71
|
+
def search_params
|
72
|
+
SearchParamsSanitizer.sanitize(params, :search) # can get sanitized params.
|
73
|
+
end
|
74
|
+
``
|
75
|
+
|
76
|
+
result.
|
77
|
+
|
78
|
+
``` ruby
|
79
|
+
{
|
80
|
+
word: 'japanese anime',
|
81
|
+
order: 1
|
82
|
+
}
|
83
|
+
```
|
84
|
+
|
85
|
+
## Sanitizers
|
86
|
+
|
87
|
+
- [accept_range](http://rubydoc.info/github/alfa-jpn/params_sanitizer/ParamsSanitizer/Sanitizers/AcceptRange/SanitizerMethods)
|
88
|
+
- [accept_regex](http://rubydoc.info/github/alfa-jpn/params_sanitizer/ParamsSanitizer/Sanitizers/AcceptRegex/SanitizerMethods)
|
89
|
+
- [accept_value](http://rubydoc.info/github/alfa-jpn/params_sanitizer/ParamsSanitizer/Sanitizers/AcceptValue/SanitizerMethods)
|
90
|
+
- [reject_range](http://rubydoc.info/github/alfa-jpn/params_sanitizer/ParamsSanitizer/Sanitizers/RejectRange/SanitizerMethods)
|
91
|
+
- [reject_regex](http://rubydoc.info/github/alfa-jpn/params_sanitizer/ParamsSanitizer/Sanitizers/RejectRegex/SanitizerMethods)
|
92
|
+
- [reject_value](http://rubydoc.info/github/alfa-jpn/params_sanitizer/ParamsSanitizer/Sanitizers/RejectValue/SanitizerMethods)
|
93
|
+
- [exist_value](http://rubydoc.info/github/alfa-jpn/params_sanitizer/ParamsSanitizer/Sanitizers/ExistValue/SanitizerMethods)
|
94
|
+
|
95
|
+
## API DOCUMENT
|
96
|
+
|
97
|
+
- [ParamsSanitizer](http://rubydoc.info/github/alfa-jpn/params_sanitizer/frames)
|
98
|
+
|
99
|
+
## Contributing
|
100
|
+
|
101
|
+
1. Fork it
|
102
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
103
|
+
3. Commit your changes (`git commit -am 'Add some feature'`)
|
104
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
105
|
+
5. Create new Pull Request
|
data/Rakefile
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require "bundler/gem_tasks"
|
@@ -0,0 +1,97 @@
|
|
1
|
+
module ParamsSanitizer
|
2
|
+
require 'params_sanitizer/sanitizers/accept_value'
|
3
|
+
require 'params_sanitizer/sanitizers/reject_value'
|
4
|
+
require 'params_sanitizer/sanitizers/accept_range'
|
5
|
+
require 'params_sanitizer/sanitizers/reject_range'
|
6
|
+
require 'params_sanitizer/sanitizers/accept_regex'
|
7
|
+
require 'params_sanitizer/sanitizers/reject_regex'
|
8
|
+
require 'params_sanitizer/sanitizers/exist_value'
|
9
|
+
|
10
|
+
class Base
|
11
|
+
include ParamsSanitizer::Sanitizers::AcceptValue
|
12
|
+
include ParamsSanitizer::Sanitizers::RejectValue
|
13
|
+
include ParamsSanitizer::Sanitizers::AcceptRange
|
14
|
+
include ParamsSanitizer::Sanitizers::RejectRange
|
15
|
+
include ParamsSanitizer::Sanitizers::AcceptRegex
|
16
|
+
include ParamsSanitizer::Sanitizers::RejectRegex
|
17
|
+
include ParamsSanitizer::Sanitizers::ExistValue
|
18
|
+
|
19
|
+
# Check a duplicated definition rule of parameter.
|
20
|
+
#
|
21
|
+
# @api for sanitizers exclusive use.
|
22
|
+
# @param key [String] key of parameter.
|
23
|
+
# @raise [ArgumentError] if duplicate the rule.
|
24
|
+
def self.check_duplicated_definition!(key)
|
25
|
+
string_key = key.to_s
|
26
|
+
definitions.each_value do |rules|
|
27
|
+
rules.each_key do |definition_key|
|
28
|
+
if definition_key == string_key
|
29
|
+
raise ArgumentError, 'already define the ruel for #{key}!!'
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
# callback after inherited.
|
36
|
+
#
|
37
|
+
# @api
|
38
|
+
def self.inherited(child)
|
39
|
+
child.instance_variable_set(:@definitions, Hash.new)
|
40
|
+
end
|
41
|
+
|
42
|
+
# Get a list of permit keys.
|
43
|
+
# @note Keys passed strong parameter.(ActionController::Parameters.permit method.)
|
44
|
+
#
|
45
|
+
# @example
|
46
|
+
# def self.permit_filter
|
47
|
+
# [:user_name, :user_email, :user_age]
|
48
|
+
# end
|
49
|
+
#
|
50
|
+
# @return [Array or Hash] a list of keys.
|
51
|
+
# @abstract Define after inheritance.
|
52
|
+
# @raise [ArgumentError] if not abstract.
|
53
|
+
def self.permit_filter
|
54
|
+
raise NoMethodError, 'Not define `self.permit_filter`. '
|
55
|
+
end
|
56
|
+
|
57
|
+
# Sanitize parameters.
|
58
|
+
#
|
59
|
+
# @example
|
60
|
+
# # if sent next params.
|
61
|
+
# # {
|
62
|
+
# # user: { name: 'hoge', email: 'fuga' }
|
63
|
+
# # }
|
64
|
+
# SanitizerClass.sanitize(params, :user)
|
65
|
+
#
|
66
|
+
# # if sent next params.
|
67
|
+
# # { name: 'hoge', email: 'fuga' }
|
68
|
+
# SanitizerClass.sanitize(params)
|
69
|
+
#
|
70
|
+
# @param params [ActiveController::Parameters] parameter of Action.
|
71
|
+
# @param key [String] key of parameter. (if params `{user:{name:'hoge', email:'fuga'}}` then :user)
|
72
|
+
# @raise [ActionController::ParameterMissing] if nothing key.
|
73
|
+
def self.sanitize(params, key = nil)
|
74
|
+
new.sanitize_params (key ? params.require(key) : params).permit(permit_filter)
|
75
|
+
end
|
76
|
+
|
77
|
+
# Sanitize params bu definition rules.
|
78
|
+
#
|
79
|
+
# @api mustn't call from out this class.
|
80
|
+
# @param parmas[ActionController::Parameter] parameter,
|
81
|
+
# @return [Hash] sanitizer hash of params.(Hash keys are symbol)
|
82
|
+
def sanitize_params(params)
|
83
|
+
sanitized = params.to_hash
|
84
|
+
|
85
|
+
self.class.definitions.each do |key, rules|
|
86
|
+
send("sanitize_#{key}!", sanitized, rules)
|
87
|
+
end
|
88
|
+
|
89
|
+
sanitized.symbolize_keys
|
90
|
+
end
|
91
|
+
|
92
|
+
# define class method accessor.
|
93
|
+
class << self
|
94
|
+
attr_reader :definitions
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
module ParamsSanitizer::Sanitizers
|
2
|
+
module AcceptRange
|
3
|
+
|
4
|
+
private
|
5
|
+
|
6
|
+
# Sanitize a destructive params.
|
7
|
+
# @note destructive method for params.
|
8
|
+
#
|
9
|
+
# @param params [Hash] parameters. (will be destructed by this method.)
|
10
|
+
# @param rules [Hash] rules of accept_range.
|
11
|
+
def sanitize_accept_range!(params, rules)
|
12
|
+
rules.each do |key, rule|
|
13
|
+
if params.has_key?(key)
|
14
|
+
params[key] = check_accept_range(params[key].to_i, rule[:default_value], rule[:min], rule[:max])
|
15
|
+
else
|
16
|
+
params[key] = rule[:default_value]
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
# Check whether a value is admitted range.
|
22
|
+
# @note return a default value when value is not admitted range.
|
23
|
+
#
|
24
|
+
# @param value [Object] value
|
25
|
+
# @param default_value [Object] default_value
|
26
|
+
# @param min [Integer] range of min.(when do not set a limit, nil)
|
27
|
+
# @param max [Integer] range of max.(when do not set a limit, nil)
|
28
|
+
# @return [Object] value or default_value.
|
29
|
+
def check_accept_range(value, default_value, min, max)
|
30
|
+
if min and value < min
|
31
|
+
default_value
|
32
|
+
elsif max and value > max
|
33
|
+
default_value
|
34
|
+
else
|
35
|
+
value
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
module SanitizerMethods
|
40
|
+
# Define rule of accept range.
|
41
|
+
#
|
42
|
+
# @example
|
43
|
+
# accept_range :month, 1, 1, 12
|
44
|
+
#
|
45
|
+
# @param key [String] key of parameter.
|
46
|
+
# @param default_value [Object] default values when input not addmitted value.
|
47
|
+
# @param min [Integer] range of min.(when do not set a limit, nil)
|
48
|
+
# @param max [Integer] range of max.(when do not set a limit, nil)
|
49
|
+
def accept_range(key, default_value, min = nil, max = nil)
|
50
|
+
check_duplicated_definition!(key)
|
51
|
+
definitions[:accept_range] ||= Hash.new
|
52
|
+
definitions[:accept_range][key.to_s] = { default_value: default_value, min: min, max: max }
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
def self.included(mixin)
|
57
|
+
mixin.extend SanitizerMethods
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
module ParamsSanitizer::Sanitizers
|
2
|
+
module AcceptRegex
|
3
|
+
|
4
|
+
private
|
5
|
+
|
6
|
+
# Sanitize a destructive params.
|
7
|
+
# @note destructive method for params.
|
8
|
+
#
|
9
|
+
# @param params [Hash] parameters. (will be destructed by this method.)
|
10
|
+
# @param rules [Hash] rules of accept_regex.
|
11
|
+
def sanitize_accept_regex!(params, rules)
|
12
|
+
rules.each do |key, rule|
|
13
|
+
if params.has_key?(key)
|
14
|
+
params[key] = check_accept_regex(params[key], rule[:default_value], rule[:regex])
|
15
|
+
else
|
16
|
+
params[key] = rule[:default_value]
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
# Check whether a value is admitted regex.
|
22
|
+
# @note return a default value when value is not admitted regex.
|
23
|
+
#
|
24
|
+
# @param value [Object] value
|
25
|
+
# @param default_value [Object] default_value
|
26
|
+
# @param regex [Regexp] accept when regex match.
|
27
|
+
# @return [Object] value or default_value.
|
28
|
+
def check_accept_regex(value, default_value, regex)
|
29
|
+
if regex.match(value)
|
30
|
+
value
|
31
|
+
else
|
32
|
+
default_value
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
module SanitizerMethods
|
37
|
+
# Define rule of accept regex.
|
38
|
+
#
|
39
|
+
# @example
|
40
|
+
# accept_regex(:age, 0, /^\d+$/)
|
41
|
+
#
|
42
|
+
# @param key [String] key of parameter.
|
43
|
+
# @param default_value [Object] default values when input not addmitted value.
|
44
|
+
# @param regex [Regexp] accept when regex match.
|
45
|
+
def accept_regex(key, default_value, regex)
|
46
|
+
check_duplicated_definition!(key)
|
47
|
+
definitions[:accept_regex] ||= Hash.new
|
48
|
+
definitions[:accept_regex][key.to_s] = { default_value: default_value, regex: regex }
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def self.included(mixin)
|
53
|
+
mixin.extend SanitizerMethods
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
module ParamsSanitizer::Sanitizers
|
2
|
+
module AcceptValue
|
3
|
+
|
4
|
+
private
|
5
|
+
|
6
|
+
# Sanitize a destructive params.
|
7
|
+
# @note destructive method for params.
|
8
|
+
#
|
9
|
+
# @param params [Hash] parameters. (will be destructed by this method.)
|
10
|
+
# @param rules [Hash] rules of accept_value.
|
11
|
+
def sanitize_accept_value!(params, rules)
|
12
|
+
rules.each do |key, rule|
|
13
|
+
if params.has_key?(key)
|
14
|
+
params[key] = check_accept_value(params[key], rule[:default_value], rule[:accept_values])
|
15
|
+
else
|
16
|
+
params[key] = rule[:default_value]
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
# Check whether a value is admitted.
|
22
|
+
# @note return a default value when value is not admitted.
|
23
|
+
#
|
24
|
+
# @param value [Object] value
|
25
|
+
# @param default_value [Object] default_value
|
26
|
+
# @param accept_values [Array] admitted values.
|
27
|
+
# @return [Object] value or default_value.
|
28
|
+
def check_accept_value(value, default_value, accept_values)
|
29
|
+
if accept_values.include?(value)
|
30
|
+
value
|
31
|
+
else
|
32
|
+
default_value
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
module SanitizerMethods
|
37
|
+
# Define rule of accept value.
|
38
|
+
#
|
39
|
+
# @example
|
40
|
+
# accept_value(:order, 0, ['0','1'])
|
41
|
+
#
|
42
|
+
# @param key [String] key of parameter.
|
43
|
+
# @param default_value [Object] default values when input not addmitted value.
|
44
|
+
# @param accept_values [Array<Object>] accept values.
|
45
|
+
def accept_value(key, default_value, accept_values)
|
46
|
+
check_duplicated_definition!(key)
|
47
|
+
definitions[:accept_value] ||= Hash.new
|
48
|
+
definitions[:accept_value][key.to_s] = { default_value: default_value, accept_values: accept_values }
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
|
53
|
+
def self.included(mixin)
|
54
|
+
mixin.extend SanitizerMethods
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|