@emeryld/rrroutes-server 2.5.0 → 2.5.2

package/dist/index.cjs

@@ -69,7 +69,8 @@ var normalizeOptions = (options) => {
     stripPrototypePollutionKeys: options.stripPrototypePollutionKeys ?? true,
     blockedKeys: new Set(options.blockedKeys ?? defaultBlockedKeys),
     maxDepth: options.maxDepth ?? defaultMaxDepth,
-    customSanitizer: options.customSanitizer
+    customSanitizer: options.customSanitizer,
+    profiler: options.profiler ?? false
   };
 };
 var applyCustomSanitizer = (value, options, context) => {
@@ -138,42 +139,92 @@ var sanitizeValue = (value, options, depth, seen, req, target, path) => {
   seen.delete(value);
   return applyCustomSanitizer(objectTarget, options, context);
 };
+var findPropertyDescriptor = (source, key) => {
+  let cursor = source;
+  while (cursor) {
+    const descriptor = Object.getOwnPropertyDescriptor(cursor, key);
+    if (descriptor) return descriptor;
+    cursor = Object.getPrototypeOf(cursor);
+  }
+  return void 0;
+};
+var setRequestQuery = (req, value) => {
+  const queryDescriptor = findPropertyDescriptor(req, "query");
+  if (!queryDescriptor || queryDescriptor.writable || queryDescriptor.set) {
+    ;
+    req.query = value;
+    return;
+  }
+  Object.defineProperty(req, "query", {
+    configurable: true,
+    enumerable: true,
+    writable: true,
+    value
+  });
+};
+var profileTargetSanitization = (options, req, target, sanitize) => {
+  if (!options.profiler) {
+    sanitize();
+    return;
+  }
+  const startedAt = process.hrtime.bigint();
+  try {
+    sanitize();
+  } finally {
+    const durationMs = Number(process.hrtime.bigint() - startedAt) / 1e6;
+    const method = req.method ?? "UNKNOWN";
+    const url = req.originalUrl ?? req.url ?? "";
+    console.info(
+      `[RequestSanitizationProfiler] ${method} ${url} target=${target} durationMs=${durationMs.toFixed(3)}`
+    );
+  }
+};
 var createRequestSanitizationMiddleware = (options = {}) => {
   const normalized = normalizeOptions(options);
   return (req, _res, next) => {
     try {
       if (normalized.targets.has("params") && req.params) {
-        req.params = sanitizeValue(
-          req.params,
-          normalized,
-          0,
-          /* @__PURE__ */ new WeakSet(),
-          req,
-          "params",
-          []
-        );
+        profileTargetSanitization(normalized, req, "params", () => {
+          req.params = sanitizeValue(
+            req.params,
+            normalized,
+            0,
+            /* @__PURE__ */ new WeakSet(),
+            req,
+            "params",
+            []
+          );
+        });
       }
-      if (normalized.targets.has("query") && req.query) {
-        req.query = sanitizeValue(
-          req.query,
-          normalized,
-          0,
-          /* @__PURE__ */ new WeakSet(),
-          req,
-          "query",
-          []
-        );
+      if (normalized.targets.has("query")) {
+        const query = req.query;
+        if (query) {
+          profileTargetSanitization(normalized, req, "query", () => {
+            const sanitizedQuery = sanitizeValue(
+              query,
+              normalized,
+              0,
+              /* @__PURE__ */ new WeakSet(),
+              req,
+              "query",
+              []
+            );
+            setRequestQuery(req, sanitizedQuery);
+          });
+        }
       }
       if (normalized.targets.has("body") && req.body !== void 0) {
-        req.body = sanitizeValue(
-          req.body,
-          normalized,
-          0,
-          /* @__PURE__ */ new WeakSet(),
-          req,
-          "body",
-          []
-        );
+        profileTargetSanitization(normalized, req, "body", () => {
+          req.body = sanitizeValue(
+            req.body,
+            normalized,
+            0,
+            /* @__PURE__ */ new WeakSet(),
+            req,
+            "body",
+            []
+          );
+        });
       }
       next();
     } catch (err) {