@emeryld/rrroutes-server 2.5.1 → 2.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +50 -26
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +50 -26
- package/dist/index.js.map +1 -1
- package/dist/routesV3.server.sanitize.d.ts +5 -0
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -69,7 +69,8 @@ var normalizeOptions = (options) => {
|
|
|
69
69
|
stripPrototypePollutionKeys: options.stripPrototypePollutionKeys ?? true,
|
|
70
70
|
blockedKeys: new Set(options.blockedKeys ?? defaultBlockedKeys),
|
|
71
71
|
maxDepth: options.maxDepth ?? defaultMaxDepth,
|
|
72
|
-
customSanitizer: options.customSanitizer
|
|
72
|
+
customSanitizer: options.customSanitizer,
|
|
73
|
+
profiler: options.profiler ?? false
|
|
73
74
|
};
|
|
74
75
|
};
|
|
75
76
|
var applyCustomSanitizer = (value, options, context) => {
|
|
@@ -161,46 +162,69 @@ var setRequestQuery = (req, value) => {
|
|
|
161
162
|
value
|
|
162
163
|
});
|
|
163
164
|
};
|
|
165
|
+
var profileTargetSanitization = (options, req, target, sanitize) => {
|
|
166
|
+
if (!options.profiler) {
|
|
167
|
+
sanitize();
|
|
168
|
+
return;
|
|
169
|
+
}
|
|
170
|
+
const startedAt = process.hrtime.bigint();
|
|
171
|
+
try {
|
|
172
|
+
sanitize();
|
|
173
|
+
} finally {
|
|
174
|
+
const durationMs = Number(process.hrtime.bigint() - startedAt) / 1e6;
|
|
175
|
+
const method = req.method ?? "UNKNOWN";
|
|
176
|
+
const url = req.originalUrl ?? req.url ?? "";
|
|
177
|
+
console.info(
|
|
178
|
+
`[RequestSanitizationProfiler] ${method} ${url} target=${target} durationMs=${durationMs.toFixed(3)}`
|
|
179
|
+
);
|
|
180
|
+
}
|
|
181
|
+
};
|
|
164
182
|
var createRequestSanitizationMiddleware = (options = {}) => {
|
|
165
183
|
const normalized = normalizeOptions(options);
|
|
166
184
|
return (req, _res, next) => {
|
|
167
185
|
try {
|
|
168
186
|
if (normalized.targets.has("params") && req.params) {
|
|
169
|
-
req
|
|
170
|
-
req.params
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
187
|
+
profileTargetSanitization(normalized, req, "params", () => {
|
|
188
|
+
req.params = sanitizeValue(
|
|
189
|
+
req.params,
|
|
190
|
+
normalized,
|
|
191
|
+
0,
|
|
192
|
+
/* @__PURE__ */ new WeakSet(),
|
|
193
|
+
req,
|
|
194
|
+
"params",
|
|
195
|
+
[]
|
|
196
|
+
);
|
|
197
|
+
});
|
|
178
198
|
}
|
|
179
199
|
if (normalized.targets.has("query")) {
|
|
180
200
|
const query = req.query;
|
|
181
201
|
if (query) {
|
|
182
|
-
|
|
183
|
-
|
|
202
|
+
profileTargetSanitization(normalized, req, "query", () => {
|
|
203
|
+
const sanitizedQuery = sanitizeValue(
|
|
204
|
+
query,
|
|
205
|
+
normalized,
|
|
206
|
+
0,
|
|
207
|
+
/* @__PURE__ */ new WeakSet(),
|
|
208
|
+
req,
|
|
209
|
+
"query",
|
|
210
|
+
[]
|
|
211
|
+
);
|
|
212
|
+
setRequestQuery(req, sanitizedQuery);
|
|
213
|
+
});
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
if (normalized.targets.has("body") && req.body !== void 0) {
|
|
217
|
+
profileTargetSanitization(normalized, req, "body", () => {
|
|
218
|
+
req.body = sanitizeValue(
|
|
219
|
+
req.body,
|
|
184
220
|
normalized,
|
|
185
221
|
0,
|
|
186
222
|
/* @__PURE__ */ new WeakSet(),
|
|
187
223
|
req,
|
|
188
|
-
"
|
|
224
|
+
"body",
|
|
189
225
|
[]
|
|
190
226
|
);
|
|
191
|
-
|
|
192
|
-
}
|
|
193
|
-
}
|
|
194
|
-
if (normalized.targets.has("body") && req.body !== void 0) {
|
|
195
|
-
req.body = sanitizeValue(
|
|
196
|
-
req.body,
|
|
197
|
-
normalized,
|
|
198
|
-
0,
|
|
199
|
-
/* @__PURE__ */ new WeakSet(),
|
|
200
|
-
req,
|
|
201
|
-
"body",
|
|
202
|
-
[]
|
|
203
|
-
);
|
|
227
|
+
});
|
|
204
228
|
}
|
|
205
229
|
next();
|
|
206
230
|
} catch (err) {
|