@emeryld/rrroutes-server 2.5.1 → 2.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +50 -26
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +50 -26
- package/dist/index.js.map +1 -1
- package/dist/routesV3.server.sanitize.d.ts +5 -0
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -27,7 +27,8 @@ var normalizeOptions = (options) => {
|
|
|
27
27
|
stripPrototypePollutionKeys: options.stripPrototypePollutionKeys ?? true,
|
|
28
28
|
blockedKeys: new Set(options.blockedKeys ?? defaultBlockedKeys),
|
|
29
29
|
maxDepth: options.maxDepth ?? defaultMaxDepth,
|
|
30
|
-
customSanitizer: options.customSanitizer
|
|
30
|
+
customSanitizer: options.customSanitizer,
|
|
31
|
+
profiler: options.profiler ?? false
|
|
31
32
|
};
|
|
32
33
|
};
|
|
33
34
|
var applyCustomSanitizer = (value, options, context) => {
|
|
@@ -119,46 +120,69 @@ var setRequestQuery = (req, value) => {
|
|
|
119
120
|
value
|
|
120
121
|
});
|
|
121
122
|
};
|
|
123
|
+
var profileTargetSanitization = (options, req, target, sanitize) => {
|
|
124
|
+
if (!options.profiler) {
|
|
125
|
+
sanitize();
|
|
126
|
+
return;
|
|
127
|
+
}
|
|
128
|
+
const startedAt = process.hrtime.bigint();
|
|
129
|
+
try {
|
|
130
|
+
sanitize();
|
|
131
|
+
} finally {
|
|
132
|
+
const durationMs = Number(process.hrtime.bigint() - startedAt) / 1e6;
|
|
133
|
+
const method = req.method ?? "UNKNOWN";
|
|
134
|
+
const url = req.originalUrl ?? req.url ?? "";
|
|
135
|
+
console.info(
|
|
136
|
+
`[RequestSanitizationProfiler] ${method} ${url} target=${target} durationMs=${durationMs.toFixed(3)}`
|
|
137
|
+
);
|
|
138
|
+
}
|
|
139
|
+
};
|
|
122
140
|
var createRequestSanitizationMiddleware = (options = {}) => {
|
|
123
141
|
const normalized = normalizeOptions(options);
|
|
124
142
|
return (req, _res, next) => {
|
|
125
143
|
try {
|
|
126
144
|
if (normalized.targets.has("params") && req.params) {
|
|
127
|
-
req
|
|
128
|
-
req.params
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
145
|
+
profileTargetSanitization(normalized, req, "params", () => {
|
|
146
|
+
req.params = sanitizeValue(
|
|
147
|
+
req.params,
|
|
148
|
+
normalized,
|
|
149
|
+
0,
|
|
150
|
+
/* @__PURE__ */ new WeakSet(),
|
|
151
|
+
req,
|
|
152
|
+
"params",
|
|
153
|
+
[]
|
|
154
|
+
);
|
|
155
|
+
});
|
|
136
156
|
}
|
|
137
157
|
if (normalized.targets.has("query")) {
|
|
138
158
|
const query = req.query;
|
|
139
159
|
if (query) {
|
|
140
|
-
|
|
141
|
-
|
|
160
|
+
profileTargetSanitization(normalized, req, "query", () => {
|
|
161
|
+
const sanitizedQuery = sanitizeValue(
|
|
162
|
+
query,
|
|
163
|
+
normalized,
|
|
164
|
+
0,
|
|
165
|
+
/* @__PURE__ */ new WeakSet(),
|
|
166
|
+
req,
|
|
167
|
+
"query",
|
|
168
|
+
[]
|
|
169
|
+
);
|
|
170
|
+
setRequestQuery(req, sanitizedQuery);
|
|
171
|
+
});
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
if (normalized.targets.has("body") && req.body !== void 0) {
|
|
175
|
+
profileTargetSanitization(normalized, req, "body", () => {
|
|
176
|
+
req.body = sanitizeValue(
|
|
177
|
+
req.body,
|
|
142
178
|
normalized,
|
|
143
179
|
0,
|
|
144
180
|
/* @__PURE__ */ new WeakSet(),
|
|
145
181
|
req,
|
|
146
|
-
"
|
|
182
|
+
"body",
|
|
147
183
|
[]
|
|
148
184
|
);
|
|
149
|
-
|
|
150
|
-
}
|
|
151
|
-
}
|
|
152
|
-
if (normalized.targets.has("body") && req.body !== void 0) {
|
|
153
|
-
req.body = sanitizeValue(
|
|
154
|
-
req.body,
|
|
155
|
-
normalized,
|
|
156
|
-
0,
|
|
157
|
-
/* @__PURE__ */ new WeakSet(),
|
|
158
|
-
req,
|
|
159
|
-
"body",
|
|
160
|
-
[]
|
|
161
|
-
);
|
|
185
|
+
});
|
|
162
186
|
}
|
|
163
187
|
next();
|
|
164
188
|
} catch (err) {
|