@liminalfunctions/framework 1.0.50 → 1.0.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/F_Compile.js +17 -0
  2. package/dist/F_Compile.js.map +1 -1
  3. package/dist/utils/malicious_keys.d.ts +1 -0
  4. package/dist/utils/malicious_keys.js +14 -0
  5. package/dist/utils/malicious_keys.js.map +1 -0
  6. package/dist/utils/mongoose_any_paths.d.ts +1 -0
  7. package/dist/utils/mongoose_any_paths.js +14 -0
  8. package/dist/utils/mongoose_any_paths.js.map +1 -0
  9. package/package.json +1 -1
  10. package/src/F_Compile.ts +17 -0
  11. package/src/utils/malicious_keys.ts +12 -0
  12. package/src/utils/mongoose_from_zod.ts +1 -1
  13. package/test/0_4_cache.test.ts +1 -1
  14. package/test/0_5_malicious_keys.test.ts +58 -0
  15. package/test/1_0_basic_server.test.ts +66 -5
  16. package/test/1_1_security_ownership.test.ts +10 -10
  17. package/test/1_2_role_membership.test.ts +10 -10
package/dist/F_Compile.js CHANGED
@@ -2,6 +2,7 @@ import * as z from "zod/v4";
2
2
  import { isValidObjectId } from "mongoose";
3
3
  import { F_Security_Model } from "./F_Security_Models/F_Security_Model.js";
4
4
  import { convert_null, query_object_to_mongodb_limits, query_object_to_mongodb_query } from "./utils/query_object_to_mongodb_query.js";
5
+ import { detect_malicious_keys } from "./utils/malicious_keys.js";
5
6
  export function compile(app, collection, api_prefix, collection_registry) {
6
7
  for (let access_layers of collection.access_layers) {
7
8
  for (let layer of access_layers.layers) {
@@ -181,6 +182,14 @@ export function compile(app, collection, api_prefix, collection_registry) {
181
182
  return;
182
183
  }
183
184
  }
185
+ try {
186
+ detect_malicious_keys(validated_request_body);
187
+ }
188
+ catch (err) {
189
+ res.status(403);
190
+ res.json({ error: `Found an unacceptable JSON key in the request body.` });
191
+ return;
192
+ }
184
193
  for (let layer of access_layers.layers) {
185
194
  if (validated_request_body[`${layer}_id`] && validated_request_body[`${layer}_id`] !== req.params[layer]) {
186
195
  res.status(403);
@@ -257,6 +266,14 @@ export function compile(app, collection, api_prefix, collection_registry) {
257
266
  return;
258
267
  }
259
268
  }
269
+ try {
270
+ detect_malicious_keys(validated_request_body);
271
+ }
272
+ catch (err) {
273
+ res.status(403);
274
+ res.json({ error: `Found an unacceptable JSON key in the request body.` });
275
+ return;
276
+ }
260
277
  for (let layer of access_layers.layers) {
261
278
  if (validated_request_body[`${layer}_id`] && validated_request_body[`${layer}_id`] !== req.params[layer]) {
262
279
  res.status(403);
package/dist/F_Compile.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"F_Compile.js","sourceRoot":"","sources":["../src/F_Compile.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAE5B,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAyB,MAAM,yCAAyC,CAAC;AAClG,OAAO,EAAE,YAAY,EAAE,8BAA8B,EAAE,6BAA6B,EAAE,MAAM,0CAA0C,CAAC;AASvI,MAAM,UAAU,OAAO,CACnB,GAAW,EACX,UAAkD,EAClD,UAAkB,EAClB,mBAA+C;IAO/C,KAAI,IAAI,aAAa,IAAI,UAAU,CAAC,aAAa,EAAC,CAAC;QAC/C,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;YAEnC,IAAG,KAAK,KAAK,UAAU,CAAC,aAAa,EAAC,CAAC;gBACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,UAAU,CAAC,aAAa,gEAAgE,UAAU,CAAC,aAAa,iCAAiC,CAAC,CAAA;YACpM,CAAC;YAGD,IAAG,CAAC,mBAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,EAAC,CAAC;gBACxC,MAAM,IAAI,KAAK,CAAC,8BAA8B,UAAU,CAAC,aAAa,iEAAiE,KAAK,8CAA8C,CAAC,CAAA;YAC/L,CAAC;YAED,IAAG,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,KAAK,KAAK,CAAC,EAAE,CAAC;gBACpE,MAAM,IAAI,KAAK,CAAC,8BAA8B,UAAU,CAAC,aAAa,uCAAuC,KAAK,sBAAsB,KAAK,iDAAiD,KAAK,KAAK,CAAC,CAAA;YAC7M,CAAC;YAED,IAAI,sBAAsB,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,KAAK,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,uBAAuB,KAAK,YAAY,CAAC;YACjI,IAAG,CAAC,sBAAsB,EAAC,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,8BAA8B,UAAU,CAAC,aAAa,MAAM,KAAK,iHAAiH,CAAC,CAAA;YACvM,CAAC;QACL,CAAC;IACL,CAAC;IAGD,KAAI,IAAI,aAAa,IAAI,UAAU,CAAC,aAAa,EAAC,CAAC;QAC/C,IAAI,2BAA2B,GAAG,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC;QAExF,IAAI,YAAY,GAAG;YACf,UAAU;YACV,GAAG,2BAA2B;YAC9B,GAAG,UAAU,CAAC,aAAa,eAAe;SAC7C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAQX,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAC5E,IAAI,CAAC;gBAED,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,8BAA8B,EAAE,CAAC,CAAC;oBAC7E,OAAO;gBACX,CAAC;gBAED,IAAI,IAAI,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,WAAW,EAA4B,CAAA;gBACtE,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;oBACnC,IAAI,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC5C,CAAC;gBAED,IAAI,yBAAyB,GAAG,MAAM,gBAAgB,CAAC,qBAAqB,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;gBACnI,IAAI,CAAC,yBAAyB,EAAE,CAAC;oBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sDAAsD,UAAU,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC;oBACvG,OAAO;gBACX,CAAC;gBAED,IAAI,QAAQ,CAAC;gBACb,IAAI,CAAC;oBAED,QAAQ,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC1F,CAAC;gBAAC,OAAM,GAAG,EAAC,CAAC;oBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;oBAC/C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACnB,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACZ,IAAI,QAAQ,GAAG,MAAM,yBAAyB,CAAC,0BAA0B,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;oBAC3F,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACvB,CAAC;qBAAM,CAAC;oBAEJ,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACjC,CAAC;YAEL,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACrB,CAAC;QACL,CAAC,CAAC,CAAA;QAGF,IAAI,iBAAiB,GAAG;YACpB,UAAU;YACV,GAAG,2BAA2B;YAC9B,UAAU,CAAC,aAAa;SAC3B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAEX,GAAG,CAAC,GAAG,CAAC,iBAAiB,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;YAC7D,IAAI,oBAA4C,CAAE;YAClD,IAAI,CAAC;gBACD,oBAAoB,GAAG,UAAU,CAAC,sBAAsB,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;YAC5F,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,IAAG,GAAG,YAAY,CAAC,CAAC,QAAQ,EAAC,CAAC;oBAC1B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;oBAChC,OAAO;gBACX,CAAC;qBAAM,CAAC;oBACJ,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;oBAC/C,OAAO;gBACX,CAAC;YACL,CAAC;YAED,IAAI,IAAI,GAAG,6BAA6B,CAAC,oBAAoB,CAA2B,CAAC;YACzF,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;gBACnC,IAAI,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5C,CAAC;YAED,IAAI,yBAAyB,GAAG,MAAM,gBAAgB,CAAC,qBAAqB,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;YACnI,IAAI,CAAC,yBAAyB,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sDAAsD,UAAU,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC;gBACvG,OAAO;YACX,CAAC;YAED,IAAI,SAAS,CAAC;YACd,IAAI,CAAC;gBAED,IAAI,KAAK,GAAG,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC9E,IAAG,oBAAoB,CAAC,IAAI,IAAI,oBAAoB,CAAC,MAAM,EAAE,CAAC;oBAC1D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0CAA0C,EAAE,CAAC,CAAC;oBAChE,OAAO;gBACX,CAAC;gBACD,IAAI,KAAK,GAAG,8BAA8B,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAC;gBACxE,SAAS,GAAG,MAAM,KAAK,CAAC;YAC5B,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,IAAI,GAAG,CAAC,IAAI,IAAI,WAAW,EAAE,CAAC;oBAC1B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2EAA2E,EAAE,CAAC,CAAC;oBACjG,OAAO;gBACX,CAAC;qBAAM,CAAC;oBACJ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,yBAAyB,EAAC,CAAC,CAAC;oBAC7C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACnB,OAAO;gBACX,CAAC;YACL,CAAC;YAED,IAAI,CAAC,SAAS,EAAE,CAAC;gBACb,IAAI,QAAQ,GAAG,MAAM,yBAAyB,CAAC,0BAA0B,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;gBAC3F,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBAEJ,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;YAClC,CAAC;QAEL,CAAC,CAAC,CAAA;QAEF,IAAI,QAAQ,GAAG;YACX,UAAU;YACV,GAAG,2BAA2B;YAC9B,GAAG,UAAU,CAAC,aAAa,eAAe;SAC7C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAEX,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACjC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,8BAA8B,EAAE,CAAC,CAAC;gBAC7E,OAAO;YACX,CAAC;YAED,IAAI,IAAI,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,WAAW,EAA4B,CAAE;YACxE,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;gBACnC,IAAI,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5C,CAAC;YAGD,IAAI,yBAAyB,GAAG,MAAM,gBAAgB,CAAC,qBAAqB,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;YACtI,IAAI,CAAC,yBAAyB,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sDAAsD,UAAU,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC;gBACvG,OAAO;YACX,CAAC;YAED,IAAG,UAAU,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,KAAK,MAAM,EAAE,CAAC;gBAExD,IAAI,GAA6B,CAAC,IAAI,EAAE,OAAO,EAAC,CAAC;oBAC7C,GAAG,CAAC,IAAI,CAAC,UAAU,GAAI,GAA6B,CAAC,IAAI,EAAE,OAAO,CAAC;gBACvE,CAAC;qBAAM,CAAC;oBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;gBAC/B,CAAC;YACL,CAAC;YAED,IAAG,UAAU,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,KAAK,IAAI,EAAE,CAAC;gBACtD,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;YACrC,CAAC;YAID,IAAI,sBAAsB,CAAC;YAC3B,IAAI,CAAC;gBACD,sBAAsB,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC5E,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACR,IAAG,GAAG,YAAY,CAAC,CAAC,QAAQ,EAAC,CAAC;oBAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;oBAChC,OAAO;gBACX,CAAC;qBAAM,CAAC;oBACJ,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;oBAC/C,OAAO;gBACX,CAAC;YACL,CAAC;YAID,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;gBACnC,IAAG,sBAAsB,CAAC,GAAG,KAAK,KAAK,CAAC,IAAI,sBAAsB,CAAC,GAAG,KAAK,KAAK,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,EAAC,CAAC;oBACrG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4CAA4C,KAAK,yCAAyC,EAAE,CAAC,CAAC;oBAChH,OAAO;gBACX,CAAC;YACL,CAAC;YAUD,IAAI,OAAO,CAAC;YACZ,IAAI,CAAC;gBACD,OAAO,GAAG,MAAM,UAAU,CAAC,+BAA+B,CAAC,IAAI,EAAE,sBAAsB,CAAC,CAAC;YAE7F,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;gBAC/C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO;YACX,CAAC;YAED,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,IAAI,QAAQ,GAAG,MAAM,yBAAyB,CAAC,0BAA0B,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;gBAC9F,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACJ,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAChC,CAAC;QAEL,CAAC,CAAC,CAAC;QAEH,IAAI,SAAS,GAAG;YACZ,UAAU;YACV,GAAG,2BAA2B;YAC9B,GAAG,UAAU,CAAC,aAAa,EAAE;SAChC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAEX,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAEnC,IAAI,yBAAyB,GAAG,MAAM,gBAAgB,CAAC,qBAAqB,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC3I,IAAI,CAAC,yBAAyB,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sDAAsD,UAAU,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC;gBACvG,OAAO;YACX,CAAC;YAED,IAAG,UAAU,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,KAAK,MAAM,EAAE,CAAC;gBAExD,IAAI,GAA6B,CAAC,IAAI,EAAE,OAAO,EAAC,CAAC;oBAC7C,GAAG,CAAC,IAAI,CAAC,UAAU,GAAI,GAA6B,CAAC,IAAI,EAAE,OAAO,CAAC;gBACvE,CAAC;qBAAM,CAAC;oBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;gBAC/B,CAAC;YACL,CAAC;YAED,IAAG,UAAU,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,KAAK,IAAI,EAAE,CAAC;gBACtD,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;YACrC,CAAC;YAED,IAAG,UAAU,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,KAAK,MAAM,EAAE,CAAC;gBAExD,IAAI,GAA6B,CAAC,IAAI,EAAE,OAAO,EAAC,CAAC;oBAC7C,GAAG,CAAC,IAAI,CAAC,UAAU,GAAI,GAA6B,CAAC,IAAI,EAAE,OAAO,CAAC;gBACvE,CAAC;qBAAM,CAAC;oBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;gBAC/B,CAAC;YACL,CAAC;YAED,IAAG,UAAU,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,KAAK,IAAI,EAAE,CAAC;gBACtD,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;YACrC,CAAC;YAED,IAAI,sBAAsB,CAAC;YAC3B,IAAI,CAAC;gBACD,sBAAsB,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC7E,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACR,IAAG,GAAG,YAAY,CAAC,CAAC,QAAQ,EAAC,CAAC;oBAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;oBAChC,OAAO;gBACX,CAAC;qBAAM,CAAC;oBACJ,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;oBAC/C,OAAO;gBACX,CAAC;YACL,CAAC;YAID,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;gBACnC,IAAG,sBAAsB,CAAC,GAAG,KAAK,KAAK,CAAC,IAAI,sBAAsB,CAAC,GAAG,KAAK,KAAK,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,EAAC,CAAC;oBACrG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4CAA4C,KAAK,yCAAyC,EAAE,CAAC,CAAC;oBAChH,OAAO;gBACX,CAAC;YACL,CAAC;YASD,IAAI,OAAO,CAAC;YACZ,IAAI,CAAC;gBACD,OAAO,GAAG,MAAM,UAAU,CAAC,+BAA+B,CAAC,sBAAsB,CAAC,CAAC;YAEvF,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;gBAC/C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO;YACX,CAAC;YAED,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,IAAI,QAAQ,GAAG,MAAM,yBAAyB,CAAC,0BAA0B,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;gBAC9F,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACJ,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAChC,CAAC;QAEL,CAAC,CAAC,CAAC;QAEH,IAAI,WAAW,GAAG;YACd,UAAU;YACV,GAAG,2BAA2B;YAC9B,GAAG,UAAU,CAAC,aAAa,eAAe;SAC7C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAEX,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACvC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,8BAA8B,EAAE,CAAC,CAAC;gBAC7E,OAAO;YACX,CAAC;YAED,IAAI,IAAI,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,WAAW,EAA4B,CAAE;YACxE,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;gBACnC,IAAI,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5C,CAAC;YAED,IAAI,yBAAyB,GAAG,MAAM,gBAAgB,CAAC,qBAAqB,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;YACtI,IAAI,CAAC,yBAAyB,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sDAAsD,UAAU,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC;gBACvG,OAAO;YACX,CAAC;YAED,IAAI,OAAO,CAAC;YACZ,IAAI,CAAC;gBACD,OAAO,GAAG,MAAM,UAAU,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAC;YACrE,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;gBAC/C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO;YACX,CAAC;YAED,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,IAAI,QAAQ,GAAG,MAAM,yBAAyB,CAAC,0BAA0B,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;gBAC9F,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACJ,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAChC,CAAC;QAEL,CAAC,CAAC,CAAC;IACP,CAAC;AACL,CAAC"}
1
+ {"version":3,"file":"F_Compile.js","sourceRoot":"","sources":["../src/F_Compile.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAE5B,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAyB,MAAM,yCAAyC,CAAC;AAClG,OAAO,EAAE,YAAY,EAAE,8BAA8B,EAAE,6BAA6B,EAAE,MAAM,0CAA0C,CAAC;AAGvI,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAOlE,MAAM,UAAU,OAAO,CACnB,GAAW,EACX,UAAkD,EAClD,UAAkB,EAClB,mBAA+C;IAO/C,KAAI,IAAI,aAAa,IAAI,UAAU,CAAC,aAAa,EAAC,CAAC;QAC/C,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;YAEnC,IAAG,KAAK,KAAK,UAAU,CAAC,aAAa,EAAC,CAAC;gBACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,UAAU,CAAC,aAAa,gEAAgE,UAAU,CAAC,aAAa,iCAAiC,CAAC,CAAA;YACpM,CAAC;YAGD,IAAG,CAAC,mBAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,EAAC,CAAC;gBACxC,MAAM,IAAI,KAAK,CAAC,8BAA8B,UAAU,CAAC,aAAa,iEAAiE,KAAK,8CAA8C,CAAC,CAAA;YAC/L,CAAC;YAED,IAAG,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,KAAK,KAAK,CAAC,EAAE,CAAC;gBACpE,MAAM,IAAI,KAAK,CAAC,8BAA8B,UAAU,CAAC,aAAa,uCAAuC,KAAK,sBAAsB,KAAK,iDAAiD,KAAK,KAAK,CAAC,CAAA;YAC7M,CAAC;YAED,IAAI,sBAAsB,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,KAAK,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,uBAAuB,KAAK,YAAY,CAAC;YACjI,IAAG,CAAC,sBAAsB,EAAC,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,8BAA8B,UAAU,CAAC,aAAa,MAAM,KAAK,iHAAiH,CAAC,CAAA;YACvM,CAAC;QACL,CAAC;IACL,CAAC;IAGD,KAAI,IAAI,aAAa,IAAI,UAAU,CAAC,aAAa,EAAC,CAAC;QAC/C,IAAI,2BAA2B,GAAG,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC;QAExF,IAAI,YAAY,GAAG;YACf,UAAU;YACV,GAAG,2BAA2B;YAC9B,GAAG,UAAU,CAAC,aAAa,eAAe;SAC7C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAQX,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;YAC5E,IAAI,CAAC;gBAED,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,8BAA8B,EAAE,CAAC,CAAC;oBAC7E,OAAO;gBACX,CAAC;gBAED,IAAI,IAAI,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,WAAW,EAA4B,CAAA;gBACtE,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;oBACnC,IAAI,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC5C,CAAC;gBAED,IAAI,yBAAyB,GAAG,MAAM,gBAAgB,CAAC,qBAAqB,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;gBACnI,IAAI,CAAC,yBAAyB,EAAE,CAAC;oBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sDAAsD,UAAU,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC;oBACvG,OAAO;gBACX,CAAC;gBAED,IAAI,QAAQ,CAAC;gBACb,IAAI,CAAC;oBAED,QAAQ,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC1F,CAAC;gBAAC,OAAM,GAAG,EAAC,CAAC;oBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;oBAC/C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACnB,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACZ,IAAI,QAAQ,GAAG,MAAM,yBAAyB,CAAC,0BAA0B,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;oBAC3F,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACvB,CAAC;qBAAM,CAAC;oBAEJ,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACjC,CAAC;YAEL,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACrB,CAAC;QACL,CAAC,CAAC,CAAA;QAGF,IAAI,iBAAiB,GAAG;YACpB,UAAU;YACV,GAAG,2BAA2B;YAC9B,UAAU,CAAC,aAAa;SAC3B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAEX,GAAG,CAAC,GAAG,CAAC,iBAAiB,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;YAC7D,IAAI,oBAA4C,CAAE;YAClD,IAAI,CAAC;gBACD,oBAAoB,GAAG,UAAU,CAAC,sBAAsB,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;YAC5F,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,IAAG,GAAG,YAAY,CAAC,CAAC,QAAQ,EAAC,CAAC;oBAC1B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;oBAChC,OAAO;gBACX,CAAC;qBAAM,CAAC;oBACJ,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;oBAC/C,OAAO;gBACX,CAAC;YACL,CAAC;YAED,IAAI,IAAI,GAAG,6BAA6B,CAAC,oBAAoB,CAA2B,CAAC;YACzF,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;gBACnC,IAAI,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5C,CAAC;YAED,IAAI,yBAAyB,GAAG,MAAM,gBAAgB,CAAC,qBAAqB,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;YACnI,IAAI,CAAC,yBAAyB,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sDAAsD,UAAU,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC;gBACvG,OAAO;YACX,CAAC;YAED,IAAI,SAAS,CAAC;YACd,IAAI,CAAC;gBAED,IAAI,KAAK,GAAG,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC9E,IAAG,oBAAoB,CAAC,IAAI,IAAI,oBAAoB,CAAC,MAAM,EAAE,CAAC;oBAC1D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0CAA0C,EAAE,CAAC,CAAC;oBAChE,OAAO;gBACX,CAAC;gBACD,IAAI,KAAK,GAAG,8BAA8B,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAC;gBACxE,SAAS,GAAG,MAAM,KAAK,CAAC;YAC5B,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,IAAI,GAAG,CAAC,IAAI,IAAI,WAAW,EAAE,CAAC;oBAC1B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2EAA2E,EAAE,CAAC,CAAC;oBACjG,OAAO;gBACX,CAAC;qBAAM,CAAC;oBACJ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,yBAAyB,EAAC,CAAC,CAAC;oBAC7C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACnB,OAAO;gBACX,CAAC;YACL,CAAC;YAED,IAAI,CAAC,SAAS,EAAE,CAAC;gBACb,IAAI,QAAQ,GAAG,MAAM,yBAAyB,CAAC,0BAA0B,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;gBAC3F,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBAEJ,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;YAClC,CAAC;QAEL,CAAC,CAAC,CAAA;QAEF,IAAI,QAAQ,GAAG;YACX,UAAU;YACV,GAAG,2BAA2B;YAC9B,GAAG,UAAU,CAAC,aAAa,eAAe;SAC7C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAEX,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACjC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,8BAA8B,EAAE,CAAC,CAAC;gBAC7E,OAAO;YACX,CAAC;YAED,IAAI,IAAI,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,WAAW,EAA4B,CAAE;YACxE,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;gBACnC,IAAI,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5C,CAAC;YAGD,IAAI,yBAAyB,GAAG,MAAM,gBAAgB,CAAC,qBAAqB,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;YACtI,IAAI,CAAC,yBAAyB,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sDAAsD,UAAU,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC;gBACvG,OAAO;YACX,CAAC;YAED,IAAG,UAAU,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,KAAK,MAAM,EAAE,CAAC;gBAExD,IAAI,GAA6B,CAAC,IAAI,EAAE,OAAO,EAAC,CAAC;oBAC7C,GAAG,CAAC,IAAI,CAAC,UAAU,GAAI,GAA6B,CAAC,IAAI,EAAE,OAAO,CAAC;gBACvE,CAAC;qBAAM,CAAC;oBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;gBAC/B,CAAC;YACL,CAAC;YAED,IAAG,UAAU,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,KAAK,IAAI,EAAE,CAAC;gBACtD,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;YACrC,CAAC;YAID,IAAI,sBAAsB,CAAC;YAC3B,IAAI,CAAC;gBACD,sBAAsB,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC5E,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACR,IAAG,GAAG,YAAY,CAAC,CAAC,QAAQ,EAAC,CAAC;oBAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;oBAChC,OAAO;gBACX,CAAC;qBAAM,CAAC;oBACJ,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;oBAC/C,OAAO;gBACX,CAAC;YACL,CAAC;YAED,IAAI,CAAC;gBACD,qBAAqB,CAAC,sBAAsB,CAAC,CAAC;YAClD,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qDAAqD,EAAE,CAAC,CAAC;gBAC3E,OAAO;YACX,CAAC;YAID,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;gBACnC,IAAG,sBAAsB,CAAC,GAAG,KAAK,KAAK,CAAC,IAAI,sBAAsB,CAAC,GAAG,KAAK,KAAK,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,EAAC,CAAC;oBACrG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4CAA4C,KAAK,yCAAyC,EAAE,CAAC,CAAC;oBAChH,OAAO;gBACX,CAAC;YACL,CAAC;YAUD,IAAI,OAAO,CAAC;YACZ,IAAI,CAAC;gBACD,OAAO,GAAG,MAAM,UAAU,CAAC,+BAA+B,CAAC,IAAI,EAAE,sBAAsB,CAAC,CAAC;YAE7F,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;gBAC/C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO;YACX,CAAC;YAED,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,IAAI,QAAQ,GAAG,MAAM,yBAAyB,CAAC,0BAA0B,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;gBAC9F,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACJ,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAChC,CAAC;QAEL,CAAC,CAAC,CAAC;QAEH,IAAI,SAAS,GAAG;YACZ,UAAU;YACV,GAAG,2BAA2B;YAC9B,GAAG,UAAU,CAAC,aAAa,EAAE;SAChC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAEX,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAEnC,IAAI,yBAAyB,GAAG,MAAM,gBAAgB,CAAC,qBAAqB,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC3I,IAAI,CAAC,yBAAyB,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sDAAsD,UAAU,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC;gBACvG,OAAO;YACX,CAAC;YAED,IAAG,UAAU,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,KAAK,MAAM,EAAE,CAAC;gBAExD,IAAI,GAA6B,CAAC,IAAI,EAAE,OAAO,EAAC,CAAC;oBAC7C,GAAG,CAAC,IAAI,CAAC,UAAU,GAAI,GAA6B,CAAC,IAAI,EAAE,OAAO,CAAC;gBACvE,CAAC;qBAAM,CAAC;oBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;gBAC/B,CAAC;YACL,CAAC;YAED,IAAG,UAAU,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,KAAK,IAAI,EAAE,CAAC;gBACtD,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;YACrC,CAAC;YAED,IAAG,UAAU,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,KAAK,MAAM,EAAE,CAAC;gBAExD,IAAI,GAA6B,CAAC,IAAI,EAAE,OAAO,EAAC,CAAC;oBAC7C,GAAG,CAAC,IAAI,CAAC,UAAU,GAAI,GAA6B,CAAC,IAAI,EAAE,OAAO,CAAC;gBACvE,CAAC;qBAAM,CAAC;oBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;gBAC/B,CAAC;YACL,CAAC;YAED,IAAG,UAAU,CAAC,eAAe,CAAC,UAAU,EAAE,IAAI,KAAK,IAAI,EAAE,CAAC;gBACtD,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;YACrC,CAAC;YAED,IAAI,sBAAsB,CAAC;YAC3B,IAAI,CAAC;gBACD,sBAAsB,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC7E,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACR,IAAG,GAAG,YAAY,CAAC,CAAC,QAAQ,EAAC,CAAC;oBAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;oBAChC,OAAO;gBACX,CAAC;qBAAM,CAAC;oBACJ,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;oBAC/C,OAAO;gBACX,CAAC;YACL,CAAC;YAED,IAAI,CAAC;gBACD,qBAAqB,CAAC,sBAAsB,CAAC,CAAC;YAClD,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qDAAqD,EAAE,CAAC,CAAC;gBAC3E,OAAO;YACX,CAAC;YAID,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;gBACnC,IAAG,sBAAsB,CAAC,GAAG,KAAK,KAAK,CAAC,IAAI,sBAAsB,CAAC,GAAG,KAAK,KAAK,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,EAAC,CAAC;oBACrG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4CAA4C,KAAK,yCAAyC,EAAE,CAAC,CAAC;oBAChH,OAAO;gBACX,CAAC;YACL,CAAC;YASD,IAAI,OAAO,CAAC;YACZ,IAAI,CAAC;gBACD,OAAO,GAAG,MAAM,UAAU,CAAC,+BAA+B,CAAC,sBAAsB,CAAC,CAAC;YAEvF,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;gBAC/C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO;YACX,CAAC;YAED,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,IAAI,QAAQ,GAAG,MAAM,yBAAyB,CAAC,0BAA0B,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;gBAC9F,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACJ,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAChC,CAAC;QAEL,CAAC,CAAC,CAAC;QAEH,IAAI,WAAW,GAAG;YACd,UAAU;YACV,GAAG,2BAA2B;YAC9B,GAAG,UAAU,CAAC,aAAa,eAAe;SAC7C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAEX,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACvC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,8BAA8B,EAAE,CAAC,CAAC;gBAC7E,OAAO;YACX,CAAC;YAED,IAAI,IAAI,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,WAAW,EAA4B,CAAE;YACxE,KAAI,IAAI,KAAK,IAAI,aAAa,CAAC,MAAM,EAAC,CAAC;gBACnC,IAAI,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5C,CAAC;YAED,IAAI,yBAAyB,GAAG,MAAM,gBAAgB,CAAC,qBAAqB,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;YACtI,IAAI,CAAC,yBAAyB,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sDAAsD,UAAU,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC;gBACvG,OAAO;YACX,CAAC;YAED,IAAI,OAAO,CAAC;YACZ,IAAI,CAAC;gBACD,OAAO,GAAG,MAAM,UAAU,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAC;YACrE,CAAC;YAAC,OAAM,GAAG,EAAC,CAAC;gBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;gBAC/C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO;YACX,CAAC;YAED,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,IAAI,QAAQ,GAAG,MAAM,yBAAyB,CAAC,0BAA0B,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;gBAC9F,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACJ,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAChC,CAAC;QAEL,CAAC,CAAC,CAAC;IACP,CAAC;AACL,CAAC"}
package/dist/utils/malicious_keys.d.ts ADDED
@@ -0,0 +1 @@
1
+ export declare function detect_malicious_keys(input: any): any;
package/dist/utils/malicious_keys.js ADDED
@@ -0,0 +1,14 @@
1
+ export function detect_malicious_keys(input) {
2
+ if (Array.isArray(input)) {
3
+ input.map(detect_malicious_keys);
4
+ }
5
+ if (typeof input === 'object' && input !== null) {
6
+ for (let [key, value] of Object.entries(input)) {
7
+ if (key.trim().startsWith('$')) {
8
+ throw new Error(`Invalid key detected: ${key}`);
9
+ }
10
+ detect_malicious_keys(value);
11
+ }
12
+ }
13
+ }
14
+ //# sourceMappingURL=malicious_keys.js.map
package/dist/utils/malicious_keys.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"malicious_keys.js","sourceRoot":"","sources":["../../src/utils/malicious_keys.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,qBAAqB,CAAC,KAAU;IAC5C,IAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAC,CAAC;QACrB,KAAK,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACrC,CAAC;IAED,IAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAC,CAAC;QAC5C,KAAI,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAC,CAAC;YAC3C,IAAG,GAAG,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAAC,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,EAAE,CAAC,CAAA;YAAA,CAAC;YACjF,qBAAqB,CAAC,KAAK,CAAC,CAAC;QACjC,CAAC;IACL,CAAC;AACL,CAAC"}
package/dist/utils/mongoose_any_paths.d.ts ADDED
@@ -0,0 +1 @@
1
+ export declare function detect_malicious_keys(input: any): any;
package/dist/utils/mongoose_any_paths.js ADDED
@@ -0,0 +1,14 @@
1
+ export function detect_malicious_keys(input) {
2
+ if (Array.isArray(input)) {
3
+ input.map(detect_malicious_keys);
4
+ }
5
+ if (typeof input === 'object' && input !== null) {
6
+ for (let [key, value] of Object.entries(input)) {
7
+ if (key.trim().startsWith('$')) {
8
+ throw new Error(`Invalid key detected: ${key}`);
9
+ }
10
+ detect_malicious_keys(value);
11
+ }
12
+ }
13
+ }
14
+ //# sourceMappingURL=mongoose_any_paths.js.map
package/dist/utils/mongoose_any_paths.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"mongoose_any_paths.js","sourceRoot":"","sources":["../../src/utils/mongoose_any_paths.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,qBAAqB,CAAC,KAAU;IAC5C,IAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAC,CAAC;QACrB,KAAK,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACrC,CAAC;IAED,IAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAC,CAAC;QAC5C,KAAI,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAC,CAAC;YAC3C,IAAG,GAAG,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAAC,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,EAAE,CAAC,CAAA;YAAA,CAAC;YACjF,qBAAqB,CAAC,KAAK,CAAC,CAAC;QACjC,CAAC;IACL,CAAC;AACL,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@liminalfunctions/framework",
3
- "version": "1.0.50",
3
+ "version": "1.0.51",
4
4
  "main": "./dist/index.js",
5
5
  "type": "module",
6
6
  "scripts": {
package/src/F_Compile.ts CHANGED
@@ -7,6 +7,7 @@ import { F_Security_Model, Authenticated_Request } from "./F_Security_Models/F_S
7
7
  import { convert_null, query_object_to_mongodb_limits, query_object_to_mongodb_query } from "./utils/query_object_to_mongodb_query.js";
8
8
  import { z_mongodb_id } from "./utils/mongoose_from_zod.js";
9
9
  import { F_Collection_Registry } from "./F_Collection_Registry.js";
10
+ import { detect_malicious_keys } from "./utils/malicious_keys.js";
10
11
 
11
12
  /*process.on('unhandledRejection', (reason, promise) => {
12
13
  console.log(`CAUGHT UNHANDLED REJECTION`)
@@ -236,6 +237,14 @@ export function compile<Collection_ID extends string, ZodSchema extends z.ZodObj
236
237
  }
237
238
  }
238
239
 
240
+ try {
241
+ detect_malicious_keys(validated_request_body);
242
+ } catch(err){
243
+ res.status(403);
244
+ res.json({ error: `Found an unacceptable JSON key in the request body.` });
245
+ return;
246
+ }
247
+
239
248
  // if you're accessing the document from /x/:x/y/:y, then you can't change x or y. Note that this does mean if you can access
240
249
  // the document from /x/:x, then you'd be able to change y.
241
250
  for(let layer of access_layers.layers){
@@ -331,6 +340,14 @@ export function compile<Collection_ID extends string, ZodSchema extends z.ZodObj
331
340
  }
332
341
  }
333
342
 
343
+ try {
344
+ detect_malicious_keys(validated_request_body);
345
+ } catch(err){
346
+ res.status(403);
347
+ res.json({ error: `Found an unacceptable JSON key in the request body.` });
348
+ return;
349
+ }
350
+
334
351
  // if you're accessing the document from /x/:x/y/:y, then you can't change x or y. Note that this does mean if you can access
335
352
  // the document from /x/:x, then you'd be able to change y.
336
353
  for(let layer of access_layers.layers){
package/src/utils/malicious_keys.ts ADDED
@@ -0,0 +1,12 @@
1
+ export function detect_malicious_keys(input: any): any {
2
+ if(Array.isArray(input)){
3
+ input.map(detect_malicious_keys);
4
+ }
5
+
6
+ if(typeof input === 'object' && input !== null){
7
+ for(let [key, value] of Object.entries(input)){
8
+ if(key.trim().startsWith('$')) { throw new Error(`Invalid key detected: ${key}`)}
9
+ detect_malicious_keys(value);
10
+ }
11
+ }
12
+ }
package/src/utils/mongoose_from_zod.ts CHANGED
@@ -51,7 +51,7 @@ export const z_mongodb_id_nullable = z.custom<string>((val) => {
51
51
 
52
52
  export function mongoose_from_zod<T>(schema_name: string, zod_definition: z.core.$ZodType, database: typeof mongoose = mongoose) {
53
53
  let mongoose_schema = schema_from_zod(zod_definition);
54
- return database.model<T>(schema_name, new Schema(mongoose_schema, {typeKey: 'mongoose_type'}));
54
+ return database.model<T>(schema_name, new Schema(mongoose_schema, {typeKey: 'mongoose_type', minimize: false}));
55
55
  }
56
56
 
57
57
  export function schema_from_zod(zod_definition: z.core.$ZodType): any {
package/test/0_4_cache.test.ts CHANGED
@@ -120,7 +120,7 @@ describe('Cache', function () {
120
120
  const key = 'best_animal'
121
121
  const value = { 'test': 'flamingo' }
122
122
 
123
- assert.rejects(async() => {
123
+ await assert.rejects(async() => {
124
124
  await cache.first_get_then_fetch(key, async () => { throw new Error('bad data here bro') })
125
125
  }, {message: 'bad data here bro'})
126
126
  });
package/test/0_5_malicious_keys.test.ts ADDED
@@ -0,0 +1,58 @@
1
+ import assert from "assert";
2
+ import { z, ZodBoolean, ZodDate, ZodNumber, ZodString } from 'zod'
3
+
4
+ import { detect_malicious_keys } from '../dist/utils/mongoose_any_paths.js';
5
+
6
+
7
+ import { Schema } from 'mongoose'
8
+ import { required } from "zod/mini";
9
+
10
+ process.env.DEBUG = 'express:*'
11
+
12
+ describe('malcious key detection', function () {
13
+ it('should pass if there are no malicious keys', function () {
14
+ detect_malicious_keys({})
15
+ });
16
+
17
+ it('should throw if there is a malicious key', function () {
18
+ assert.throws(() => {
19
+ detect_malicious_keys({
20
+ $set: 5
21
+ })
22
+ })
23
+ });
24
+
25
+ it('should throw if there is a malicious key embedded as an array child', function () {
26
+ assert.throws(() => {
27
+ detect_malicious_keys({
28
+ array: [
29
+ {$set: 6}
30
+ ]
31
+ })
32
+ })
33
+ });
34
+
35
+ it('should throw if there is a malicious key embedded as a sub-item', function () {
36
+ assert.throws(() => {
37
+ detect_malicious_keys({
38
+ obj: {$set: 6}
39
+ })
40
+ })
41
+ });
42
+
43
+ it('should throw if there is a malicious key embedded as a sub-item of an array child', function () {
44
+ assert.throws(() => {
45
+ detect_malicious_keys({
46
+ arr: [
47
+ {
48
+ sub: {
49
+ obj: {$set: 6}
50
+ }
51
+ }
52
+ ]
53
+
54
+ })
55
+ })
56
+ });
57
+
58
+ });
package/test/1_0_basic_server.test.ts CHANGED
@@ -28,6 +28,7 @@ describe('Basic Server', function () {
28
28
  const validate_institution = z.object({
29
29
  _id: z_mongodb_id,
30
30
  name: z.string(),
31
+ meta: z.any().optional()
31
32
  });
32
33
  const validate_client = z.object({
33
34
  _id: z_mongodb_id,
@@ -427,11 +428,36 @@ describe('Basic Server', function () {
427
428
  test_institutions.push(test_institution);
428
429
  }
429
430
 
430
- assert.rejects(async () => {
431
+ await assert.rejects(async () => {
431
432
  return await got.get(`http://localhost:${port}/api/institution?sort=name&cursor=${test_institutions[2]._id}`).json();
432
433
  })
433
434
  });
434
435
 
436
+ it(`should reject GET multiple operations with malicious keys in the query`, async function () {
437
+ let test_institutions = []
438
+ for(let q = 0; q < 5; q++){
439
+ let test_institution = await institution.mongoose_model.create({
440
+ name: ['spandex co',
441
+ 'the ordinary institute',
442
+ 'saliva branding collective',
443
+ 'united league of billionare communitsts',
444
+ 'geriatric co',
445
+ 'jousing club of omaha, nebraska',
446
+ 'dental hygenist paratrooper union',
447
+ 'martha stewart\'s cannibal fan club',
448
+ 'wrecking ball operator crochet club',
449
+ 'accidental co'
450
+ ][q]
451
+ });
452
+ //@ts-ignore
453
+ test_institutions.push(test_institution);
454
+ }
455
+
456
+ await assert.rejects(async () => {
457
+ let results = await got.get(`http://localhost:${port}/api/institution?$where=5`);
458
+ })
459
+ });
460
+
435
461
  ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
436
462
  ///////////////////////////////////////////////////////////// PUT ////////////////////////////////////////////////////////////////////////////////////
437
463
  ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -524,7 +550,7 @@ describe('Basic Server', function () {
524
550
  name: `Spandex Reincarnation`
525
551
  })
526
552
 
527
- assert.rejects(async () => {
553
+ await assert.rejects(async () => {
528
554
  let results = await got.put(`http://localhost:${port}/api/institution/${test_institution._id}/client/${test_client._id}/project/${test_project._id}`, {
529
555
  json: {
530
556
  name: `Leather Pants Transubstantiation`,
@@ -533,7 +559,26 @@ describe('Basic Server', function () {
533
559
  },
534
560
  }).json();
535
561
  }, {
536
- message: 'HTTPError: Response code 403 (Forbidden)'
562
+ message: 'Response code 403 (Forbidden)'
563
+ });
564
+ });
565
+
566
+ it(`should reject a PUT operation with a malicious key in the body`, async function () {
567
+ let test_institution = await institution.mongoose_model.create({
568
+ name: 'Spandex Co'
569
+ });
570
+
571
+ await assert.rejects(async () => {
572
+ let results = await got.put(`http://localhost:${port}/api/institution/${test_institution._id}`, {
573
+ json: {
574
+ name: 'Leather Pants Co',
575
+ meta: {
576
+ $sum: { test: true}
577
+ }
578
+ },
579
+ }).json();
580
+ }, {
581
+ message: 'Response code 403 (Forbidden)'
537
582
  });
538
583
  });
539
584
 
@@ -607,7 +652,7 @@ describe('Basic Server', function () {
607
652
  name: `Anna's Latex Emporium`
608
653
  })
609
654
 
610
- assert.rejects(async () => {
655
+ await assert.rejects(async () => {
611
656
  let results = await got.post(`http://localhost:${port}/api/institution/${test_institution._id}/client/${test_client._id}/project`, {
612
657
  json: {
613
658
  name: `Leather Pants Transubstantiation`,
@@ -616,9 +661,25 @@ describe('Basic Server', function () {
616
661
  },
617
662
  }).json();
618
663
  }, {
619
- message: 'HTTPError: Response code 403 (Forbidden)'
664
+ message: 'Response code 403 (Forbidden)'
665
+ });
666
+ });
667
+
668
+ it(`should reject a POST operation with malicious keys in the body`, async function () {
669
+ await assert.rejects(async () => {
670
+ let results = await got.post(`http://localhost:${port}/api/institution`, {
671
+ json: {
672
+ name: 'Leather Pants Co',
673
+ meta: {
674
+ $sum: {test: true}
675
+ }
676
+ },
677
+ }).json();
678
+ }, {
679
+ message: 'Response code 403 (Forbidden)'
620
680
  });
621
681
  });
682
+
622
683
 
623
684
  ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
624
685
  ///////////////////////////////////////////////////////////// DELETE /////////////////////////////////////////////////////////////////////////////////
package/test/1_1_security_ownership.test.ts CHANGED
@@ -131,14 +131,14 @@ describe('Security Model Ownership', function () {
131
131
  auth_id: 'sharon'
132
132
  });
133
133
 
134
- assert.rejects(async () => {
134
+ await assert.rejects(async () => {
135
135
  let results = await got.get(`http://localhost:${port}/api/user_display/${user_display.id}`, {
136
136
  headers: {
137
137
  authorization: 'sharon'
138
138
  }
139
139
  }).json();
140
140
  }, {
141
- message: 'HTTPError: Response code 403 (Forbidden)'
141
+ message: 'Response code 403 (Forbidden)'
142
142
  })
143
143
  });
144
144
 
@@ -190,14 +190,14 @@ describe('Security Model Ownership', function () {
190
190
  }
191
191
 
192
192
  //@ts-ignore
193
- assert.rejects(async () => {
193
+ await assert.rejects(async () => {
194
194
  let results = await got.get(`http://localhost:${port}/api/user_display?user_id=${user._id}`, {
195
195
  headers: {
196
196
  authorization: 'sharon'
197
197
  }
198
198
  }).json();
199
199
  }, {
200
- message: 'HTTPError: Response code 403 (Forbidden)'
200
+ message: 'Response code 403 (Forbidden)'
201
201
  })
202
202
  });
203
203
 
@@ -232,7 +232,7 @@ describe('Security Model Ownership', function () {
232
232
  auth_id: 'sharon'
233
233
  });
234
234
 
235
- assert.rejects(async () => {
235
+ await assert.rejects(async () => {
236
236
  let results = await got.put(`http://localhost:${port}/api/user_display/${user_display.id}`, {
237
237
  headers: {
238
238
  authorization: 'sharon'
@@ -242,7 +242,7 @@ describe('Security Model Ownership', function () {
242
242
  }
243
243
  }).json();
244
244
  }, {
245
- message: 'HTTPError: Response code 403 (Forbidden)'
245
+ message: 'Response code 403 (Forbidden)'
246
246
  })
247
247
  });
248
248
 
@@ -276,7 +276,7 @@ describe('Security Model Ownership', function () {
276
276
  auth_id: 'sharon'
277
277
  });
278
278
 
279
- assert.rejects(async () => {
279
+ await assert.rejects(async () => {
280
280
  let results = await got.post(`http://localhost:${port}/api/user_display`, {
281
281
  headers: {
282
282
  authorization: 'sharon'
@@ -288,7 +288,7 @@ describe('Security Model Ownership', function () {
288
288
  }
289
289
  }).json();
290
290
  }, {
291
- message: 'HTTPError: Response code 403 (Forbidden)'
291
+ message: 'Response code 403 (Forbidden)'
292
292
  })
293
293
  });
294
294
 
@@ -320,14 +320,14 @@ describe('Security Model Ownership', function () {
320
320
  auth_id: 'sharon'
321
321
  });
322
322
 
323
- assert.rejects(async () => {
323
+ await assert.rejects(async () => {
324
324
  let results = await got.delete(`http://localhost:${port}/api/user_display/${user_display.id}`, {
325
325
  headers: {
326
326
  authorization: 'sharon'
327
327
  }
328
328
  }).json();
329
329
  }, {
330
- message: 'HTTPError: Response code 403 (Forbidden)'
330
+ message: 'Response code 403 (Forbidden)'
331
331
  })
332
332
  });
333
333
  });
package/test/1_2_role_membership.test.ts CHANGED
@@ -410,7 +410,7 @@ describe.skip('Security Model Role Membership', function () {
410
410
  it(`should reject a basic GET operation on a document where the user has a role membership without permission`, async function () {
411
411
  let { edwin_institution, edna_client, edna_project } = await generate_test_setup();
412
412
 
413
- assert.rejects(async () => {
413
+ await assert.rejects(async () => {
414
414
  let results = await got.get(`http://localhost:${port}/api/institution/${edwin_institution._id}/client/${edna_client._id}/project/${edna_project._id}`, {
415
415
  headers: {
416
416
  authorization: 'steve'
@@ -423,7 +423,7 @@ describe.skip('Security Model Role Membership', function () {
423
423
  it(`should reject a basic GET operation on a document where the user has no role membership`, async function () {
424
424
  let { steve_institution, steve_client, steve_project } = await generate_test_setup();
425
425
 
426
- assert.rejects(async () => {
426
+ await assert.rejects(async () => {
427
427
  let results = await got.get(`http://localhost:${port}/api/institution/${steve_institution._id}/client/${steve_client._id}/project/${steve_project._id}`, {
428
428
  headers: {
429
429
  authorization: 'edwin'
@@ -508,7 +508,7 @@ describe.skip('Security Model Role Membership', function () {
508
508
  }))
509
509
  }
510
510
 
511
- assert.rejects(async () => {
511
+ await assert.rejects(async () => {
512
512
  let results = await got.get(`http://localhost:${port}/api/institution/${edwin_institution._id}/client/${edna_client._id}/project`, {
513
513
  headers: {
514
514
  authorization: 'steve'
@@ -530,7 +530,7 @@ describe.skip('Security Model Role Membership', function () {
530
530
  }))
531
531
  }
532
532
 
533
- assert.rejects(async () => {
533
+ await assert.rejects(async () => {
534
534
  let results = await got.get(`http://localhost:${port}/api/institution/${steve_institution._id}/client/${steve_client._id}/project`, {
535
535
  headers: {
536
536
  authorization: 'edwin'
@@ -587,7 +587,7 @@ describe.skip('Security Model Role Membership', function () {
587
587
  it(`should reject a basic PUT operation on a document where the user has a role membership without permission`, async function () {
588
588
  let { edwin_institution, edna_client, edna_project } = await generate_test_setup();
589
589
 
590
- assert.rejects(async () => {
590
+ await assert.rejects(async () => {
591
591
  let results = await got.put(`http://localhost:${port}/api/institution/${edwin_institution._id}/client/${edna_client._id}/project/${edna_project._id}`, {
592
592
  headers: {
593
593
  authorization: 'steve'
@@ -603,7 +603,7 @@ describe.skip('Security Model Role Membership', function () {
603
603
  it(`should reject a basic PUT operation on a document where the user has no role membership`, async function () {
604
604
  let { steve_institution, steve_client, steve_project } = await generate_test_setup();
605
605
 
606
- assert.rejects(async () => {
606
+ await assert.rejects(async () => {
607
607
  let results = await got.put(`http://localhost:${port}/api/institution/${steve_institution._id}/client/${steve_client._id}/project/${steve_project._id}`, {
608
608
  headers: {
609
609
  authorization: 'edwin'
@@ -659,7 +659,7 @@ describe.skip('Security Model Role Membership', function () {
659
659
  it(`should reject a basic POST operation on a document where the user has a role membership without permission`, async function () {
660
660
  let { edwin_institution, edna_client, edna_project } = await generate_test_setup();
661
661
 
662
- assert.rejects(async () => {
662
+ await assert.rejects(async () => {
663
663
  let results = await got.post(`http://localhost:${port}/api/institution/${edwin_institution._id}/client/${edna_client._id}/project`, {
664
664
  headers: {
665
665
  authorization: 'steve'
@@ -677,7 +677,7 @@ describe.skip('Security Model Role Membership', function () {
677
677
  it(`should reject a basic POST operation on a document where the user has no role membership`, async function () {
678
678
  let { steve_institution, steve_client, steve_project } = await generate_test_setup();
679
679
 
680
- assert.rejects(async () => {
680
+ await assert.rejects(async () => {
681
681
  let results = await got.post(`http://localhost:${port}/api/institution/${steve_institution._id}/client/${steve_client._id}/project`, {
682
682
  headers: {
683
683
  authorization: 'edwin'
@@ -730,7 +730,7 @@ describe.skip('Security Model Role Membership', function () {
730
730
  it(`should reject a basic DELETE operation on a document where the user has a role membership without permission`, async function () {
731
731
  let { edwin_institution, edna_client, edna_project } = await generate_test_setup();
732
732
 
733
- assert.rejects(async () => {
733
+ await assert.rejects(async () => {
734
734
  let results = await got.delete(`http://localhost:${port}/api/institution/${edwin_institution._id}/client/${edna_client._id}/project/${edna_project._id}`, {
735
735
  headers: {
736
736
  authorization: 'steve'
@@ -743,7 +743,7 @@ describe.skip('Security Model Role Membership', function () {
743
743
  it(`should reject a basic DELETE operation on a document where the user has no role membership`, async function () {
744
744
  let { steve_institution, steve_client, steve_project } = await generate_test_setup();
745
745
 
746
- assert.rejects(async () => {
746
+ await assert.rejects(async () => {
747
747
  let results = await got.delete(`http://localhost:${port}/api/institution/${steve_institution._id}/client/${steve_client._id}/project/${steve_project._id}`, {
748
748
  headers: {
749
749
  authorization: 'edwin'