@strapi/utils 4.0.0-next.6 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/build-query.js +1 -1
- package/lib/config.js +10 -6
- package/lib/content-types.js +23 -116
- package/lib/convert-query-params.js +252 -0
- package/lib/errors.js +82 -0
- package/lib/format-yup-error.js +20 -0
- package/lib/hooks.js +5 -3
- package/lib/index.js +18 -14
- package/lib/pagination.js +88 -0
- package/lib/parse-multipart.js +7 -3
- package/lib/pipe-async.js +11 -0
- package/lib/policy.js +75 -119
- package/lib/print-value.js +51 -0
- package/lib/sanitize/index.js +51 -0
- package/lib/sanitize/sanitizers.js +26 -0
- package/lib/sanitize/visitors/allowed-fields.js +92 -0
- package/lib/sanitize/visitors/index.js +9 -0
- package/lib/sanitize/visitors/remove-password.js +7 -0
- package/lib/sanitize/visitors/remove-private.js +11 -0
- package/lib/sanitize/visitors/remove-restricted-relations.js +67 -0
- package/lib/sanitize/visitors/restricted-fields.js +31 -0
- package/lib/string-formatting.js +4 -0
- package/lib/traverse-entity.js +100 -0
- package/lib/validators.js +70 -16
- package/package.json +21 -24
- package/lib/convert-rest-query-params.js +0 -243
- package/lib/finder.js +0 -32
- package/lib/sanitize-entity.js +0 -172
package/lib/sanitize-entity.js
DELETED
|
@@ -1,172 +0,0 @@
|
|
|
1
|
-
'use strict';
|
|
2
|
-
|
|
3
|
-
const _ = require('lodash');
|
|
4
|
-
const {
|
|
5
|
-
constants,
|
|
6
|
-
isPrivateAttribute,
|
|
7
|
-
getNonWritableAttributes,
|
|
8
|
-
getNonVisibleAttributes,
|
|
9
|
-
getWritableAttributes,
|
|
10
|
-
} = require('./content-types');
|
|
11
|
-
|
|
12
|
-
const { ID_ATTRIBUTE, CREATED_AT_ATTRIBUTE, UPDATED_AT_ATTRIBUTE } = constants;
|
|
13
|
-
|
|
14
|
-
const sanitizeEntity = (dataSource, options) => {
|
|
15
|
-
const { model, withPrivate = false, isOutput = true, includeFields = null } = options;
|
|
16
|
-
|
|
17
|
-
if (typeof dataSource !== 'object' || _.isNil(dataSource)) {
|
|
18
|
-
return dataSource;
|
|
19
|
-
}
|
|
20
|
-
|
|
21
|
-
const data = parseOriginalData(dataSource);
|
|
22
|
-
|
|
23
|
-
if (typeof data !== 'object' || _.isNil(data)) {
|
|
24
|
-
return data;
|
|
25
|
-
}
|
|
26
|
-
|
|
27
|
-
if (_.isArray(data)) {
|
|
28
|
-
return data.map(entity => sanitizeEntity(entity, options));
|
|
29
|
-
}
|
|
30
|
-
|
|
31
|
-
if (_.isNil(model)) {
|
|
32
|
-
if (isOutput) {
|
|
33
|
-
return null;
|
|
34
|
-
} else {
|
|
35
|
-
return data;
|
|
36
|
-
}
|
|
37
|
-
}
|
|
38
|
-
|
|
39
|
-
const { attributes } = model;
|
|
40
|
-
const allowedFields = getAllowedFields({ includeFields, model, isOutput });
|
|
41
|
-
|
|
42
|
-
const reducerFn = (acc, value, key) => {
|
|
43
|
-
const attribute = attributes[key];
|
|
44
|
-
const allowedFieldsHasKey = allowedFields.includes(key);
|
|
45
|
-
|
|
46
|
-
if (shouldRemoveAttribute(model, key, attribute, { withPrivate, isOutput })) {
|
|
47
|
-
return acc;
|
|
48
|
-
}
|
|
49
|
-
|
|
50
|
-
// Relations
|
|
51
|
-
const relation = attribute && (attribute.model || attribute.collection || attribute.component);
|
|
52
|
-
if (relation) {
|
|
53
|
-
if (_.isNil(value)) {
|
|
54
|
-
return { ...acc, [key]: value };
|
|
55
|
-
}
|
|
56
|
-
|
|
57
|
-
const [nextFields, isAllowed] = includeFields
|
|
58
|
-
? getNextFields(allowedFields, key, { allowedFieldsHasKey })
|
|
59
|
-
: [null, true];
|
|
60
|
-
|
|
61
|
-
if (!isAllowed) {
|
|
62
|
-
return acc;
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
const baseOptions = {
|
|
66
|
-
withPrivate,
|
|
67
|
-
isOutput,
|
|
68
|
-
includeFields: nextFields,
|
|
69
|
-
};
|
|
70
|
-
|
|
71
|
-
let sanitizeFn;
|
|
72
|
-
if (relation === '*') {
|
|
73
|
-
sanitizeFn = entity => {
|
|
74
|
-
if (_.isNil(entity) || !_.has(entity, '__contentType')) {
|
|
75
|
-
return entity;
|
|
76
|
-
}
|
|
77
|
-
|
|
78
|
-
return sanitizeEntity(entity, {
|
|
79
|
-
model: strapi.getModel(entity.__contentType),
|
|
80
|
-
...baseOptions,
|
|
81
|
-
});
|
|
82
|
-
};
|
|
83
|
-
} else {
|
|
84
|
-
sanitizeFn = entity =>
|
|
85
|
-
sanitizeEntity(entity, {
|
|
86
|
-
model: strapi.getModel(relation, attribute.plugin),
|
|
87
|
-
...baseOptions,
|
|
88
|
-
});
|
|
89
|
-
}
|
|
90
|
-
|
|
91
|
-
const nextVal = Array.isArray(value) ? value.map(sanitizeFn) : sanitizeFn(value);
|
|
92
|
-
|
|
93
|
-
return { ...acc, [key]: nextVal };
|
|
94
|
-
}
|
|
95
|
-
|
|
96
|
-
const isAllowedField = !includeFields || allowedFieldsHasKey;
|
|
97
|
-
|
|
98
|
-
// Dynamic zones
|
|
99
|
-
if (attribute && attribute.type === 'dynamiczone' && value !== null && isAllowedField) {
|
|
100
|
-
const nextVal = value.map(elem =>
|
|
101
|
-
sanitizeEntity(elem, {
|
|
102
|
-
model: strapi.getModel(elem.__component),
|
|
103
|
-
withPrivate,
|
|
104
|
-
isOutput,
|
|
105
|
-
})
|
|
106
|
-
);
|
|
107
|
-
return { ...acc, [key]: nextVal };
|
|
108
|
-
}
|
|
109
|
-
|
|
110
|
-
// Other fields
|
|
111
|
-
if (isAllowedField) {
|
|
112
|
-
return { ...acc, [key]: value };
|
|
113
|
-
}
|
|
114
|
-
|
|
115
|
-
return acc;
|
|
116
|
-
};
|
|
117
|
-
|
|
118
|
-
return _.reduce(data, reducerFn, {});
|
|
119
|
-
};
|
|
120
|
-
|
|
121
|
-
const parseOriginalData = data => (_.isFunction(data.toJSON) ? data.toJSON() : data);
|
|
122
|
-
|
|
123
|
-
const COMPONENT_FIELDS = ['__component'];
|
|
124
|
-
const STATIC_FIELDS = [ID_ATTRIBUTE];
|
|
125
|
-
|
|
126
|
-
const getAllowedFields = ({ includeFields, model, isOutput }) => {
|
|
127
|
-
const nonWritableAttributes = getNonWritableAttributes(model);
|
|
128
|
-
const nonVisibleAttributes = getNonVisibleAttributes(model);
|
|
129
|
-
|
|
130
|
-
const writableAttributes = getWritableAttributes(model);
|
|
131
|
-
|
|
132
|
-
const nonVisibleWritableAttributes = _.intersection(writableAttributes, nonVisibleAttributes);
|
|
133
|
-
|
|
134
|
-
return _.concat(
|
|
135
|
-
includeFields || [],
|
|
136
|
-
...(isOutput
|
|
137
|
-
? [
|
|
138
|
-
STATIC_FIELDS,
|
|
139
|
-
CREATED_AT_ATTRIBUTE,
|
|
140
|
-
UPDATED_AT_ATTRIBUTE,
|
|
141
|
-
COMPONENT_FIELDS,
|
|
142
|
-
...nonWritableAttributes,
|
|
143
|
-
...nonVisibleAttributes,
|
|
144
|
-
]
|
|
145
|
-
: [STATIC_FIELDS, COMPONENT_FIELDS, ...nonVisibleWritableAttributes])
|
|
146
|
-
);
|
|
147
|
-
};
|
|
148
|
-
|
|
149
|
-
const getNextFields = (fields, key, { allowedFieldsHasKey }) => {
|
|
150
|
-
const searchStr = `${key}.`;
|
|
151
|
-
|
|
152
|
-
const transformedFields = (fields || [])
|
|
153
|
-
.filter(field => field.startsWith(searchStr))
|
|
154
|
-
.map(field => field.replace(searchStr, ''));
|
|
155
|
-
|
|
156
|
-
const isAllowed = allowedFieldsHasKey || transformedFields.length > 0;
|
|
157
|
-
const nextFields = allowedFieldsHasKey ? null : transformedFields;
|
|
158
|
-
|
|
159
|
-
return [nextFields, isAllowed];
|
|
160
|
-
};
|
|
161
|
-
|
|
162
|
-
const shouldRemoveAttribute = (model, key, attribute = {}, { withPrivate, isOutput }) => {
|
|
163
|
-
const isPassword = attribute.type === 'password';
|
|
164
|
-
const isPrivate = isPrivateAttribute(model, key);
|
|
165
|
-
|
|
166
|
-
const shouldRemovePassword = isOutput;
|
|
167
|
-
const shouldRemovePrivate = !withPrivate && isOutput;
|
|
168
|
-
|
|
169
|
-
return !!((isPassword && shouldRemovePassword) || (isPrivate && shouldRemovePrivate));
|
|
170
|
-
};
|
|
171
|
-
|
|
172
|
-
module.exports = sanitizeEntity;
|