npm - @strapi/utils - Versions diffs - 4.10.1 → 4.10.2-alpha.0 - Mend

@strapi/utils 4.10.1 → 4.10.2-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (164) hide show

package/dist/async.d.ts +15 -0
package/dist/async.js +33 -0
package/dist/async.js.map +1 -0
package/dist/code-generator.d.ts +2 -0
package/dist/code-generator.js +11 -0
package/dist/code-generator.js.map +1 -0
package/dist/config.d.ts +8 -0
package/dist/config.js +79 -0
package/dist/config.js.map +1 -0
package/dist/content-types.d.ts +60 -0
package/dist/content-types.js +143 -0
package/dist/content-types.js.map +1 -0
package/dist/env-helper.d.ts +2 -0
package/dist/env-helper.js +83 -0
package/dist/env-helper.js.map +1 -0
package/dist/errors.d.ts +37 -0
package/dist/errors.js +100 -0
package/dist/errors.js.map +1 -0
package/dist/file.d.ts +16 -0
package/dist/file.js +54 -0
package/dist/file.js.map +1 -0
package/dist/format-yup-error.d.ts +10 -0
package/dist/format-yup-error.js +17 -0
package/dist/format-yup-error.js.map +1 -0
package/dist/hooks.d.ts +92 -0
package/dist/hooks.js +89 -0
package/dist/hooks.js.map +1 -0
package/dist/import-default.d.ts +2 -0
package/dist/import-default.js +7 -0
package/dist/import-default.js.map +1 -0
package/dist/index.d.ts +30 -0
package/dist/index.js +82 -0
package/dist/index.js.map +1 -0
package/dist/object-formatting.d.ts +3 -0
package/dist/object-formatting.js +14 -0
package/dist/object-formatting.js.map +1 -0
package/dist/pagination.d.ts +14 -0
package/dist/pagination.js +80 -0
package/dist/pagination.js.map +1 -0
package/dist/parse-multipart.d.ts +8 -0
package/dist/parse-multipart.js +36 -0
package/dist/parse-multipart.js.map +1 -0
package/dist/parse-type.d.ts +1 -0
package/dist/parse-type.js +95 -0
package/dist/parse-type.js.map +1 -0
package/dist/policy.d.ts +41 -0
package/dist/policy.js +109 -0
package/dist/policy.js.map +1 -0
package/dist/print-value.d.ts +2 -0
package/dist/print-value.js +50 -0
package/dist/print-value.js.map +1 -0
package/dist/provider-factory.d.ts +84 -0
package/dist/provider-factory.js +87 -0
package/dist/provider-factory.js.map +1 -0
package/dist/relations.d.ts +10 -0
package/dist/relations.js +23 -0
package/dist/relations.js.map +1 -0
package/dist/sanitize/index.d.ts +28 -0
package/dist/sanitize/index.js +135 -0
package/dist/sanitize/index.js.map +1 -0
package/dist/sanitize/sanitizers.d.ts +10 -0
package/dist/sanitize/sanitizers.js +106 -0
package/dist/sanitize/sanitizers.js.map +1 -0
package/dist/sanitize/visitors/allowed-fields.d.ts +3 -0
package/dist/sanitize/visitors/allowed-fields.js +83 -0
package/dist/sanitize/visitors/allowed-fields.js.map +1 -0
package/dist/sanitize/visitors/index.d.ts +7 -0
package/dist/sanitize/visitors/index.js +21 -0
package/dist/sanitize/visitors/index.js.map +1 -0
package/dist/sanitize/visitors/remove-dynamic-zones.d.ts +3 -0
package/dist/sanitize/visitors/remove-dynamic-zones.js +10 -0
package/dist/sanitize/visitors/remove-dynamic-zones.js.map +1 -0
package/dist/sanitize/visitors/remove-morph-to-relations.d.ts +3 -0
package/dist/sanitize/visitors/remove-morph-to-relations.js +10 -0
package/dist/sanitize/visitors/remove-morph-to-relations.js.map +1 -0
package/dist/sanitize/visitors/remove-password.d.ts +3 -0
package/dist/sanitize/visitors/remove-password.js +9 -0
package/dist/sanitize/visitors/remove-password.js.map +1 -0
package/dist/sanitize/visitors/remove-private.d.ts +3 -0
package/dist/sanitize/visitors/remove-private.js +14 -0
package/dist/sanitize/visitors/remove-private.js.map +1 -0
package/dist/sanitize/visitors/remove-restricted-relations.d.ts +3 -0
package/dist/sanitize/visitors/remove-restricted-relations.js +88 -0
package/dist/sanitize/visitors/remove-restricted-relations.js.map +1 -0
package/dist/sanitize/visitors/restricted-fields.d.ts +3 -0
package/dist/sanitize/visitors/restricted-fields.js +25 -0
package/dist/sanitize/visitors/restricted-fields.js.map +1 -0
package/dist/set-creator-fields.d.ts +9 -0
package/dist/set-creator-fields.js +37 -0
package/dist/set-creator-fields.js.map +1 -0
package/dist/string-formatting.d.ts +16 -0
package/dist/string-formatting.js +85 -0
package/dist/string-formatting.js.map +1 -0
package/dist/template-configuration.d.ts +5 -0
package/dist/template-configuration.js +28 -0
package/dist/template-configuration.js.map +1 -0
package/dist/template.d.ts +9 -0
package/dist/template.js +20 -0
package/dist/template.js.map +1 -0
package/dist/traverse/factory.d.ts +13 -0
package/dist/traverse/factory.js +126 -0
package/dist/traverse/factory.js.map +1 -0
package/dist/traverse/index.d.ts +5 -0
package/dist/traverse/index.js +17 -0
package/dist/traverse/index.js.map +1 -0
package/dist/traverse/query-fields.d.ts +3 -0
package/dist/traverse/query-fields.js +35 -0
package/dist/traverse/query-fields.js.map +1 -0
package/dist/traverse/query-filters.d.ts +3 -0
package/dist/traverse/query-filters.js +73 -0
package/dist/traverse/query-filters.js.map +1 -0
package/dist/traverse/query-populate.d.ts +3 -0
package/dist/traverse/query-populate.js +140 -0
package/dist/traverse/query-populate.js.map +1 -0
package/dist/traverse/query-sort.d.ts +3 -0
package/dist/traverse/query-sort.js +114 -0
package/dist/traverse/query-sort.js.map +1 -0
package/dist/traverse-entity.d.ts +33 -0
package/dist/traverse-entity.js +134 -0
package/dist/traverse-entity.js.map +1 -0
package/dist/types.d.ts +57 -0
package/dist/types.js +4 -0
package/dist/types.js.map +1 -0
package/dist/validators.d.ts +5 -0
package/dist/validators.js +110 -0
package/dist/validators.js.map +1 -0
package/dist/webhook.d.ts +10 -0
package/dist/webhook.js +14 -0
package/dist/webhook.js.map +1 -0
package/index.d.ts +5 -3
package/package.json +2 -2
package/coverage/clover.xml +0 -638
package/coverage/coverage-final.json +0 -24
package/coverage/lcov-report/base.css +0 -224
package/coverage/lcov-report/block-navigation.js +0 -87
package/coverage/lcov-report/favicon.png +0 -0
package/coverage/lcov-report/index.html +0 -146
package/coverage/lcov-report/lib/async.js.html +0 -223
package/coverage/lcov-report/lib/content-types.js.html +0 -643
package/coverage/lcov-report/lib/env-helper.js.html +0 -319
package/coverage/lcov-report/lib/errors.js.html +0 -397
package/coverage/lcov-report/lib/format-yup-error.js.html +0 -145
package/coverage/lcov-report/lib/hooks.js.html +0 -415
package/coverage/lcov-report/lib/import-default.js.html +0 -115
package/coverage/lcov-report/lib/index.html +0 -326
package/coverage/lcov-report/lib/pagination.js.html +0 -382
package/coverage/lcov-report/lib/parse-type.js.html +0 -385
package/coverage/lcov-report/lib/policy.js.html +0 -472
package/coverage/lcov-report/lib/print-value.js.html +0 -241
package/coverage/lcov-report/lib/provider-factory.js.html +0 -433
package/coverage/lcov-report/lib/relations.js.html +0 -178
package/coverage/lcov-report/lib/sanitize/visitors/allowed-fields.js.html +0 -367
package/coverage/lcov-report/lib/sanitize/visitors/index.html +0 -191
package/coverage/lcov-report/lib/sanitize/visitors/index.js.html +0 -112
package/coverage/lcov-report/lib/sanitize/visitors/remove-password.js.html +0 -106
package/coverage/lcov-report/lib/sanitize/visitors/remove-private.js.html +0 -118
package/coverage/lcov-report/lib/sanitize/visitors/remove-restricted-relations.js.html +0 -316
package/coverage/lcov-report/lib/sanitize/visitors/restricted-fields.js.html +0 -181
package/coverage/lcov-report/lib/string-formatting.js.html +0 -322
package/coverage/lcov-report/lib/validators.js.html +0 -445
package/coverage/lcov-report/prettify.css +0 -1
package/coverage/lcov-report/prettify.js +0 -2
package/coverage/lcov-report/sort-arrow-sprite.png +0 -0
package/coverage/lcov-report/sorter.js +0 -196

package/dist/sanitize/index.js ADDED Viewed

@@ -0,0 +1,135 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const fp_1 = require("lodash/fp");
+const content_types_1 = require("../content-types");
+const async_1 = require("../async");
+const visitors = __importStar(require("./visitors"));
+const sanitizers = __importStar(require("./sanitizers"));
+const traverse_entity_1 = __importDefault(require("../traverse-entity"));
+const traverse_1 = require("../traverse");
+const createContentAPISanitizers = () => {
+    const sanitizeInput = (data, schema, { auth } = {}) => {
+        if ((0, fp_1.isArray)(data)) {
+            return Promise.all(data.map((entry) => sanitizeInput(entry, schema, { auth })));
+        }
+        const nonWritableAttributes = (0, content_types_1.getNonWritableAttributes)(schema);
+        const transforms = [
+            // Remove non writable attributes
+            (0, traverse_entity_1.default)(visitors.restrictedFields(nonWritableAttributes), { schema }),
+        ];
+        if (auth) {
+            // Remove restricted relations
+            transforms.push((0, traverse_entity_1.default)(visitors.removeRestrictedRelations(auth), { schema }));
+        }
+        // Apply sanitizers from registry if exists
+        strapi.sanitizers
+            .get('content-api.input')
+            .forEach((sanitizer) => transforms.push(sanitizer(schema)));
+        return (0, async_1.pipeAsync)(...transforms)(data);
+    };
+    const sanitizeOutput = async (data, schema, { auth } = {}) => {
+        if ((0, fp_1.isArray)(data)) {
+            const res = new Array(data.length);
+            for (let i = 0; i < data.length; i += 1) {
+                res[i] = await sanitizeOutput(data[i], schema, { auth });
+            }
+            return res;
+        }
+        const transforms = [(data) => sanitizers.defaultSanitizeOutput(schema, data)];
+        if (auth) {
+            transforms.push((0, traverse_entity_1.default)(visitors.removeRestrictedRelations(auth), { schema }));
+        }
+        // Apply sanitizers from registry if exists
+        strapi.sanitizers
+            .get('content-api.output')
+            .forEach((sanitizer) => transforms.push(sanitizer(schema)));
+        return (0, async_1.pipeAsync)(...transforms)(data);
+    };
+    const sanitizeQuery = async (query, schema, { auth } = {}) => {
+        const { filters, sort, fields, populate } = query;
+        const sanitizedQuery = (0, fp_1.cloneDeep)(query);
+        if (filters) {
+            Object.assign(sanitizedQuery, { filters: await sanitizeFilters(filters, schema, { auth }) });
+        }
+        if (sort) {
+            Object.assign(sanitizedQuery, { sort: await sanitizeSort(sort, schema, { auth }) });
+        }
+        if (fields) {
+            Object.assign(sanitizedQuery, { fields: await sanitizeFields(fields, schema) });
+        }
+        if (populate) {
+            Object.assign(sanitizedQuery, { populate: await sanitizePopulate(populate, schema) });
+        }
+        return sanitizedQuery;
+    };
+    const sanitizeFilters = (filters, schema, { auth } = {}) => {
+        if ((0, fp_1.isArray)(filters)) {
+            return Promise.all(filters.map((filter) => sanitizeFilters(filter, schema, { auth })));
+        }
+        const transforms = [sanitizers.defaultSanitizeFilters(schema)];
+        if (auth) {
+            transforms.push((0, traverse_1.traverseQueryFilters)(visitors.removeRestrictedRelations(auth), { schema }));
+        }
+        return (0, async_1.pipeAsync)(...transforms)(filters);
+    };
+    const sanitizeSort = (sort, schema, { auth } = {}) => {
+        const transforms = [sanitizers.defaultSanitizeSort(schema)];
+        if (auth) {
+            transforms.push((0, traverse_1.traverseQuerySort)(visitors.removeRestrictedRelations(auth), { schema }));
+        }
+        return (0, async_1.pipeAsync)(...transforms)(sort);
+    };
+    const sanitizeFields = (fields, schema) => {
+        const transforms = [sanitizers.defaultSanitizeFields(schema)];
+        return (0, async_1.pipeAsync)(...transforms)(fields);
+    };
+    const sanitizePopulate = (populate, schema, { auth } = {}) => {
+        const transforms = [sanitizers.defaultSanitizePopulate(schema)];
+        if (auth) {
+            transforms.push((0, traverse_1.traverseQueryPopulate)(visitors.removeRestrictedRelations(auth), { schema }));
+        }
+        return (0, async_1.pipeAsync)(...transforms)(populate);
+    };
+    return {
+        input: sanitizeInput,
+        output: sanitizeOutput,
+        query: sanitizeQuery,
+        filters: sanitizeFilters,
+        sort: sanitizeSort,
+        fields: sanitizeFields,
+        populate: sanitizePopulate,
+    };
+};
+const contentAPI = createContentAPISanitizers();
+exports.default = {
+    contentAPI,
+    sanitizers,
+    visitors,
+};
+//# sourceMappingURL=index.js.map

package/dist/sanitize/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sanitize/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,kCAA+C;AAE/C,oDAA4D;AAC5D,oCAAqC;AAErC,qDAAuC;AACvC,yDAA2C;AAC3C,yEAAgD;AAEhD,0CAA6F;AAE7F,MAAM,0BAA0B,GAAG,GAAG,EAAE;IACtC,MAAM,aAAa,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QACpD,IAAI,IAAA,YAAO,EAAC,IAAI,CAAC,EAAE;YACjB,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;SACjF;QAED,MAAM,qBAAqB,GAAG,IAAA,wCAAwB,EAAC,MAAM,CAAC,CAAC;QAE/D,MAAM,UAAU,GAAG;YACjB,iCAAiC;YACjC,IAAA,yBAAc,EAAC,QAAQ,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC;SAC7E,CAAC;QAEF,IAAI,IAAI,EAAE;YACR,8BAA8B;YAC9B,UAAU,CAAC,IAAI,CAAC,IAAA,yBAAc,EAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;SACvF;QAED,2CAA2C;QAC3C,MAAM,CAAC,UAAU;aACd,GAAG,CAAC,mBAAmB,CAAC;aACxB,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAE9D,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC,CAAC;IAEF,MAAM,cAAc,GAAG,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QAC3D,IAAI,IAAA,YAAO,EAAC,IAAI,CAAC,EAAE;YACjB,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;gBACvC,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;aAC1D;YACD,OAAO,GAAG,CAAC;SACZ;QAED,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;QAE9E,IAAI,IAAI,EAAE;YACR,UAAU,CAAC,IAAI,CAAC,IAAA,yBAAc,EAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;SACvF;QAED,2CAA2C;QAC3C,MAAM,CAAC,UAAU;aACd,GAAG,CAAC,oBAAoB,CAAC;aACzB,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAE9D,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC,CAAC;IAEF,MAAM,aAAa,GAAG,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QAC3D,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QAElD,MAAM,cAAc,GAAG,IAAA,cAAS,EAAC,KAAK,CAAC,CAAC;QAExC,IAAI,OAAO,EAAE;YACX,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;SAC9F;QAED,IAAI,IAAI,EAAE;YACR,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;SACrF;QAED,IAAI,MAAM,EAAE;YACV,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;SACjF;QAED,IAAI,QAAQ,EAAE;YACZ,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;SACvF;QAED,OAAO,cAAc,CAAC;IACxB,CAAC,CAAC;IAEF,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QACzD,IAAI,IAAA,YAAO,EAAC,OAAO,CAAC,EAAE;YACpB,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;SACxF;QAED,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,CAAC;QAE/D,IAAI,IAAI,EAAE;YACR,UAAU,CAAC,IAAI,CAAC,IAAA,+BAAoB,EAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;SAC7F;QAED,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC,CAAC;IAEF,MAAM,YAAY,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QACnD,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;QAE5D,IAAI,IAAI,EAAE;YACR,UAAU,CAAC,IAAI,CAAC,IAAA,4BAAiB,EAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;SAC1F;QAED,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC,CAAC;IAEF,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE;QACxC,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC;QAE9D,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC,CAAC;IAEF,MAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QAC3D,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC,CAAC;QAEhE,IAAI,IAAI,EAAE;YACR,UAAU,CAAC,IAAI,CAAC,IAAA,gCAAqB,EAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;SAC9F;QAED,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC5C,CAAC,CAAC;IAEF,OAAO;QACL,KAAK,EAAE,aAAa;QACpB,MAAM,EAAE,cAAc;QACtB,KAAK,EAAE,aAAa;QACpB,OAAO,EAAE,eAAe;QACxB,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,cAAc;QACtB,QAAQ,EAAE,gBAAgB;KAC3B,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,0BAA0B,EAAE,CAAC;AAEhD,kBAAe;IACb,UAAU;IACV,UAAU;IACV,QAAQ;CACT,CAAC"}

package/dist/sanitize/sanitizers.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/// <reference types="lodash" />
+import { Data } from '../traverse-entity';
+import type { Model } from '../types';
+declare const sanitizePasswords: (schema: Model) => (entity: Data) => Promise<Data>;
+declare const defaultSanitizeOutput: (schema: Model, entity: Data) => Promise<Data>;
+declare const defaultSanitizeFilters: import("lodash").CurriedFunction2<Model, any, Promise<unknown>>;
+declare const defaultSanitizeSort: import("lodash").CurriedFunction2<Model, any, Promise<unknown>>;
+declare const defaultSanitizeFields: import("lodash").CurriedFunction2<Model, any, Promise<unknown>>;
+declare const defaultSanitizePopulate: import("lodash").CurriedFunction2<Model, any, Promise<unknown>>;
+export { sanitizePasswords, defaultSanitizeOutput, defaultSanitizeFilters, defaultSanitizeSort, defaultSanitizeFields, defaultSanitizePopulate, };

package/dist/sanitize/sanitizers.js ADDED Viewed

@@ -0,0 +1,106 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultSanitizePopulate = exports.defaultSanitizeFields = exports.defaultSanitizeSort = exports.defaultSanitizeFilters = exports.defaultSanitizeOutput = exports.sanitizePasswords = void 0;
+const fp_1 = require("lodash/fp");
+const async_1 = require("../async");
+const traverse_entity_1 = __importDefault(require("../traverse-entity"));
+const content_types_1 = require("../content-types");
+const traverse_1 = require("../traverse");
+const visitors_1 = require("./visitors");
+const sanitizePasswords = (schema) => async (entity) => {
+    return (0, traverse_entity_1.default)(visitors_1.removePassword, { schema }, entity);
+};
+exports.sanitizePasswords = sanitizePasswords;
+const defaultSanitizeOutput = async (schema, entity) => {
+    return (0, traverse_entity_1.default)((...args) => {
+        (0, visitors_1.removePassword)(...args);
+        (0, visitors_1.removePrivate)(...args);
+    }, { schema }, entity);
+};
+exports.defaultSanitizeOutput = defaultSanitizeOutput;
+const defaultSanitizeFilters = (0, fp_1.curry)((schema, filters) => {
+    return (0, async_1.pipeAsync)(
+    // Remove dynamic zones from filters
+    (0, traverse_1.traverseQueryFilters)(visitors_1.removeDynamicZones, { schema }),
+    // Remove morpTo relations from filters
+    (0, traverse_1.traverseQueryFilters)(visitors_1.removeMorphToRelations, { schema }),
+    // Remove passwords from filters
+    (0, traverse_1.traverseQueryFilters)(visitors_1.removePassword, { schema }),
+    // Remove private from filters
+    (0, traverse_1.traverseQueryFilters)(visitors_1.removePrivate, { schema }),
+    // Remove empty objects
+    (0, traverse_1.traverseQueryFilters)(({ key, value }, { remove }) => {
+        if ((0, fp_1.isObject)(value) && (0, fp_1.isEmpty)(value)) {
+            remove(key);
+        }
+    }, { schema }))(filters);
+});
+exports.defaultSanitizeFilters = defaultSanitizeFilters;
+const defaultSanitizeSort = (0, fp_1.curry)((schema, sort) => {
+    return (0, async_1.pipeAsync)(
+    // Remove non attribute keys
+    (0, traverse_1.traverseQuerySort)(({ key, attribute }, { remove }) => {
+        // ID is not an attribute per se, so we need to make
+        // an extra check to ensure we're not removing it
+        if (key === 'id') {
+            return;
+        }
+        if (!attribute) {
+            remove(key);
+        }
+    }, { schema }),
+    // Remove dynamic zones from sort
+    (0, traverse_1.traverseQuerySort)(visitors_1.removeDynamicZones, { schema }),
+    // Remove morpTo relations from sort
+    (0, traverse_1.traverseQuerySort)(visitors_1.removeMorphToRelations, { schema }),
+    // Remove private from sort
+    (0, traverse_1.traverseQuerySort)(visitors_1.removePrivate, { schema }),
+    // Remove passwords from filters
+    (0, traverse_1.traverseQuerySort)(visitors_1.removePassword, { schema }),
+    // Remove keys for empty non-scalar values
+    (0, traverse_1.traverseQuerySort)(({ key, attribute, value }, { remove }) => {
+        if (!(0, content_types_1.isScalarAttribute)(attribute) && (0, fp_1.isEmpty)(value)) {
+            remove(key);
+        }
+    }, { schema }))(sort);
+});
+exports.defaultSanitizeSort = defaultSanitizeSort;
+const defaultSanitizeFields = (0, fp_1.curry)((schema, fields) => {
+    return (0, async_1.pipeAsync)(
+    // Only keep scalar attributes
+    (0, traverse_1.traverseQueryFields)(({ key, attribute }, { remove }) => {
+        if ((0, fp_1.isNil)(attribute) || !(0, content_types_1.isScalarAttribute)(attribute)) {
+            remove(key);
+        }
+    }, { schema }),
+    // Remove private fields
+    (0, traverse_1.traverseQueryFields)(visitors_1.removePrivate, { schema }),
+    // Remove password fields
+    (0, traverse_1.traverseQueryFields)(visitors_1.removePassword, { schema }),
+    // Remove nil values from fields array
+    (value) => ((0, fp_1.isArray)(value) ? value.filter((field) => !(0, fp_1.isNil)(field)) : value))(fields);
+});
+exports.defaultSanitizeFields = defaultSanitizeFields;
+const defaultSanitizePopulate = (0, fp_1.curry)((schema, populate) => {
+    return (0, async_1.pipeAsync)((0, traverse_1.traverseQueryPopulate)(async ({ key, value, schema, attribute }, { set }) => {
+        if (attribute) {
+            return;
+        }
+        if (key === 'sort') {
+            set(key, await defaultSanitizeSort(schema, value));
+        }
+        if (key === 'filters') {
+            set(key, await defaultSanitizeFilters(schema, value));
+        }
+        if (key === 'fields') {
+            set(key, await defaultSanitizeFields(schema, value));
+        }
+    }, { schema }),
+    // Remove private fields
+    (0, traverse_1.traverseQueryPopulate)(visitors_1.removePrivate, { schema }))(populate);
+});
+exports.defaultSanitizePopulate = defaultSanitizePopulate;
+//# sourceMappingURL=sanitizers.js.map

package/dist/sanitize/sanitizers.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sanitizers.js","sourceRoot":"","sources":["../../src/sanitize/sanitizers.ts"],"names":[],"mappings":";;;;;;AAAA,kCAAqE;AAErE,oCAAqC;AACrC,yEAA0D;AAC1D,oDAAqD;AAErD,0CAKqB;AAErB,yCAKoB;AAIpB,MAAM,iBAAiB,GAAG,CAAC,MAAa,EAAE,EAAE,CAAC,KAAK,EAAE,MAAY,EAAE,EAAE;IAClE,OAAO,IAAA,yBAAc,EAAC,yBAAc,EAAE,EAAE,MAAM,EAAE,EAAE,MAAM,CAAC,CAAC;AAC5D,CAAC,CAAC;AAwHA,8CAAiB;AAtHnB,MAAM,qBAAqB,GAAG,KAAK,EAAE,MAAa,EAAE,MAAY,EAAE,EAAE;IAClE,OAAO,IAAA,yBAAc,EACnB,CAAC,GAAG,IAAI,EAAE,EAAE;QACV,IAAA,yBAAc,EAAC,GAAG,IAAI,CAAC,CAAC;QACxB,IAAA,wBAAa,EAAC,GAAG,IAAI,CAAC,CAAC;IACzB,CAAC,EACD,EAAE,MAAM,EAAE,EACV,MAAM,CACP,CAAC;AACJ,CAAC,CAAC;AA8GA,sDAAqB;AA5GvB,MAAM,sBAAsB,GAAG,IAAA,UAAK,EAAC,CAAC,MAAa,EAAE,OAAO,EAAE,EAAE;IAC9D,OAAO,IAAA,iBAAS;IACd,oCAAoC;IACpC,IAAA,+BAAoB,EAAC,6BAAkB,EAAE,EAAE,MAAM,EAAE,CAAC;IACpD,uCAAuC;IACvC,IAAA,+BAAoB,EAAC,iCAAsB,EAAE,EAAE,MAAM,EAAE,CAAC;IACxD,gCAAgC;IAChC,IAAA,+BAAoB,EAAC,yBAAc,EAAE,EAAE,MAAM,EAAE,CAAC;IAChD,8BAA8B;IAC9B,IAAA,+BAAoB,EAAC,wBAAa,EAAE,EAAE,MAAM,EAAE,CAAC;IAC/C,uBAAuB;IACvB,IAAA,+BAAoB,EAClB,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QAC7B,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,IAAI,IAAA,YAAO,EAAC,KAAK,CAAC,EAAE;YACrC,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX,CACF,CAAC,OAAO,CAAC,CAAC;AACb,CAAC,CAAC,CAAC;AAyFD,wDAAsB;AAvFxB,MAAM,mBAAmB,GAAG,IAAA,UAAK,EAAC,CAAC,MAAa,EAAE,IAAI,EAAE,EAAE;IACxD,OAAO,IAAA,iBAAS;IACd,4BAA4B;IAC5B,IAAA,4BAAiB,EACf,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QACjC,oDAAoD;QACpD,iDAAiD;QACjD,IAAI,GAAG,KAAK,IAAI,EAAE;YAChB,OAAO;SACR;QAED,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX;IACD,iCAAiC;IACjC,IAAA,4BAAiB,EAAC,6BAAkB,EAAE,EAAE,MAAM,EAAE,CAAC;IACjD,oCAAoC;IACpC,IAAA,4BAAiB,EAAC,iCAAsB,EAAE,EAAE,MAAM,EAAE,CAAC;IACrD,2BAA2B;IAC3B,IAAA,4BAAiB,EAAC,wBAAa,EAAE,EAAE,MAAM,EAAE,CAAC;IAC5C,gCAAgC;IAChC,IAAA,4BAAiB,EAAC,yBAAc,EAAE,EAAE,MAAM,EAAE,CAAC;IAC7C,0CAA0C;IAC1C,IAAA,4BAAiB,EACf,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QACxC,IAAI,CAAC,IAAA,iCAAiB,EAAC,SAAS,CAAC,IAAI,IAAA,YAAO,EAAC,KAAK,CAAC,EAAE;YACnD,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX,CACF,CAAC,IAAI,CAAC,CAAC;AACV,CAAC,CAAC,CAAC;AAqDD,kDAAmB;AAnDrB,MAAM,qBAAqB,GAAG,IAAA,UAAK,EAAC,CAAC,MAAa,EAAE,MAAM,EAAE,EAAE;IAC5D,OAAO,IAAA,iBAAS;IACd,8BAA8B;IAC9B,IAAA,8BAAmB,EACjB,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QACjC,IAAI,IAAA,UAAK,EAAC,SAAS,CAAC,IAAI,CAAC,IAAA,iCAAiB,EAAC,SAAS,CAAC,EAAE;YACrD,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX;IACD,wBAAwB;IACxB,IAAA,8BAAmB,EAAC,wBAAa,EAAE,EAAE,MAAM,EAAE,CAAC;IAC9C,yBAAyB;IACzB,IAAA,8BAAmB,EAAC,yBAAc,EAAE,EAAE,MAAM,EAAE,CAAC;IAC/C,sCAAsC;IACtC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAA,YAAO,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAA,UAAK,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAC7E,CAAC,MAAM,CAAC,CAAC;AACZ,CAAC,CAAC,CAAC;AAkCD,sDAAqB;AAhCvB,MAAM,uBAAuB,GAAG,IAAA,UAAK,EAAC,CAAC,MAAa,EAAE,QAAQ,EAAE,EAAE;IAChE,OAAO,IAAA,iBAAS,EACd,IAAA,gCAAqB,EACnB,KAAK,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QACnD,IAAI,SAAS,EAAE;YACb,OAAO;SACR;QAED,IAAI,GAAG,KAAK,MAAM,EAAE;YAClB,GAAG,CAAC,GAAG,EAAE,MAAM,mBAAmB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;SACpD;QAED,IAAI,GAAG,KAAK,SAAS,EAAE;YACrB,GAAG,CAAC,GAAG,EAAE,MAAM,sBAAsB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;SACvD;QAED,IAAI,GAAG,KAAK,QAAQ,EAAE;YACpB,GAAG,CAAC,GAAG,EAAE,MAAM,qBAAqB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;SACtD;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX;IACD,wBAAwB;IACxB,IAAA,gCAAqB,EAAC,wBAAa,EAAE,EAAE,MAAM,EAAE,CAAC,CACjD,CAAC,QAAQ,CAAC,CAAC;AACd,CAAC,CAAC,CAAC;AAQD,0DAAuB"}

package/dist/sanitize/visitors/allowed-fields.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { Visitor } from '../../traverse-entity';
+declare const _default: (allowedFields?: string[] | null) => Visitor;
+export default _default;

package/dist/sanitize/visitors/allowed-fields.js ADDED Viewed

@@ -0,0 +1,83 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const fp_1 = require("lodash/fp");
+exports.default = (allowedFields = null) => ({ key, path: { attribute: path } }, { remove }) => {
+    // All fields are allowed
+    if (allowedFields === null) {
+        return;
+    }
+    // Ignore invalid formats
+    if (!(0, fp_1.isArray)(allowedFields)) {
+        return;
+    }
+    if ((0, fp_1.isNil)(path)) {
+        return;
+    }
+    const containedPaths = getContainedPaths(path);
+    /**
+     * Tells if the current path should be kept or not based
+     * on the success of the check functions for any of the allowed paths.
+     *
+     * The check functions are defined as follow:
+     *
+     * `containedPaths.includes(p)`
+     * @example
+     * ```js
+     * const path = 'foo.bar.field';
+     * const p = 'foo.bar';
+     * // it should match
+     *
+     * const path = 'foo.bar.field';
+     * const p = 'bar.foo';
+     * // it shouldn't match
+     *
+     * const path = 'foo.bar';
+     * const p = 'foo.bar.field';
+     * // it should match but isn't handled by this check
+     * ```
+     *
+     * `p.startsWith(`${path}.`)`
+     * @example
+     * ```js
+     * const path = 'foo.bar';
+     * const p = 'foo.bar.field';
+     * // it should match
+     *
+     * const path = 'foo.bar.field';
+     * const p = 'bar.foo';
+     * // it shouldn't match
+     *
+     * const path = 'foo.bar.field';
+     * const p = 'foo.bar';
+     * // it should match but isn't handled by this check
+     * ```
+     */
+    const isPathAllowed = allowedFields.some((p) => containedPaths.includes(p) || p.startsWith(`${path}.`));
+    if (isPathAllowed) {
+        return;
+    }
+    // Remove otherwise
+    remove(key);
+};
+/**
+ * Retrieve the list of allowed paths based on the given path
+ *
+ * @example
+ * ```js
+ * const containedPaths = getContainedPaths('foo');
+ * // ['foo']
+ *
+ *  * const containedPaths = getContainedPaths('foo.bar');
+ * // ['foo', 'foo.bar']
+ *
+ *  * const containedPaths = getContainedPaths('foo.bar.field');
+ * // ['foo', 'foo.bar', 'foo.bar.field']
+ * ```
+ */
+const getContainedPaths = (path) => {
+    const parts = (0, fp_1.toPath)(path);
+    return parts.reduce((acc, value, index, list) => {
+        return [...acc, list.slice(0, index + 1).join('.')];
+    }, []);
+};
+//# sourceMappingURL=allowed-fields.js.map

package/dist/sanitize/visitors/allowed-fields.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"allowed-fields.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/allowed-fields.ts"],"names":[],"mappings":";;AAAA,kCAAmD;AAGnD,kBAAe,CAAC,gBAAiC,IAAI,EAAW,EAAE,CAChE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IACjD,yBAAyB;IACzB,IAAI,aAAa,KAAK,IAAI,EAAE;QAC1B,OAAO;KACR;IAED,yBAAyB;IACzB,IAAI,CAAC,IAAA,YAAO,EAAC,aAAa,CAAC,EAAE;QAC3B,OAAO;KACR;IAED,IAAI,IAAA,UAAK,EAAC,IAAI,CAAC,EAAE;QACf,OAAO;KACR;IAED,MAAM,cAAc,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAE/C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAqCG;IACH,MAAM,aAAa,GAAG,aAAa,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,CAC9D,CAAC;IAEF,IAAI,aAAa,EAAE;QACjB,OAAO;KACR;IAED,mBAAmB;IACnB,MAAM,CAAC,GAAG,CAAC,CAAC;AACd,CAAC,CAAC;AAEJ;;;;;;;;;;;;;;GAcG;AACH,MAAM,iBAAiB,GAAG,CAAC,IAAY,EAAE,EAAE;IACzC,MAAM,KAAK,GAAG,IAAA,WAAM,EAAC,IAAI,CAAC,CAAC;IAE3B,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAC9C,OAAO,CAAC,GAAG,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACtD,CAAC,EAAE,EAAc,CAAC,CAAC;AACrB,CAAC,CAAC"}

package/dist/sanitize/visitors/index.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+export { default as removePassword } from './remove-password';
+export { default as removePrivate } from './remove-private';
+export { default as removeRestrictedRelations } from './remove-restricted-relations';
+export { default as removeMorphToRelations } from './remove-morph-to-relations';
+export { default as removeDynamicZones } from './remove-dynamic-zones';
+export { default as allowedFields } from './allowed-fields';
+export { default as restrictedFields } from './restricted-fields';

package/dist/sanitize/visitors/index.js ADDED Viewed

@@ -0,0 +1,21 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.restrictedFields = exports.allowedFields = exports.removeDynamicZones = exports.removeMorphToRelations = exports.removeRestrictedRelations = exports.removePrivate = exports.removePassword = void 0;
+var remove_password_1 = require("./remove-password");
+Object.defineProperty(exports, "removePassword", { enumerable: true, get: function () { return __importDefault(remove_password_1).default; } });
+var remove_private_1 = require("./remove-private");
+Object.defineProperty(exports, "removePrivate", { enumerable: true, get: function () { return __importDefault(remove_private_1).default; } });
+var remove_restricted_relations_1 = require("./remove-restricted-relations");
+Object.defineProperty(exports, "removeRestrictedRelations", { enumerable: true, get: function () { return __importDefault(remove_restricted_relations_1).default; } });
+var remove_morph_to_relations_1 = require("./remove-morph-to-relations");
+Object.defineProperty(exports, "removeMorphToRelations", { enumerable: true, get: function () { return __importDefault(remove_morph_to_relations_1).default; } });
+var remove_dynamic_zones_1 = require("./remove-dynamic-zones");
+Object.defineProperty(exports, "removeDynamicZones", { enumerable: true, get: function () { return __importDefault(remove_dynamic_zones_1).default; } });
+var allowed_fields_1 = require("./allowed-fields");
+Object.defineProperty(exports, "allowedFields", { enumerable: true, get: function () { return __importDefault(allowed_fields_1).default; } });
+var restricted_fields_1 = require("./restricted-fields");
+Object.defineProperty(exports, "restrictedFields", { enumerable: true, get: function () { return __importDefault(restricted_fields_1).default; } });
+//# sourceMappingURL=index.js.map

package/dist/sanitize/visitors/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/index.ts"],"names":[],"mappings":";;;;;;AAAA,qDAA8D;AAArD,kIAAA,OAAO,OAAkB;AAClC,mDAA4D;AAAnD,gIAAA,OAAO,OAAiB;AACjC,6EAAqF;AAA5E,yJAAA,OAAO,OAA6B;AAC7C,yEAAgF;AAAvE,oJAAA,OAAO,OAA0B;AAC1C,+DAAuE;AAA9D,2IAAA,OAAO,OAAsB;AACtC,mDAA4D;AAAnD,gIAAA,OAAO,OAAiB;AACjC,yDAAkE;AAAzD,sIAAA,OAAO,OAAoB"}

package/dist/sanitize/visitors/remove-dynamic-zones.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse-entity';
+declare const visitor: Visitor;
+export default visitor;

package/dist/sanitize/visitors/remove-dynamic-zones.js ADDED Viewed

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const content_types_1 = require("../../content-types");
+const visitor = ({ key, attribute }, { remove }) => {
+    if ((0, content_types_1.isDynamicZoneAttribute)(attribute)) {
+        remove(key);
+    }
+};
+exports.default = visitor;
+//# sourceMappingURL=remove-dynamic-zones.js.map

package/dist/sanitize/visitors/remove-dynamic-zones.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"remove-dynamic-zones.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/remove-dynamic-zones.ts"],"names":[],"mappings":";;AAAA,uDAA6D;AAG7D,MAAM,OAAO,GAAY,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IAC1D,IAAI,IAAA,sCAAsB,EAAC,SAAS,CAAC,EAAE;QACrC,MAAM,CAAC,GAAG,CAAC,CAAC;KACb;AACH,CAAC,CAAC;AAEF,kBAAe,OAAO,CAAC"}

package/dist/sanitize/visitors/remove-morph-to-relations.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse-entity';
+declare const visitor: Visitor;
+export default visitor;

package/dist/sanitize/visitors/remove-morph-to-relations.js ADDED Viewed

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const content_types_1 = require("../../content-types");
+const visitor = ({ key, attribute }, { remove }) => {
+    if ((0, content_types_1.isMorphToRelationalAttribute)(attribute)) {
+        remove(key);
+    }
+};
+exports.default = visitor;
+//# sourceMappingURL=remove-morph-to-relations.js.map

package/dist/sanitize/visitors/remove-morph-to-relations.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"remove-morph-to-relations.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/remove-morph-to-relations.ts"],"names":[],"mappings":";;AAAA,uDAAmE;AAGnE,MAAM,OAAO,GAAY,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IAC1D,IAAI,IAAA,4CAA4B,EAAC,SAAS,CAAC,EAAE;QAC3C,MAAM,CAAC,GAAG,CAAC,CAAC;KACb;AACH,CAAC,CAAC;AAEF,kBAAe,OAAO,CAAC"}

package/dist/sanitize/visitors/remove-password.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse-entity';
+declare const visitor: Visitor;
+export default visitor;

package/dist/sanitize/visitors/remove-password.js ADDED Viewed

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const visitor = ({ key, attribute }, { remove }) => {
+    if (attribute?.type === 'password') {
+        remove(key);
+    }
+};
+exports.default = visitor;
+//# sourceMappingURL=remove-password.js.map

package/dist/sanitize/visitors/remove-password.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"remove-password.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/remove-password.ts"],"names":[],"mappings":";;AAEA,MAAM,OAAO,GAAY,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IAC1D,IAAI,SAAS,EAAE,IAAI,KAAK,UAAU,EAAE;QAClC,MAAM,CAAC,GAAG,CAAC,CAAC;KACb;AACH,CAAC,CAAC;AAEF,kBAAe,OAAO,CAAC"}

package/dist/sanitize/visitors/remove-private.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse-entity';
+declare const visitor: Visitor;
+export default visitor;

package/dist/sanitize/visitors/remove-private.js ADDED Viewed

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const content_types_1 = require("../../content-types");
+const visitor = ({ schema, key, attribute }, { remove }) => {
+    if (!attribute) {
+        return;
+    }
+    const isPrivate = (0, content_types_1.isPrivateAttribute)(schema, key) || attribute.private === true;
+    if (isPrivate) {
+        remove(key);
+    }
+};
+exports.default = visitor;
+//# sourceMappingURL=remove-private.js.map

package/dist/sanitize/visitors/remove-private.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"remove-private.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/remove-private.ts"],"names":[],"mappings":";;AAAA,uDAAyD;AAGzD,MAAM,OAAO,GAAY,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IAClE,IAAI,CAAC,SAAS,EAAE;QACd,OAAO;KACR;IAED,MAAM,SAAS,GAAG,IAAA,kCAAkB,EAAC,MAAM,EAAE,GAAG,CAAC,IAAI,SAAS,CAAC,OAAO,KAAK,IAAI,CAAC;IAEhF,IAAI,SAAS,EAAE;QACb,MAAM,CAAC,GAAG,CAAC,CAAC;KACb;AACH,CAAC,CAAC;AAEF,kBAAe,OAAO,CAAC"}

package/dist/sanitize/visitors/remove-restricted-relations.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse-entity';
+declare const _default: (auth: unknown) => Visitor;
+export default _default;

package/dist/sanitize/visitors/remove-restricted-relations.js ADDED Viewed

@@ -0,0 +1,88 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const contentTypeUtils = __importStar(require("../../content-types"));
+const ACTIONS_TO_VERIFY = ['find'];
+const { CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE } = contentTypeUtils.constants;
+exports.default = (auth) => async ({ data, key, attribute, schema }, { remove, set }) => {
+    if (!attribute) {
+        return;
+    }
+    const isRelation = attribute.type === 'relation';
+    if (!isRelation) {
+        return;
+    }
+    const handleMorphRelation = async () => {
+        const newMorphValue = [];
+        for (const element of data[key]) {
+            const scopes = ACTIONS_TO_VERIFY.map((action) => `${element.__type}.${action}`);
+            const isAllowed = await hasAccessToSomeScopes(scopes, auth);
+            if (isAllowed) {
+                newMorphValue.push(element);
+            }
+        }
+        // If the new value is empty, remove the relation completely
+        if (newMorphValue.length === 0) {
+            remove(key);
+        }
+        else {
+            set(key, newMorphValue);
+        }
+    };
+    const handleRegularRelation = async () => {
+        const scopes = ACTIONS_TO_VERIFY.map((action) => `${attribute.target}.${action}`);
+        const isAllowed = await hasAccessToSomeScopes(scopes, auth);
+        // If the authenticated user don't have access to any of the scopes, then remove the field
+        if (!isAllowed) {
+            remove(key);
+        }
+    };
+    const isCreatorRelation = [CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE].includes(key);
+    // Polymorphic relations
+    if (contentTypeUtils.isMorphToRelationalAttribute(attribute)) {
+        await handleMorphRelation();
+        return;
+    }
+    // Creator relations
+    if (isCreatorRelation && schema.options.populateCreatorFields) {
+        // do nothing
+        return;
+    }
+    // Regular relations
+    await handleRegularRelation();
+};
+const hasAccessToSomeScopes = async (scopes, auth) => {
+    for (const scope of scopes) {
+        try {
+            await strapi.auth.verify(auth, { scope });
+            return true;
+        }
+        catch {
+            continue;
+        }
+    }
+    return false;
+};
+//# sourceMappingURL=remove-restricted-relations.js.map

package/dist/sanitize/visitors/remove-restricted-relations.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"remove-restricted-relations.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/remove-restricted-relations.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,sEAAwD;AAGxD,MAAM,iBAAiB,GAAG,CAAC,MAAM,CAAC,CAAC;AACnC,MAAM,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,GAAG,gBAAgB,CAAC,SAAS,CAAC;AAElF,kBAAe,CAAC,IAAa,EAAW,EAAE,CACxC,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE;IAC1D,IAAI,CAAC,SAAS,EAAE;QACd,OAAO;KACR;IAED,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,KAAK,UAAU,CAAC;IAEjD,IAAI,CAAC,UAAU,EAAE;QACf,OAAO;KACR;IAED,MAAM,mBAAmB,GAAG,KAAK,IAAI,EAAE;QACrC,MAAM,aAAa,GAA8B,EAAE,CAAC;QAEpD,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE;YAC/B,MAAM,MAAM,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,IAAI,MAAM,EAAE,CAAC,CAAC;YAChF,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAE5D,IAAI,SAAS,EAAE;gBACb,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;aAC7B;SACF;QAED,4DAA4D;QAC5D,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE;YAC9B,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;aAAM;YACL,GAAG,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;SACzB;IACH,CAAC,CAAC;IAEF,MAAM,qBAAqB,GAAG,KAAK,IAAI,EAAE;QACvC,MAAM,MAAM,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,IAAI,MAAM,EAAE,CAAC,CAAC;QAElF,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAE5D,0FAA0F;QAC1F,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;IACH,CAAC,CAAC;IAEF,MAAM,iBAAiB,GAAG,CAAC,oBAAoB,EAAE,oBAAoB,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAErF,wBAAwB;IACxB,IAAI,gBAAgB,CAAC,4BAA4B,CAAC,SAAS,CAAC,EAAE;QAC5D,MAAM,mBAAmB,EAAE,CAAC;QAC5B,OAAO;KACR;IAED,oBAAoB;IACpB,IAAI,iBAAiB,IAAI,MAAM,CAAC,OAAO,CAAC,qBAAqB,EAAE;QAC7D,aAAa;QACb,OAAO;KACR;IAED,oBAAoB;IACpB,MAAM,qBAAqB,EAAE,CAAC;AAChC,CAAC,CAAC;AAEJ,MAAM,qBAAqB,GAAG,KAAK,EAAE,MAAgB,EAAE,IAAa,EAAE,EAAE;IACtE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;QAC1B,IAAI;YACF,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC;SACb;QAAC,MAAM;YACN,SAAS;SACV;KACF;IAED,OAAO,KAAK,CAAC;AACf,CAAC,CAAC"}

package/dist/sanitize/visitors/restricted-fields.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse-entity';
+declare const _default: (restrictedFields?: string[] | null) => Visitor;
+export default _default;

package/dist/sanitize/visitors/restricted-fields.js ADDED Viewed

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const fp_1 = require("lodash/fp");
+exports.default = (restrictedFields = null) => ({ key, path: { attribute: path } }, { remove }) => {
+    // Remove all fields
+    if (restrictedFields === null) {
+        remove(key);
+        return;
+    }
+    // Ignore invalid formats
+    if (!(0, fp_1.isArray)(restrictedFields)) {
+        return;
+    }
+    // Remove if an exact match was found
+    if (restrictedFields.includes(path)) {
+        remove(key);
+        return;
+    }
+    // Remove nested matches
+    const isRestrictedNested = restrictedFields.some((allowedPath) => path?.toString().startsWith(`${allowedPath}.`));
+    if (isRestrictedNested) {
+        remove(key);
+    }
+};
+//# sourceMappingURL=restricted-fields.js.map

package/dist/sanitize/visitors/restricted-fields.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"restricted-fields.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/restricted-fields.ts"],"names":[],"mappings":";;AAAA,kCAAoC;AAGpC,kBAAe,CAAC,mBAAoC,IAAI,EAAW,EAAE,CACnE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IACjD,oBAAoB;IACpB,IAAI,gBAAgB,KAAK,IAAI,EAAE;QAC7B,MAAM,CAAC,GAAG,CAAC,CAAC;QACZ,OAAO;KACR;IAED,yBAAyB;IACzB,IAAI,CAAC,IAAA,YAAO,EAAC,gBAAgB,CAAC,EAAE;QAC9B,OAAO;KACR;IAED,qCAAqC;IACrC,IAAI,gBAAgB,CAAC,QAAQ,CAAC,IAAc,CAAC,EAAE;QAC7C,MAAM,CAAC,GAAG,CAAC,CAAC;QACZ,OAAO;KACR;IAED,wBAAwB;IACxB,MAAM,kBAAkB,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAC/D,IAAI,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,GAAG,WAAW,GAAG,CAAC,CAC/C,CAAC;IACF,IAAI,kBAAkB,EAAE;QACtB,MAAM,CAAC,GAAG,CAAC,CAAC;KACb;AACH,CAAC,CAAC"}

package/dist/set-creator-fields.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+interface Options {
+    user: User;
+    isEdition?: boolean;
+}
+interface User {
+    id: string | number;
+}
+declare const _default: ({ user, isEdition }: Options) => (data: object) => object;
+export = _default;