@strapi/utils 4.11.3 → 4.12.0-beta.0

package/lib/sanitize/sanitizers.js

@@ -1,163 +0,0 @@
-'use strict';
-
-const { curry, isEmpty, isNil, isArray, isObject } = require('lodash/fp');
-
-const { pipeAsync } = require('../async');
-const traverseEntity = require('../traverse-entity');
-const { isScalarAttribute } = require('../content-types');
-
-const {
-  traverseQueryFilters,
-  traverseQuerySort,
-  traverseQueryPopulate,
-  traverseQueryFields,
-} = require('../traverse');
-
-const {
-  removePassword,
-  removePrivate,
-  removeDynamicZones,
-  removeMorphToRelations,
-} = require('./visitors');
-const { isOperator } = require('../operators');
-
-const sanitizePasswords = (schema) => async (entity) => {
-  return traverseEntity(removePassword, { schema }, entity);
-};
-
-const defaultSanitizeOutput = async (schema, entity) => {
-  return traverseEntity(
-    (...args) => {
-      removePassword(...args);
-      removePrivate(...args);
-    },
-    { schema },
-    entity
-  );
-};
-
-const defaultSanitizeFilters = curry((schema, filters) => {
-  return pipeAsync(
-    // Remove keys that are not attributes or valid operators
-    traverseQueryFilters(
-      ({ key, attribute }, { remove }) => {
-        const isAttribute = !!attribute;
-
-        if (!isAttribute && !isOperator(key) && key !== 'id') {
-          remove(key);
-        }
-      },
-      { schema }
-    ),
-    // Remove dynamic zones from filters
-    traverseQueryFilters(removeDynamicZones, { schema }),
-    // Remove morpTo relations from filters
-    traverseQueryFilters(removeMorphToRelations, { schema }),
-    // Remove passwords from filters
-    traverseQueryFilters(removePassword, { schema }),
-    // Remove private from filters
-    traverseQueryFilters(removePrivate, { schema }),
-    // Remove empty objects
-    traverseQueryFilters(
-      ({ key, value }, { remove }) => {
-        if (isObject(value) && isEmpty(value)) {
-          remove(key);
-        }
-      },
-      { schema }
-    )
-  )(filters);
-});
-
-const defaultSanitizeSort = curry((schema, sort) => {
-  return pipeAsync(
-    // Remove non attribute keys
-    traverseQuerySort(
-      ({ key, attribute }, { remove }) => {
-        // ID is not an attribute per se, so we need to make
-        // an extra check to ensure we're not removing it
-        if (key === 'id') {
-          return;
-        }
-
-        if (!attribute) {
-          remove(key);
-        }
-      },
-      { schema }
-    ),
-    // Remove dynamic zones from sort
-    traverseQuerySort(removeDynamicZones, { schema }),
-    // Remove morpTo relations from sort
-    traverseQuerySort(removeMorphToRelations, { schema }),
-    // Remove private from sort
-    traverseQuerySort(removePrivate, { schema }),
-    // Remove passwords from filters
-    traverseQuerySort(removePassword, { schema }),
-    // Remove keys for empty non-scalar values
-    traverseQuerySort(
-      ({ key, attribute, value }, { remove }) => {
-        if (!isScalarAttribute(attribute) && isEmpty(value)) {
-          remove(key);
-        }
-      },
-      { schema }
-    )
-  )(sort);
-});
-
-const defaultSanitizeFields = curry((schema, fields) => {
-  return pipeAsync(
-    // Only keep scalar attributes
-    traverseQueryFields(
-      ({ key, attribute }, { remove }) => {
-        if (isNil(attribute) || !isScalarAttribute(attribute)) {
-          remove(key);
-        }
-      },
-      { schema }
-    ),
-    // Remove private fields
-    traverseQueryFields(removePrivate, { schema }),
-    // Remove password fields
-    traverseQueryFields(removePassword, { schema }),
-    // Remove nil values from fields array
-    (value) => (isArray(value) ? value.filter((field) => !isNil(field)) : value)
-  )(fields);
-});
-
-const defaultSanitizePopulate = curry((schema, populate) => {
-  return pipeAsync(
-    traverseQueryPopulate(
-      async ({ key, value, schema, attribute }, { set }) => {
-        if (attribute) {
-          return;
-        }
-
-        if (key === 'sort') {
-          set(key, await defaultSanitizeSort(schema, value));
-        }
-
-        if (key === 'filters') {
-          set(key, await defaultSanitizeFilters(schema, value));
-        }
-
-        if (key === 'fields') {
-          set(key, await defaultSanitizeFields(schema, value));
-        }
-      },
-      { schema }
-    ),
-    // Remove private fields
-    traverseQueryPopulate(removePrivate, { schema })
-  )(populate);
-});
-
-module.exports = {
-  sanitizePasswords,
-  defaultSanitizeOutput,
-  defaultSanitizeFilters,
-  defaultSanitizeSort,
-  defaultSanitizeFields,
-  defaultSanitizePopulate,
-};

package/lib/sanitize/visitors/index.js

@@ -1,11 +0,0 @@
-'use strict';
-
-module.exports = {
-  removePassword: require('./remove-password'),
-  removePrivate: require('./remove-private'),
-  removeRestrictedRelations: require('./remove-restricted-relations'),
-  removeMorphToRelations: require('./remove-morph-to-relations'),
-  removeDynamicZones: require('./remove-dynamic-zones'),
-  allowedFields: require('./allowed-fields'),
-  restrictedFields: require('./restricted-fields'),
-};

package/lib/sanitize/visitors/remove-dynamic-zones.js

@@ -1,9 +0,0 @@
-'use strict';
-
-const { isDynamicZoneAttribute } = require('../../content-types');
-
-module.exports = ({ key, attribute }, { remove }) => {
-  if (isDynamicZoneAttribute(attribute)) {
-    remove(key);
-  }
-};

package/lib/sanitize/visitors/remove-morph-to-relations.js

@@ -1,9 +0,0 @@
-'use strict';
-
-const { isMorphToRelationalAttribute } = require('../../content-types');
-
-module.exports = ({ key, attribute }, { remove }) => {
-  if (isMorphToRelationalAttribute(attribute)) {
-    remove(key);
-  }
-};

package/lib/sanitize/visitors/remove-password.js

@@ -1,7 +0,0 @@
-'use strict';
-
-module.exports = ({ key, attribute }, { remove }) => {
-  if (attribute?.type === 'password') {
-    remove(key);
-  }
-};

package/lib/sanitize/visitors/remove-private.js

@@ -1,15 +0,0 @@
-'use strict';
-
-const { isPrivateAttribute } = require('../../content-types');
-
-module.exports = ({ schema, key, attribute }, { remove }) => {
-  if (!attribute) {
-    return;
-  }
-
-  const isPrivate = attribute.private === true || isPrivateAttribute(schema, key);
-
-  if (isPrivate) {
-    remove(key);
-  }
-};

package/lib/sanitize/visitors/remove-restricted-relations.js

@@ -1,81 +0,0 @@
-'use strict';
-
-const ACTIONS_TO_VERIFY = ['find'];
-
-const { CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE } = require('../../content-types').constants;
-
-module.exports =
-  (auth) =>
-  async ({ data, key, attribute, schema }, { remove, set }) => {
-    if (!attribute) {
-      return;
-    }
-
-    const isRelation = attribute.type === 'relation';
-
-    if (!isRelation) {
-      return;
-    }
-
-    const handleMorphRelation = async () => {
-      const newMorphValue = [];
-
-      for (const element of data[key]) {
-        const scopes = ACTIONS_TO_VERIFY.map((action) => `${element.__type}.${action}`);
-        const isAllowed = await hasAccessToSomeScopes(scopes, auth);
-
-        if (isAllowed) {
-          newMorphValue.push(element);
-        }
-      }
-
-      // If the new value is empty, remove the relation completely
-      if (newMorphValue.length === 0) {
-        remove(key);
-      } else {
-        set(key, newMorphValue);
-      }
-    };
-
-    const handleRegularRelation = async () => {
-      const scopes = ACTIONS_TO_VERIFY.map((action) => `${attribute.target}.${action}`);
-
-      const isAllowed = await hasAccessToSomeScopes(scopes, auth);
-
-      // If the authenticated user don't have access to any of the scopes, then remove the field
-      if (!isAllowed) {
-        remove(key);
-      }
-    };
-
-    const isMorphRelation = attribute.relation.toLowerCase().startsWith('morph');
-    const isCreatorRelation = [CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE].includes(key);
-
-    // Polymorphic relations
-    if (isMorphRelation) {
-      await handleMorphRelation();
-      return;
-    }
-
-    // Creator relations
-    if (isCreatorRelation && schema.options.populateCreatorFields) {
-      // do nothing
-      return;
-    }
-
-    // Regular relations
-    await handleRegularRelation();
-  };
-
-const hasAccessToSomeScopes = async (scopes, auth) => {
-  for (const scope of scopes) {
-    try {
-      await strapi.auth.verify(auth, { scope });
-      return true;
-    } catch {
-      continue;
-    }
-  }
-
-  return false;
-};

package/lib/sanitize/visitors/restricted-fields.js

@@ -1,32 +0,0 @@
-'use strict';
-
-const { isArray } = require('lodash/fp');
-
-module.exports =
-  (restrictedFields = null) =>
-  ({ key, path: { attribute: path } }, { remove }) => {
-    // Remove all fields
-    if (restrictedFields === null) {
-      remove(key);
-      return;
-    }
-
-    // Ignore invalid formats
-    if (!isArray(restrictedFields)) {
-      return;
-    }
-
-    // Remove if an exact match was found
-    if (restrictedFields.includes(path)) {
-      remove(key);
-      return;
-    }
-
-    // Remove nested matches
-    const isRestrictedNested = restrictedFields.some((allowedPath) =>
-      path.startsWith(`${allowedPath}.`)
-    );
-    if (isRestrictedNested) {
-      remove(key);
-    }
-  };

package/lib/set-creator-fields.js

@@ -1,17 +0,0 @@
-'use strict';
-
-const { assign, assoc } = require('lodash/fp');
-const { CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE } = require('./content-types').constants;
-
-module.exports =
-  ({ user, isEdition = false }) =>
-  (data) => {
-    if (isEdition) {
-      return assoc(UPDATED_BY_ATTRIBUTE, user.id, data);
-    }
-
-    return assign(data, {
-      [CREATED_BY_ATTRIBUTE]: user.id,
-      [UPDATED_BY_ATTRIBUTE]: user.id,
-    });
-  };

package/lib/string-formatting.js

@@ -1,79 +0,0 @@
-'use strict';
-
-const _ = require('lodash');
-const { trimChars, trimCharsEnd, trimCharsStart } = require('lodash/fp');
-const slugify = require('@sindresorhus/slugify');
-const { kebabCase } = require('lodash');
-
-const nameToSlug = (name, options = { separator: '-' }) => slugify(name, options);
-
-const nameToCollectionName = (name) => slugify(name, { separator: '_' });
-
-const toRegressedEnumValue = (value) =>
-  slugify(value, {
-    decamelize: false,
-    lowercase: false,
-    separator: '_',
-  });
-
-const getCommonBeginning = (...strings) =>
-  _.takeWhile(strings[0], (char, index) => strings.every((string) => string[index] === char)).join(
-    ''
-  );
-
-const getCommonPath = (...paths) => {
-  const [segments, ...otherSegments] = paths.map((it) => _.split(it, '/'));
-  return _.join(
-    _.takeWhile(segments, (str, index) => otherSegments.every((it) => it[index] === str)),
-    '/'
-  );
-};
-
-const escapeQuery = (query, charsToEscape, escapeChar = '\\') => {
-  return query
-    .split('')
-    .reduce(
-      (escapedQuery, char) =>
-        charsToEscape.includes(char)
-          ? `${escapedQuery}${escapeChar}${char}`
-          : `${escapedQuery}${char}`,
-      ''
-    );
-};
-
-const stringIncludes = (arr, val) => arr.map(String).includes(String(val));
-const stringEquals = (a, b) => String(a) === String(b);
-const isCamelCase = (value) => /^[a-z][a-zA-Z0-9]+$/.test(value);
-const isKebabCase = (value) => /^([a-z][a-z0-9]*)(-[a-z0-9]+)*$/.test(value);
-const startsWithANumber = (value) => /^[0-9]/.test(value);
-
-const joinBy = (joint, ...args) => {
-  const trim = trimChars(joint);
-  const trimEnd = trimCharsEnd(joint);
-  const trimStart = trimCharsStart(joint);
-
-  return args.reduce((url, path, index) => {
-    if (args.length === 1) return path;
-    if (index === 0) return trimEnd(path);
-    if (index === args.length - 1) return url + joint + trimStart(path);
-    return url + joint + trim(path);
-  }, '');
-};
-
-const toKebabCase = (value) => kebabCase(value);
-
-module.exports = {
-  nameToSlug,
-  nameToCollectionName,
-  getCommonBeginning,
-  getCommonPath,
-  escapeQuery,
-  stringIncludes,
-  stringEquals,
-  isCamelCase,
-  isKebabCase,
-  toKebabCase,
-  toRegressedEnumValue,
-  startsWithANumber,
-  joinBy,
-};

package/lib/template-configuration.js

@@ -1,32 +0,0 @@
-'use strict';
-
-const { isString, isPlainObject } = require('lodash');
-
-const regex = /\$\{[^()]*\}/g;
-const excludeConfigPaths = ['info.scripts'];
-
-/**
- * Allow dynamic config values through the native ES6 template string function.
- */
-const templateConfiguration = (obj, configPath = '') => {
-  // Allow values which looks like such as an ES6 literal string without parenthesis inside (aka function call).
-  // Exclude config with conflicting syntax (e.g. npm scripts).
-  return Object.keys(obj).reduce((acc, key) => {
-    if (isPlainObject(obj[key]) && !isString(obj[key])) {
-      acc[key] = templateConfiguration(obj[key], `${configPath}.${key}`);
-    } else if (
-      isString(obj[key]) &&
-      !excludeConfigPaths.includes(configPath.substr(1)) &&
-      obj[key].match(regex) !== null
-    ) {
-      // eslint-disable-next-line prefer-template, no-eval
-      acc[key] = eval('`' + obj[key] + '`');
-    } else {
-      acc[key] = obj[key];
-    }
-
-    return acc;
-  }, {});
-};
-
-module.exports = templateConfiguration;

package/lib/template.js

@@ -1,28 +0,0 @@
-'use strict';
-
-/**
- * Create a strict interpolation RegExp based on the given variables' name
- *
- * @param {string[]} allowedVariableNames - The list of allowed variables
- * @param {string} [flags] - The RegExp flags
- */
-const createStrictInterpolationRegExp = (allowedVariableNames, flags) => {
-  const oneOfVariables = allowedVariableNames.join('|');
-
-  // 1. We need to match the delimiters: <%= ... %>
-  // 2. We accept any number of whitespaces characters before and/or after the variable name: \s* ... \s*
-  // 3. We only accept values from the variable list as interpolation variables' name: : (${oneOfVariables})
-  return new RegExp(`<%=\\s*(${oneOfVariables})\\s*%>`, flags);
-};
-
-/**
- * Create a loose interpolation RegExp to match as many groups as possible
- *
- * @param {string} [flags] - The RegExp flags
- */
-const createLooseInterpolationRegExp = (flags) => new RegExp(/<%=([\s\S]+?)%>/, flags);
-
-module.exports = {
-  createStrictInterpolationRegExp,
-  createLooseInterpolationRegExp,
-};

package/lib/traverse/factory.js

@@ -1,157 +0,0 @@
-'use strict';
-
-const { isNil, pick } = require('lodash/fp');
-
-module.exports = () => {
-  const state = {
-    parsers: [],
-    interceptors: [],
-    ignore: [],
-    handlers: {
-      attributes: [],
-      common: [],
-    },
-  };
-
-  const traverse = async (visitor, options, data) => {
-    const { path = { raw: null, attribute: null }, schema } = options ?? {};
-
-    // interceptors
-    for (const { predicate, handler } of state.interceptors) {
-      if (predicate(data)) {
-        return handler(visitor, options, data, { recurse: traverse });
-      }
-    }
-
-    // parsers
-    const parser = state.parsers.find((parser) => parser.predicate(data))?.parser;
-    const utils = parser?.(data);
-
-    // Return the data untouched if we don't know how to traverse it
-    if (!utils) {
-      return data;
-    }
-
-    // main loop
-    let out = utils.transform(data);
-    const keys = utils.keys(out);
-
-    for (const key of keys) {
-      const attribute =
-        schema?.attributes?.[key] ??
-        // FIX: Needed to not break existing behavior on the API.
-        //      It looks for the attribute in the DB metadata when the key is in snake_case
-        schema?.attributes?.[strapi.db.metadata.get(schema?.uid).columnToAttribute[key]];
-
-      const newPath = { ...path };
-
-      newPath.raw = isNil(path.raw) ? key : `${path.raw}.${key}`;
-
-      if (!isNil(attribute)) {
-        newPath.attribute = isNil(path.attribute) ? key : `${path.attribute}.${key}`;
-      }
-
-      // visitors
-
-      const visitorOptions = {
-        key,
-        value: utils.get(key, out),
-        attribute,
-        schema,
-        path: newPath,
-        data: out,
-      };
-
-      const transformUtils = {
-        remove(key) {
-          out = utils.remove(key, out);
-        },
-        set(key, value) {
-          out = utils.set(key, value, out);
-        },
-        recurse: traverse,
-      };
-
-      await visitor(visitorOptions, pick(['remove', 'set'], transformUtils));
-
-      const value = utils.get(key, out);
-
-      const createContext = () => ({
-        key,
-        value,
-        attribute,
-        schema,
-        path: newPath,
-        data: out,
-        visitor,
-      });
-
-      // ignore
-      const ignoreCtx = createContext();
-      const shouldIgnore = state.ignore.some((predicate) => predicate(ignoreCtx));
-
-      if (shouldIgnore) {
-        continue;
-      }
-
-      // handlers
-      const handlers = [...state.handlers.common, ...state.handlers.attributes];
-
-      for await (const handler of handlers) {
-        const ctx = createContext();
-        const pass = await handler.predicate(ctx);
-
-        if (pass) {
-          await handler.handler(ctx, pick(['recurse', 'set'], transformUtils));
-        }
-      }
-    }
-
-    return out;
-  };
-
-  return {
-    traverse,
-
-    intercept(predicate, handler) {
-      state.interceptors.push({ predicate, handler });
-      return this;
-    },
-
-    parse(predicate, parser) {
-      state.parsers.push({ predicate, parser });
-      return this;
-    },
-
-    ignore(predicate) {
-      state.ignore.push(predicate);
-      return this;
-    },
-
-    on(predicate, handler) {
-      state.handlers.common.push({ predicate, handler });
-      return this;
-    },
-
-    onAttribute(predicate, handler) {
-      state.handlers.attributes.push({ predicate, handler });
-      return this;
-    },
-
-    onRelation(handler) {
-      return this.onAttribute(({ attribute }) => attribute?.type === 'relation', handler);
-    },
-
-    onMedia(handler) {
-      return this.onAttribute(({ attribute }) => attribute?.type === 'media', handler);
-    },
-
-    onComponent(handler) {
-      return this.onAttribute(({ attribute }) => attribute?.type === 'component', handler);
-    },
-
-    onDynamicZone(handler) {
-      return this.onAttribute(({ attribute }) => attribute?.type === 'dynamiczone', handler);
-    },
-  };
-};

package/lib/traverse/index.js

@@ -1,16 +0,0 @@
-'use strict';
-
-const factory = require('./factory');
-
-const traverseQueryFilters = require('./query-filters');
-const traverseQuerySort = require('./query-sort');
-const traverseQueryPopulate = require('./query-populate');
-const traverseQueryFields = require('./query-fields');
-
-module.exports = {
-  factory,
-  traverseQueryFilters,
-  traverseQuerySort,
-  traverseQueryPopulate,
-  traverseQueryFields,
-};