@strapi/utils 4.11.3 → 4.12.0-beta.0

package/dist/relations.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isAnyToMany = exports.isAnyToOne = exports.isManyToAny = exports.isOneToAny = exports.getRelationalFields = exports.constants = void 0;
+const content_types_1 = require("./content-types");
+const MANY_RELATIONS = ['oneToMany', 'manyToMany'];
+const getRelationalFields = (contentType) => {
+    return Object.keys(contentType.attributes).filter((attributeName) => {
+        return contentType.attributes[attributeName].type === 'relation';
+    });
+};
+exports.getRelationalFields = getRelationalFields;
+const isOneToAny = (attribute) => (0, content_types_1.isRelationalAttribute)(attribute) && ['oneToOne', 'oneToMany'].includes(attribute.relation);
+exports.isOneToAny = isOneToAny;
+const isManyToAny = (attribute) => (0, content_types_1.isRelationalAttribute)(attribute) && ['manyToMany', 'manyToOne'].includes(attribute.relation);
+exports.isManyToAny = isManyToAny;
+const isAnyToOne = (attribute) => (0, content_types_1.isRelationalAttribute)(attribute) && ['oneToOne', 'manyToOne'].includes(attribute.relation);
+exports.isAnyToOne = isAnyToOne;
+const isAnyToMany = (attribute) => (0, content_types_1.isRelationalAttribute)(attribute) && ['oneToMany', 'manyToMany'].includes(attribute.relation);
+exports.isAnyToMany = isAnyToMany;
+exports.constants = {
+    MANY_RELATIONS,
+};
+//# sourceMappingURL=relations.js.map

package/dist/relations.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"relations.js","sourceRoot":"","sources":["../src/relations.ts"],"names":[],"mappings":";;;AAEA,mDAAwD;AAExD,MAAM,cAAc,GAAG,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;AAEnD,MAAM,mBAAmB,GAAG,CAAC,WAAkB,EAAE,EAAE;IACjD,OAAO,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,aAAa,EAAE,EAAE;QAClE,OAAO,WAAW,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC;IACnE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAeO,kDAAmB;AAb5B,MAAM,UAAU,GAAG,CAAC,SAAoB,EAAE,EAAE,CAC1C,IAAA,qCAAqB,EAAC,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;AAY/D,gCAAU;AAXxC,MAAM,WAAW,GAAG,CAAC,SAAoB,EAAE,EAAE,CAC3C,IAAA,qCAAqB,EAAC,SAAS,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;AAUrD,kCAAW;AATrD,MAAM,UAAU,GAAG,CAAC,SAAoB,EAAE,EAAE,CAC1C,IAAA,qCAAqB,EAAC,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;AAQtC,gCAAU;AAPjE,MAAM,WAAW,GAAG,CAAC,SAAoB,EAAE,EAAE,CAC3C,IAAA,qCAAqB,EAAC,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;AAM5B,kCAAW;AAJjE,QAAA,SAAS,GAAG;IACvB,cAAc;CACf,CAAC"}

package/dist/sanitize/index.d.ts

@@ -0,0 +1,23 @@
+import * as visitors from './visitors';
+import * as sanitizers from './sanitizers';
+import { Model } from '../types';
+export interface Options {
+    auth?: unknown;
+}
+export interface SanitizeFunc {
+    (data: unknown, schema: Model, options?: Options): Promise<unknown>;
+}
+declare const _default: {
+    contentAPI: {
+        input: SanitizeFunc;
+        output: SanitizeFunc;
+        query: (query: Record<string, unknown>, schema: Model, { auth }?: Options) => Promise<Record<string, unknown>>;
+        filters: SanitizeFunc;
+        sort: SanitizeFunc;
+        fields: SanitizeFunc;
+        populate: SanitizeFunc;
+    };
+    sanitizers: typeof sanitizers;
+    visitors: typeof visitors;
+};
+export default _default;

package/dist/sanitize/index.js

@@ -0,0 +1,135 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const fp_1 = require("lodash/fp");
+const content_types_1 = require("../content-types");
+const async_1 = require("../async");
+const visitors = __importStar(require("./visitors"));
+const sanitizers = __importStar(require("./sanitizers"));
+const traverse_entity_1 = __importDefault(require("../traverse-entity"));
+const traverse_1 = require("../traverse");
+const createContentAPISanitizers = () => {
+    const sanitizeInput = (data, schema, { auth } = {}) => {
+        if ((0, fp_1.isArray)(data)) {
+            return Promise.all(data.map((entry) => sanitizeInput(entry, schema, { auth })));
+        }
+        const nonWritableAttributes = (0, content_types_1.getNonWritableAttributes)(schema);
+        const transforms = [
+            // Remove non writable attributes
+            (0, traverse_entity_1.default)(visitors.restrictedFields(nonWritableAttributes), { schema }),
+        ];
+        if (auth) {
+            // Remove restricted relations
+            transforms.push((0, traverse_entity_1.default)(visitors.removeRestrictedRelations(auth), { schema }));
+        }
+        // Apply sanitizers from registry if exists
+        strapi.sanitizers
+            .get('content-api.input')
+            .forEach((sanitizer) => transforms.push(sanitizer(schema)));
+        return (0, async_1.pipeAsync)(...transforms)(data);
+    };
+    const sanitizeOutput = async (data, schema, { auth } = {}) => {
+        if ((0, fp_1.isArray)(data)) {
+            const res = new Array(data.length);
+            for (let i = 0; i < data.length; i += 1) {
+                res[i] = await sanitizeOutput(data[i], schema, { auth });
+            }
+            return res;
+        }
+        const transforms = [(data) => sanitizers.defaultSanitizeOutput(schema, data)];
+        if (auth) {
+            transforms.push((0, traverse_entity_1.default)(visitors.removeRestrictedRelations(auth), { schema }));
+        }
+        // Apply sanitizers from registry if exists
+        strapi.sanitizers
+            .get('content-api.output')
+            .forEach((sanitizer) => transforms.push(sanitizer(schema)));
+        return (0, async_1.pipeAsync)(...transforms)(data);
+    };
+    const sanitizeQuery = async (query, schema, { auth } = {}) => {
+        const { filters, sort, fields, populate } = query;
+        const sanitizedQuery = (0, fp_1.cloneDeep)(query);
+        if (filters) {
+            Object.assign(sanitizedQuery, { filters: await sanitizeFilters(filters, schema, { auth }) });
+        }
+        if (sort) {
+            Object.assign(sanitizedQuery, { sort: await sanitizeSort(sort, schema, { auth }) });
+        }
+        if (fields) {
+            Object.assign(sanitizedQuery, { fields: await sanitizeFields(fields, schema) });
+        }
+        if (populate) {
+            Object.assign(sanitizedQuery, { populate: await sanitizePopulate(populate, schema) });
+        }
+        return sanitizedQuery;
+    };
+    const sanitizeFilters = (filters, schema, { auth } = {}) => {
+        if ((0, fp_1.isArray)(filters)) {
+            return Promise.all(filters.map((filter) => sanitizeFilters(filter, schema, { auth })));
+        }
+        const transforms = [sanitizers.defaultSanitizeFilters(schema)];
+        if (auth) {
+            transforms.push((0, traverse_1.traverseQueryFilters)(visitors.removeRestrictedRelations(auth), { schema }));
+        }
+        return (0, async_1.pipeAsync)(...transforms)(filters);
+    };
+    const sanitizeSort = (sort, schema, { auth } = {}) => {
+        const transforms = [sanitizers.defaultSanitizeSort(schema)];
+        if (auth) {
+            transforms.push((0, traverse_1.traverseQuerySort)(visitors.removeRestrictedRelations(auth), { schema }));
+        }
+        return (0, async_1.pipeAsync)(...transforms)(sort);
+    };
+    const sanitizeFields = (fields, schema) => {
+        const transforms = [sanitizers.defaultSanitizeFields(schema)];
+        return (0, async_1.pipeAsync)(...transforms)(fields);
+    };
+    const sanitizePopulate = (populate, schema, { auth } = {}) => {
+        const transforms = [sanitizers.defaultSanitizePopulate(schema)];
+        if (auth) {
+            transforms.push((0, traverse_1.traverseQueryPopulate)(visitors.removeRestrictedRelations(auth), { schema }));
+        }
+        return (0, async_1.pipeAsync)(...transforms)(populate);
+    };
+    return {
+        input: sanitizeInput,
+        output: sanitizeOutput,
+        query: sanitizeQuery,
+        filters: sanitizeFilters,
+        sort: sanitizeSort,
+        fields: sanitizeFields,
+        populate: sanitizePopulate,
+    };
+};
+const contentAPI = createContentAPISanitizers();
+exports.default = {
+    contentAPI,
+    sanitizers,
+    visitors,
+};
+//# sourceMappingURL=index.js.map

package/dist/sanitize/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sanitize/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,kCAA+C;AAE/C,oDAA4D;AAC5D,oCAAqC;AAErC,qDAAuC;AACvC,yDAA2C;AAC3C,yEAA0D;AAE1D,0CAA6F;AAc7F,MAAM,0BAA0B,GAAG,GAAG,EAAE;IACtC,MAAM,aAAa,GAAiB,CAAC,IAAa,EAAE,MAAa,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QAClF,IAAI,IAAA,YAAO,EAAC,IAAI,CAAC,EAAE;YACjB,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;SACjF;QAED,MAAM,qBAAqB,GAAG,IAAA,wCAAwB,EAAC,MAAM,CAAC,CAAC;QAE/D,MAAM,UAAU,GAAG;YACjB,iCAAiC;YACjC,IAAA,yBAAc,EAAC,QAAQ,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC;SAC7E,CAAC;QAEF,IAAI,IAAI,EAAE;YACR,8BAA8B;YAC9B,UAAU,CAAC,IAAI,CAAC,IAAA,yBAAc,EAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;SACvF;QAED,2CAA2C;QAC3C,MAAM,CAAC,UAAU;aACd,GAAG,CAAC,mBAAmB,CAAC;aACxB,OAAO,CAAC,CAAC,SAAoB,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAEzE,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,IAAY,CAAC,CAAC;IAChD,CAAC,CAAC;IAEF,MAAM,cAAc,GAAiB,KAAK,EAAE,IAAI,EAAE,MAAa,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QAChF,IAAI,IAAA,YAAO,EAAC,IAAI,CAAC,EAAE;YACjB,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;gBACvC,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;aAC1D;YACD,OAAO,GAAG,CAAC;SACZ;QAED,MAAM,UAAU,GAAG,CAAC,CAAC,IAAU,EAAE,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;QAEpF,IAAI,IAAI,EAAE;YACR,UAAU,CAAC,IAAI,CAAC,IAAA,yBAAc,EAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;SACvF;QAED,2CAA2C;QAC3C,MAAM,CAAC,UAAU;aACd,GAAG,CAAC,oBAAoB,CAAC;aACzB,OAAO,CAAC,CAAC,SAAoB,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAEzE,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,IAAY,CAAC,CAAC;IAChD,CAAC,CAAC;IAEF,MAAM,aAAa,GAAG,KAAK,EACzB,KAA8B,EAC9B,MAAa,EACb,EAAE,IAAI,KAAc,EAAE,EACtB,EAAE;QACF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QAElD,MAAM,cAAc,GAAG,IAAA,cAAS,EAAC,KAAK,CAAC,CAAC;QAExC,IAAI,OAAO,EAAE;YACX,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;SAC9F;QAED,IAAI,IAAI,EAAE;YACR,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;SACrF;QAED,IAAI,MAAM,EAAE;YACV,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;SACjF;QAED,IAAI,QAAQ,EAAE;YACZ,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;SACvF;QAED,OAAO,cAAc,CAAC;IACxB,CAAC,CAAC;IAEF,MAAM,eAAe,GAAiB,CAAC,OAAO,EAAE,MAAa,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QAC9E,IAAI,IAAA,YAAO,EAAC,OAAO,CAAC,EAAE;YACpB,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;SACxF;QAED,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,CAAC;QAE/D,IAAI,IAAI,EAAE;YACR,UAAU,CAAC,IAAI,CAAC,IAAA,+BAAoB,EAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;SAC7F;QAED,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC,CAAC;IAEF,MAAM,YAAY,GAAiB,CAAC,IAAI,EAAE,MAAa,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QACxE,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;QAE5D,IAAI,IAAI,EAAE;YACR,UAAU,CAAC,IAAI,CAAC,IAAA,4BAAiB,EAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;SAC1F;QAED,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC,CAAC;IAEF,MAAM,cAAc,GAAiB,CAAC,MAAM,EAAE,MAAa,EAAE,EAAE;QAC7D,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC;QAE9D,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC,CAAC;IAEF,MAAM,gBAAgB,GAAiB,CAAC,QAAQ,EAAE,MAAa,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QAChF,MAAM,UAAU,GAAG,CAAC,UAAU,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC,CAAC;QAEhE,IAAI,IAAI,EAAE;YACR,UAAU,CAAC,IAAI,CAAC,IAAA,gCAAqB,EAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;SAC9F;QAED,OAAO,IAAA,iBAAS,EAAC,GAAG,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC5C,CAAC,CAAC;IAEF,OAAO;QACL,KAAK,EAAE,aAAa;QACpB,MAAM,EAAE,cAAc;QACtB,KAAK,EAAE,aAAa;QACpB,OAAO,EAAE,eAAe;QACxB,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,cAAc;QACtB,QAAQ,EAAE,gBAAgB;KAC3B,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,0BAA0B,EAAE,CAAC;AAEhD,kBAAe;IACb,UAAU;IACV,UAAU;IACV,QAAQ;CACT,CAAC"}

package/dist/sanitize/sanitizers.d.ts

@@ -0,0 +1,10 @@
+/// <reference types="lodash" />
+import { Data } from '../traverse-entity';
+import type { Model } from '../types';
+declare const sanitizePasswords: (schema: Model) => (entity: Data) => Promise<Data>;
+declare const defaultSanitizeOutput: (schema: Model, entity: Data) => Promise<Data>;
+declare const defaultSanitizeFilters: import("lodash").CurriedFunction2<Model, unknown, Promise<unknown>>;
+declare const defaultSanitizeSort: import("lodash").CurriedFunction2<Model, unknown, Promise<unknown>>;
+declare const defaultSanitizeFields: import("lodash").CurriedFunction2<Model, unknown, Promise<any>>;
+declare const defaultSanitizePopulate: import("lodash").CurriedFunction2<Model, unknown, Promise<unknown>>;
+export { sanitizePasswords, defaultSanitizeOutput, defaultSanitizeFilters, defaultSanitizeSort, defaultSanitizeFields, defaultSanitizePopulate, };

package/dist/sanitize/sanitizers.js

@@ -0,0 +1,114 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultSanitizePopulate = exports.defaultSanitizeFields = exports.defaultSanitizeSort = exports.defaultSanitizeFilters = exports.defaultSanitizeOutput = exports.sanitizePasswords = void 0;
+const fp_1 = require("lodash/fp");
+const async_1 = require("../async");
+const traverse_entity_1 = __importDefault(require("../traverse-entity"));
+const content_types_1 = require("../content-types");
+const traverse_1 = require("../traverse");
+const visitors_1 = require("./visitors");
+const operators_1 = require("../operators");
+const sanitizePasswords = (schema) => async (entity) => {
+    return (0, traverse_entity_1.default)(visitors_1.removePassword, { schema }, entity);
+};
+exports.sanitizePasswords = sanitizePasswords;
+const defaultSanitizeOutput = async (schema, entity) => {
+    return (0, traverse_entity_1.default)((...args) => {
+        (0, visitors_1.removePassword)(...args);
+        (0, visitors_1.removePrivate)(...args);
+    }, { schema }, entity);
+};
+exports.defaultSanitizeOutput = defaultSanitizeOutput;
+const defaultSanitizeFilters = (0, fp_1.curry)((schema, filters) => {
+    return (0, async_1.pipeAsync)(
+    // Remove keys that are not attributes or valid operators
+    (0, traverse_1.traverseQueryFilters)(({ key, attribute }, { remove }) => {
+        const isAttribute = !!attribute;
+        if (!isAttribute && !(0, operators_1.isOperator)(key) && key !== 'id') {
+            remove(key);
+        }
+    }, { schema }), 
+    // Remove dynamic zones from filters
+    (0, traverse_1.traverseQueryFilters)(visitors_1.removeDynamicZones, { schema }), 
+    // Remove morpTo relations from filters
+    (0, traverse_1.traverseQueryFilters)(visitors_1.removeMorphToRelations, { schema }), 
+    // Remove passwords from filters
+    (0, traverse_1.traverseQueryFilters)(visitors_1.removePassword, { schema }), 
+    // Remove private from filters
+    (0, traverse_1.traverseQueryFilters)(visitors_1.removePrivate, { schema }), 
+    // Remove empty objects
+    (0, traverse_1.traverseQueryFilters)(({ key, value }, { remove }) => {
+        if ((0, fp_1.isObject)(value) && (0, fp_1.isEmpty)(value)) {
+            remove(key);
+        }
+    }, { schema }))(filters);
+});
+exports.defaultSanitizeFilters = defaultSanitizeFilters;
+const defaultSanitizeSort = (0, fp_1.curry)((schema, sort) => {
+    return (0, async_1.pipeAsync)(
+    // Remove non attribute keys
+    (0, traverse_1.traverseQuerySort)(({ key, attribute }, { remove }) => {
+        // ID is not an attribute per se, so we need to make
+        // an extra check to ensure we're not removing it
+        if (key === 'id') {
+            return;
+        }
+        if (!attribute) {
+            remove(key);
+        }
+    }, { schema }), 
+    // Remove dynamic zones from sort
+    (0, traverse_1.traverseQuerySort)(visitors_1.removeDynamicZones, { schema }), 
+    // Remove morpTo relations from sort
+    (0, traverse_1.traverseQuerySort)(visitors_1.removeMorphToRelations, { schema }), 
+    // Remove private from sort
+    (0, traverse_1.traverseQuerySort)(visitors_1.removePrivate, { schema }), 
+    // Remove passwords from filters
+    (0, traverse_1.traverseQuerySort)(visitors_1.removePassword, { schema }), 
+    // Remove keys for empty non-scalar values
+    (0, traverse_1.traverseQuerySort)(({ key, attribute, value }, { remove }) => {
+        if (!(0, content_types_1.isScalarAttribute)(attribute) && (0, fp_1.isEmpty)(value)) {
+            remove(key);
+        }
+    }, { schema }))(sort);
+});
+exports.defaultSanitizeSort = defaultSanitizeSort;
+const defaultSanitizeFields = (0, fp_1.curry)((schema, fields) => {
+    return (0, async_1.pipeAsync)(
+    // Only keep scalar attributes
+    (0, traverse_1.traverseQueryFields)(({ key, attribute }, { remove }) => {
+        if ((0, fp_1.isNil)(attribute) || !(0, content_types_1.isScalarAttribute)(attribute)) {
+            remove(key);
+        }
+    }, { schema }), 
+    // Remove private fields
+    (0, traverse_1.traverseQueryFields)(visitors_1.removePrivate, { schema }), 
+    // Remove password fields
+    (0, traverse_1.traverseQueryFields)(visitors_1.removePassword, { schema }), 
+    // Remove nil values from fields array
+    (value) => ((0, fp_1.isArray)(value) ? value.filter((field) => !(0, fp_1.isNil)(field)) : value))(fields);
+});
+exports.defaultSanitizeFields = defaultSanitizeFields;
+const defaultSanitizePopulate = (0, fp_1.curry)((schema, populate) => {
+    return (0, async_1.pipeAsync)((0, traverse_1.traverseQueryPopulate)(async ({ key, value, schema, attribute }, { set }) => {
+        if (attribute) {
+            return;
+        }
+        if (key === 'sort') {
+            set(key, await defaultSanitizeSort(schema, value));
+        }
+        if (key === 'filters') {
+            set(key, await defaultSanitizeFilters(schema, value));
+        }
+        if (key === 'fields') {
+            set(key, await defaultSanitizeFields(schema, value));
+        }
+    }, { schema }), 
+    // Remove private fields
+    (0, traverse_1.traverseQueryPopulate)(visitors_1.removePrivate, { schema }))(populate);
+});
+exports.defaultSanitizePopulate = defaultSanitizePopulate;
+//# sourceMappingURL=sanitizers.js.map

package/dist/sanitize/sanitizers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizers.js","sourceRoot":"","sources":["../../src/sanitize/sanitizers.ts"],"names":[],"mappings":";;;;;;AAAA,kCAAqE;AAErE,oCAAqC;AACrC,yEAA0D;AAC1D,oDAAqD;AAErD,0CAKqB;AAErB,yCAKoB;AACpB,4CAA0C;AAI1C,MAAM,iBAAiB,GAAG,CAAC,MAAa,EAAE,EAAE,CAAC,KAAK,EAAE,MAAY,EAAE,EAAE;IAClE,OAAO,IAAA,yBAAc,EAAC,yBAAc,EAAE,EAAE,MAAM,EAAE,EAAE,MAAM,CAAC,CAAC;AAC5D,CAAC,CAAC;AAmIA,8CAAiB;AAjInB,MAAM,qBAAqB,GAAG,KAAK,EAAE,MAAa,EAAE,MAAY,EAAE,EAAE;IAClE,OAAO,IAAA,yBAAc,EACnB,CAAC,GAAG,IAAI,EAAE,EAAE;QACV,IAAA,yBAAc,EAAC,GAAG,IAAI,CAAC,CAAC;QACxB,IAAA,wBAAa,EAAC,GAAG,IAAI,CAAC,CAAC;IACzB,CAAC,EACD,EAAE,MAAM,EAAE,EACV,MAAM,CACP,CAAC;AACJ,CAAC,CAAC;AAyHA,sDAAqB;AAvHvB,MAAM,sBAAsB,GAAG,IAAA,UAAK,EAAC,CAAC,MAAa,EAAE,OAAgB,EAAE,EAAE;IACvE,OAAO,IAAA,iBAAS;IACd,yDAAyD;IACzD,IAAA,+BAAoB,EAClB,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QACjC,MAAM,WAAW,GAAG,CAAC,CAAC,SAAS,CAAC;QAEhC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAA,sBAAU,EAAC,GAAG,CAAC,IAAI,GAAG,KAAK,IAAI,EAAE;YACpD,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX;IACD,oCAAoC;IACpC,IAAA,+BAAoB,EAAC,6BAAkB,EAAE,EAAE,MAAM,EAAE,CAAC;IACpD,uCAAuC;IACvC,IAAA,+BAAoB,EAAC,iCAAsB,EAAE,EAAE,MAAM,EAAE,CAAC;IACxD,gCAAgC;IAChC,IAAA,+BAAoB,EAAC,yBAAc,EAAE,EAAE,MAAM,EAAE,CAAC;IAChD,8BAA8B;IAC9B,IAAA,+BAAoB,EAAC,wBAAa,EAAE,EAAE,MAAM,EAAE,CAAC;IAC/C,uBAAuB;IACvB,IAAA,+BAAoB,EAClB,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QAC7B,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,IAAI,IAAA,YAAO,EAAC,KAAK,CAAC,EAAE;YACrC,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX,CACF,CAAC,OAAO,CAAC,CAAC;AACb,CAAC,CAAC,CAAC;AAyFD,wDAAsB;AAvFxB,MAAM,mBAAmB,GAAG,IAAA,UAAK,EAAC,CAAC,MAAa,EAAE,IAAa,EAAE,EAAE;IACjE,OAAO,IAAA,iBAAS;IACd,4BAA4B;IAC5B,IAAA,4BAAiB,EACf,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QACjC,oDAAoD;QACpD,iDAAiD;QACjD,IAAI,GAAG,KAAK,IAAI,EAAE;YAChB,OAAO;SACR;QAED,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX;IACD,iCAAiC;IACjC,IAAA,4BAAiB,EAAC,6BAAkB,EAAE,EAAE,MAAM,EAAE,CAAC;IACjD,oCAAoC;IACpC,IAAA,4BAAiB,EAAC,iCAAsB,EAAE,EAAE,MAAM,EAAE,CAAC;IACrD,2BAA2B;IAC3B,IAAA,4BAAiB,EAAC,wBAAa,EAAE,EAAE,MAAM,EAAE,CAAC;IAC5C,gCAAgC;IAChC,IAAA,4BAAiB,EAAC,yBAAc,EAAE,EAAE,MAAM,EAAE,CAAC;IAC7C,0CAA0C;IAC1C,IAAA,4BAAiB,EACf,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QACxC,IAAI,CAAC,IAAA,iCAAiB,EAAC,SAAS,CAAC,IAAI,IAAA,YAAO,EAAC,KAAK,CAAC,EAAE;YACnD,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX,CACF,CAAC,IAAI,CAAC,CAAC;AACV,CAAC,CAAC,CAAC;AAqDD,kDAAmB;AAnDrB,MAAM,qBAAqB,GAAG,IAAA,UAAK,EAAC,CAAC,MAAa,EAAE,MAAe,EAAE,EAAE;IACrE,OAAO,IAAA,iBAAS;IACd,8BAA8B;IAC9B,IAAA,8BAAmB,EACjB,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QACjC,IAAI,IAAA,UAAK,EAAC,SAAS,CAAC,IAAI,CAAC,IAAA,iCAAiB,EAAC,SAAS,CAAC,EAAE;YACrD,MAAM,CAAC,GAAG,CAAC,CAAC;SACb;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX;IACD,wBAAwB;IACxB,IAAA,8BAAmB,EAAC,wBAAa,EAAE,EAAE,MAAM,EAAE,CAAC;IAC9C,yBAAyB;IACzB,IAAA,8BAAmB,EAAC,yBAAc,EAAE,EAAE,MAAM,EAAE,CAAC;IAC/C,sCAAsC;IACtC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAA,YAAO,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAA,UAAK,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAC7E,CAAC,MAAM,CAAC,CAAC;AACZ,CAAC,CAAC,CAAC;AAkCD,sDAAqB;AAhCvB,MAAM,uBAAuB,GAAG,IAAA,UAAK,EAAC,CAAC,MAAa,EAAE,QAAiB,EAAE,EAAE;IACzE,OAAO,IAAA,iBAAS,EACd,IAAA,gCAAqB,EACnB,KAAK,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QACnD,IAAI,SAAS,EAAE;YACb,OAAO;SACR;QAED,IAAI,GAAG,KAAK,MAAM,EAAE;YAClB,GAAG,CAAC,GAAG,EAAE,MAAM,mBAAmB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;SACpD;QAED,IAAI,GAAG,KAAK,SAAS,EAAE;YACrB,GAAG,CAAC,GAAG,EAAE,MAAM,sBAAsB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;SACvD;QAED,IAAI,GAAG,KAAK,QAAQ,EAAE;YACpB,GAAG,CAAC,GAAG,EAAE,MAAM,qBAAqB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;SACtD;IACH,CAAC,EACD,EAAE,MAAM,EAAE,CACX;IACD,wBAAwB;IACxB,IAAA,gCAAqB,EAAC,wBAAa,EAAE,EAAE,MAAM,EAAE,CAAC,CACjD,CAAC,QAAQ,CAAC,CAAC;AACd,CAAC,CAAC,CAAC;AAQD,0DAAuB"}

package/dist/sanitize/visitors/allowed-fields.d.ts

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse/factory';
+declare const _default: (allowedFields?: string[] | null) => Visitor;
+export default _default;

package/{lib → dist}/sanitize/visitors/allowed-fields.js

@@ -1,26 +1,19 @@
-'use strict';
-
-const { isArray, isNil, toPath } = require('lodash/fp');
-
-module.exports =
-  (allowedFields = null) =>
-  ({ key, path: { attribute: path } }, { remove }) => {
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const fp_1 = require("lodash/fp");
+exports.default = (allowedFields = null) => ({ key, path: { attribute: path } }, { remove }) => {
     // All fields are allowed
     if (allowedFields === null) {
-      return;
+        return;
     }
-
     // Ignore invalid formats
-    if (!isArray(allowedFields)) {
-      return;
+    if (!(0, fp_1.isArray)(allowedFields)) {
+        return;
     }
-
-    if (isNil(path)) {
-      return;
+    if ((0, fp_1.isNil)(path)) {
+        return;
     }
-
     const containedPaths = getContainedPaths(path);
-
     /**
      * Tells if the current path should be kept or not based
      * on the success of the check functions for any of the allowed paths.
@@ -59,24 +52,16 @@ module.exports =
      * // it should match but isn't handled by this check
      * ```
      */
-    const isPathAllowed = allowedFields.some(
-      (p) => containedPaths.includes(p) || p.startsWith(`${path}.`)
-    );
-
+    const isPathAllowed = allowedFields.some((p) => containedPaths.includes(p) || p.startsWith(`${path}.`));
     if (isPathAllowed) {
-      return;
+        return;
     }
-
     // Remove otherwise
     remove(key);
-  };
-
+};
 /**
  * Retrieve the list of allowed paths based on the given path
  *
- * @param {string} path
- * @return {string[]}
- *
  * @example
  * ```js
  * const containedPaths = getContainedPaths('foo');
@@ -90,9 +75,9 @@ module.exports =
  * ```
  */
 const getContainedPaths = (path) => {
-  const parts = toPath(path);
-
-  return parts.reduce((acc, value, index, list) => {
-    return [...acc, list.slice(0, index + 1).join('.')];
-  }, []);
+    const parts = (0, fp_1.toPath)(path);
+    return parts.reduce((acc, value, index, list) => {
+        return [...acc, list.slice(0, index + 1).join('.')];
+    }, []);
 };
+//# sourceMappingURL=allowed-fields.js.map

package/dist/sanitize/visitors/allowed-fields.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"allowed-fields.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/allowed-fields.ts"],"names":[],"mappings":";;AAAA,kCAAmD;AAGnD,kBAAe,CAAC,gBAAiC,IAAI,EAAW,EAAE,CAChE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IACjD,yBAAyB;IACzB,IAAI,aAAa,KAAK,IAAI,EAAE;QAC1B,OAAO;KACR;IAED,yBAAyB;IACzB,IAAI,CAAC,IAAA,YAAO,EAAC,aAAa,CAAC,EAAE;QAC3B,OAAO;KACR;IAED,IAAI,IAAA,UAAK,EAAC,IAAI,CAAC,EAAE;QACf,OAAO;KACR;IAED,MAAM,cAAc,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAE/C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAqCG;IACH,MAAM,aAAa,GAAG,aAAa,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,CAC9D,CAAC;IAEF,IAAI,aAAa,EAAE;QACjB,OAAO;KACR;IAED,mBAAmB;IACnB,MAAM,CAAC,GAAG,CAAC,CAAC;AACd,CAAC,CAAC;AAEJ;;;;;;;;;;;;;;GAcG;AACH,MAAM,iBAAiB,GAAG,CAAC,IAAY,EAAE,EAAE;IACzC,MAAM,KAAK,GAAG,IAAA,WAAM,EAAC,IAAI,CAAC,CAAC;IAE3B,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAC9C,OAAO,CAAC,GAAG,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACtD,CAAC,EAAE,EAAc,CAAC,CAAC;AACrB,CAAC,CAAC"}

package/dist/sanitize/visitors/index.d.ts

@@ -0,0 +1,7 @@
+export { default as removePassword } from './remove-password';
+export { default as removePrivate } from './remove-private';
+export { default as removeRestrictedRelations } from './remove-restricted-relations';
+export { default as removeMorphToRelations } from './remove-morph-to-relations';
+export { default as removeDynamicZones } from './remove-dynamic-zones';
+export { default as allowedFields } from './allowed-fields';
+export { default as restrictedFields } from './restricted-fields';

package/dist/sanitize/visitors/index.js

@@ -0,0 +1,21 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.restrictedFields = exports.allowedFields = exports.removeDynamicZones = exports.removeMorphToRelations = exports.removeRestrictedRelations = exports.removePrivate = exports.removePassword = void 0;
+var remove_password_1 = require("./remove-password");
+Object.defineProperty(exports, "removePassword", { enumerable: true, get: function () { return __importDefault(remove_password_1).default; } });
+var remove_private_1 = require("./remove-private");
+Object.defineProperty(exports, "removePrivate", { enumerable: true, get: function () { return __importDefault(remove_private_1).default; } });
+var remove_restricted_relations_1 = require("./remove-restricted-relations");
+Object.defineProperty(exports, "removeRestrictedRelations", { enumerable: true, get: function () { return __importDefault(remove_restricted_relations_1).default; } });
+var remove_morph_to_relations_1 = require("./remove-morph-to-relations");
+Object.defineProperty(exports, "removeMorphToRelations", { enumerable: true, get: function () { return __importDefault(remove_morph_to_relations_1).default; } });
+var remove_dynamic_zones_1 = require("./remove-dynamic-zones");
+Object.defineProperty(exports, "removeDynamicZones", { enumerable: true, get: function () { return __importDefault(remove_dynamic_zones_1).default; } });
+var allowed_fields_1 = require("./allowed-fields");
+Object.defineProperty(exports, "allowedFields", { enumerable: true, get: function () { return __importDefault(allowed_fields_1).default; } });
+var restricted_fields_1 = require("./restricted-fields");
+Object.defineProperty(exports, "restrictedFields", { enumerable: true, get: function () { return __importDefault(restricted_fields_1).default; } });
+//# sourceMappingURL=index.js.map

package/dist/sanitize/visitors/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/index.ts"],"names":[],"mappings":";;;;;;AAAA,qDAA8D;AAArD,kIAAA,OAAO,OAAkB;AAClC,mDAA4D;AAAnD,gIAAA,OAAO,OAAiB;AACjC,6EAAqF;AAA5E,yJAAA,OAAO,OAA6B;AAC7C,yEAAgF;AAAvE,oJAAA,OAAO,OAA0B;AAC1C,+DAAuE;AAA9D,2IAAA,OAAO,OAAsB;AACtC,mDAA4D;AAAnD,gIAAA,OAAO,OAAiB;AACjC,yDAAkE;AAAzD,sIAAA,OAAO,OAAoB"}

package/dist/sanitize/visitors/remove-dynamic-zones.d.ts

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse/factory';
+declare const visitor: Visitor;
+export default visitor;

package/dist/sanitize/visitors/remove-dynamic-zones.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const content_types_1 = require("../../content-types");
+const visitor = ({ key, attribute }, { remove }) => {
+    if ((0, content_types_1.isDynamicZoneAttribute)(attribute)) {
+        remove(key);
+    }
+};
+exports.default = visitor;
+//# sourceMappingURL=remove-dynamic-zones.js.map

package/dist/sanitize/visitors/remove-dynamic-zones.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-dynamic-zones.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/remove-dynamic-zones.ts"],"names":[],"mappings":";;AAAA,uDAA6D;AAG7D,MAAM,OAAO,GAAY,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IAC1D,IAAI,IAAA,sCAAsB,EAAC,SAAS,CAAC,EAAE;QACrC,MAAM,CAAC,GAAG,CAAC,CAAC;KACb;AACH,CAAC,CAAC;AAEF,kBAAe,OAAO,CAAC"}

package/dist/sanitize/visitors/remove-morph-to-relations.d.ts

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse/factory';
+declare const visitor: Visitor;
+export default visitor;

package/dist/sanitize/visitors/remove-morph-to-relations.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const content_types_1 = require("../../content-types");
+const visitor = ({ key, attribute }, { remove }) => {
+    if ((0, content_types_1.isMorphToRelationalAttribute)(attribute)) {
+        remove(key);
+    }
+};
+exports.default = visitor;
+//# sourceMappingURL=remove-morph-to-relations.js.map

package/dist/sanitize/visitors/remove-morph-to-relations.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-morph-to-relations.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/remove-morph-to-relations.ts"],"names":[],"mappings":";;AAAA,uDAAmE;AAGnE,MAAM,OAAO,GAAY,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IAC1D,IAAI,IAAA,4CAA4B,EAAC,SAAS,CAAC,EAAE;QAC3C,MAAM,CAAC,GAAG,CAAC,CAAC;KACb;AACH,CAAC,CAAC;AAEF,kBAAe,OAAO,CAAC"}

package/dist/sanitize/visitors/remove-password.d.ts

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse/factory';
+declare const visitor: Visitor;
+export default visitor;

package/dist/sanitize/visitors/remove-password.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const visitor = ({ key, attribute }, { remove }) => {
+    if (attribute?.type === 'password') {
+        remove(key);
+    }
+};
+exports.default = visitor;
+//# sourceMappingURL=remove-password.js.map

package/dist/sanitize/visitors/remove-password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-password.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/remove-password.ts"],"names":[],"mappings":";;AAEA,MAAM,OAAO,GAAY,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IAC1D,IAAI,SAAS,EAAE,IAAI,KAAK,UAAU,EAAE;QAClC,MAAM,CAAC,GAAG,CAAC,CAAC;KACb;AACH,CAAC,CAAC;AAEF,kBAAe,OAAO,CAAC"}

package/dist/sanitize/visitors/remove-private.d.ts

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse/factory';
+declare const visitor: Visitor;
+export default visitor;

package/dist/sanitize/visitors/remove-private.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const content_types_1 = require("../../content-types");
+const visitor = ({ schema, key, attribute }, { remove }) => {
+    if (!attribute) {
+        return;
+    }
+    const isPrivate = attribute.private === true || (0, content_types_1.isPrivateAttribute)(schema, key);
+    if (isPrivate) {
+        remove(key);
+    }
+};
+exports.default = visitor;
+//# sourceMappingURL=remove-private.js.map

package/dist/sanitize/visitors/remove-private.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove-private.js","sourceRoot":"","sources":["../../../src/sanitize/visitors/remove-private.ts"],"names":[],"mappings":";;AAAA,uDAAyD;AAGzD,MAAM,OAAO,GAAY,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IAClE,IAAI,CAAC,SAAS,EAAE;QACd,OAAO;KACR;IAED,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,KAAK,IAAI,IAAI,IAAA,kCAAkB,EAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAEhF,IAAI,SAAS,EAAE;QACb,MAAM,CAAC,GAAG,CAAC,CAAC;KACb;AACH,CAAC,CAAC;AAEF,kBAAe,OAAO,CAAC"}

package/dist/sanitize/visitors/remove-restricted-relations.d.ts

@@ -0,0 +1,3 @@
+import type { Visitor } from '../../traverse/factory';
+declare const _default: (auth: unknown) => Visitor;
+export default _default;

package/dist/sanitize/visitors/remove-restricted-relations.js

@@ -0,0 +1,88 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const contentTypeUtils = __importStar(require("../../content-types"));
+const ACTIONS_TO_VERIFY = ['find'];
+const { CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE } = contentTypeUtils.constants;
+exports.default = (auth) => async ({ data, key, attribute, schema }, { remove, set }) => {
+    if (!attribute) {
+        return;
+    }
+    const isRelation = attribute.type === 'relation';
+    if (!isRelation) {
+        return;
+    }
+    const handleMorphRelation = async () => {
+        const newMorphValue = [];
+        for (const element of data[key]) {
+            const scopes = ACTIONS_TO_VERIFY.map((action) => `${element.__type}.${action}`);
+            const isAllowed = await hasAccessToSomeScopes(scopes, auth);
+            if (isAllowed) {
+                newMorphValue.push(element);
+            }
+        }
+        // If the new value is empty, remove the relation completely
+        if (newMorphValue.length === 0) {
+            remove(key);
+        }
+        else {
+            set(key, newMorphValue);
+        }
+    };
+    const handleRegularRelation = async () => {
+        const scopes = ACTIONS_TO_VERIFY.map((action) => `${attribute.target}.${action}`);
+        const isAllowed = await hasAccessToSomeScopes(scopes, auth);
+        // If the authenticated user don't have access to any of the scopes, then remove the field
+        if (!isAllowed) {
+            remove(key);
+        }
+    };
+    const isCreatorRelation = [CREATED_BY_ATTRIBUTE, UPDATED_BY_ATTRIBUTE].includes(key);
+    // Polymorphic relations
+    if (contentTypeUtils.isMorphToRelationalAttribute(attribute)) {
+        await handleMorphRelation();
+        return;
+    }
+    // Creator relations
+    if (isCreatorRelation && schema.options.populateCreatorFields) {
+        // do nothing
+        return;
+    }
+    // Regular relations
+    await handleRegularRelation();
+};
+const hasAccessToSomeScopes = async (scopes, auth) => {
+    for (const scope of scopes) {
+        try {
+            await strapi.auth.verify(auth, { scope });
+            return true;
+        }
+        catch {
+            continue;
+        }
+    }
+    return false;
+};
+//# sourceMappingURL=remove-restricted-relations.js.map