@strapi/utils 5.0.0-rc.11 → 5.0.0-rc.13

package/dist/index.mjs

@@ -1857,10 +1857,17 @@ const populate = traverseFactory().intercept(isStringArray$1, async (visitor2, o
   }
 });
 const traverseQueryPopulate = curry(populate.traverse);
-const isStringArray = (value) => isArray(value) && value.every(isString);
+const isStringArray = (value) => {
+  return isArray(value) && value.every(isString);
+};
 const fields = traverseFactory().intercept(isStringArray, async (visitor2, options, fields2, { recurse }) => {
   return Promise.all(fields2.map((field) => recurse(visitor2, options, field)));
-}).intercept((value) => eq("*", value), constant("*")).parse(isString, () => ({
+}).intercept(
+  (value) => isString(value) && value.includes(","),
+  (visitor2, options, fields2, { recurse }) => {
+    return Promise.all(fields2.split(",").map((field) => recurse(visitor2, options, field)));
+  }
+).intercept((value) => eq("*", value), constant("*")).parse(isString, () => ({
   transform: trim,
   remove(key, data) {
     return data === key ? void 0 : data;
@@ -2161,6 +2168,15 @@ const throwInvalidKey = ({ key, path }) => {
     path
   });
 };
+const asyncCurry = (fn) => {
+  const curried = (...args) => {
+    if (args.length >= fn.length) {
+      return fn(...args);
+    }
+    return (...moreArgs) => curried(...args, ...moreArgs);
+  };
+  return curried;
+};
 const visitor$3 = ({ key, attribute, path }) => {
   if (attribute?.type === "password") {
     throwInvalidKey({ key, path: path.attribute });
@@ -2326,154 +2342,294 @@ const throwPasswords = (ctx) => async (entity) => {
   }
   return traverseEntity$1(visitor$3, ctx, entity);
 };
-const defaultValidateFilters = curry((ctx, filters2) => {
-  if (!ctx.schema) {
-    throw new Error("Missing schema in defaultValidateFilters");
+const FILTER_TRAVERSALS = [
+  "nonAttributesOperators",
+  "dynamicZones",
+  "morphRelations",
+  "passwords",
+  "private"
+];
+const validateFilters = asyncCurry(
+  async (ctx, filters2, include) => {
+    if (!ctx.schema) {
+      throw new Error("Missing schema in defaultValidateFilters");
+    }
+    const functionsToApply = [];
+    if (include.includes("nonAttributesOperators")) {
+      functionsToApply.push(
+        traverseQueryFilters(({ key, attribute, path }) => {
+          if ([ID_ATTRIBUTE$1, DOC_ID_ATTRIBUTE$1].includes(key)) {
+            return;
+          }
+          const isAttribute = !!attribute;
+          if (!isAttribute && !isOperator(key)) {
+            throwInvalidKey({ key, path: path.attribute });
+          }
+        }, ctx)
+      );
+    }
+    if (include.includes("dynamicZones")) {
+      functionsToApply.push(traverseQueryFilters(visitor, ctx));
+    }
+    if (include.includes("morphRelations")) {
+      functionsToApply.push(traverseQueryFilters(visitor$1, ctx));
+    }
+    if (include.includes("passwords")) {
+      functionsToApply.push(traverseQueryFilters(visitor$3, ctx));
+    }
+    if (include.includes("private")) {
+      functionsToApply.push(traverseQueryFilters(visitor$2, ctx));
+    }
+    if (functionsToApply.length === 0) {
+      return filters2;
+    }
+    return pipe(...functionsToApply)(filters2);
   }
-  return pipe(
-    // keys that are not attributes or valid operators
-    traverseQueryFilters(({ key, attribute, path }) => {
-      if ([ID_ATTRIBUTE$1, DOC_ID_ATTRIBUTE$1].includes(key)) {
-        return;
-      }
-      const isAttribute = !!attribute;
-      if (!isAttribute && !isOperator(key)) {
-        throwInvalidKey({ key, path: path.attribute });
-      }
-    }, ctx),
-    // dynamic zones from filters
-    traverseQueryFilters(visitor, ctx),
-    // morphTo relations from filters; because you can't have deep filtering on morph relations
-    traverseQueryFilters(visitor$1, ctx),
-    // passwords from filters
-    traverseQueryFilters(visitor$3, ctx),
-    // private from filters
-    traverseQueryFilters(visitor$2, ctx)
-    // we allow empty objects to validate and only sanitize them out, so that users may write "lazy" queries without checking their params exist
-  )(filters2);
+);
+const defaultValidateFilters = asyncCurry(async (ctx, filters2) => {
+  return validateFilters(ctx, filters2, FILTER_TRAVERSALS);
 });
-const defaultValidateSort = curry((ctx, sort2) => {
-  if (!ctx.schema) {
-    throw new Error("Missing schema in defaultValidateSort");
+const SORT_TRAVERSALS = [
+  "nonAttributesOperators",
+  "dynamicZones",
+  "morphRelations",
+  "passwords",
+  "private",
+  "nonScalarEmptyKeys"
+];
+const validateSort = asyncCurry(
+  async (ctx, sort2, include) => {
+    if (!ctx.schema) {
+      throw new Error("Missing schema in defaultValidateSort");
+    }
+    const functionsToApply = [];
+    if (include.includes("nonAttributesOperators")) {
+      functionsToApply.push(
+        traverseQuerySort(({ key, attribute, path }) => {
+          if ([ID_ATTRIBUTE$1, DOC_ID_ATTRIBUTE$1].includes(key)) {
+            return;
+          }
+          if (!attribute) {
+            throwInvalidKey({ key, path: path.attribute });
+          }
+        }, ctx)
+      );
+    }
+    if (include.includes("dynamicZones")) {
+      functionsToApply.push(traverseQuerySort(visitor, ctx));
+    }
+    if (include.includes("morphRelations")) {
+      functionsToApply.push(traverseQuerySort(visitor$1, ctx));
+    }
+    if (include.includes("passwords")) {
+      functionsToApply.push(traverseQuerySort(visitor$3, ctx));
+    }
+    if (include.includes("private")) {
+      functionsToApply.push(traverseQuerySort(visitor$2, ctx));
+    }
+    if (include.includes("nonScalarEmptyKeys")) {
+      functionsToApply.push(
+        traverseQuerySort(({ key, attribute, value, path }) => {
+          if ([ID_ATTRIBUTE$1, DOC_ID_ATTRIBUTE$1].includes(key)) {
+            return;
+          }
+          if (!isScalarAttribute(attribute) && isEmpty(value)) {
+            throwInvalidKey({ key, path: path.attribute });
+          }
+        }, ctx)
+      );
+    }
+    if (functionsToApply.length === 0) {
+      return sort2;
+    }
+    return pipe(...functionsToApply)(sort2);
   }
-  return pipe(
-    // non attribute keys
-    traverseQuerySort(({ key, attribute, path }) => {
-      if ([ID_ATTRIBUTE$1, DOC_ID_ATTRIBUTE$1].includes(key)) {
-        return;
-      }
-      if (!attribute) {
-        throwInvalidKey({ key, path: path.attribute });
-      }
-    }, ctx),
-    // dynamic zones from sort
-    traverseQuerySort(visitor, ctx),
-    // morphTo relations from sort
-    traverseQuerySort(visitor$1, ctx),
-    // private from sort
-    traverseQuerySort(visitor$2, ctx),
-    // passwords from filters
-    traverseQuerySort(visitor$3, ctx),
-    // keys for empty non-scalar values
-    traverseQuerySort(({ key, attribute, value, path }) => {
-      if ([ID_ATTRIBUTE$1, DOC_ID_ATTRIBUTE$1].includes(key)) {
-        return;
-      }
-      if (!isScalarAttribute(attribute) && isEmpty(value)) {
-        throwInvalidKey({ key, path: path.attribute });
-      }
-    }, ctx)
-  )(sort2);
+);
+const defaultValidateSort = asyncCurry(async (ctx, sort2) => {
+  return validateSort(ctx, sort2, SORT_TRAVERSALS);
 });
-const defaultValidateFields = curry((ctx, fields2) => {
-  if (!ctx.schema) {
-    throw new Error("Missing schema in defaultValidateFields");
+const FIELDS_TRAVERSALS = ["scalarAttributes", "privateFields", "passwordFields"];
+const validateFields = asyncCurry(
+  async (ctx, fields2, include) => {
+    if (!ctx.schema) {
+      throw new Error("Missing schema in defaultValidateFields");
+    }
+    const functionsToApply = [];
+    if (include.includes("scalarAttributes")) {
+      functionsToApply.push(
+        traverseQueryFields(({ key, attribute, path }) => {
+          if ([ID_ATTRIBUTE$1, DOC_ID_ATTRIBUTE$1].includes(key)) {
+            return;
+          }
+          if (isNil(attribute) || !isScalarAttribute(attribute)) {
+            throwInvalidKey({ key, path: path.attribute });
+          }
+        }, ctx)
+      );
+    }
+    if (include.includes("privateFields")) {
+      functionsToApply.push(traverseQueryFields(visitor$2, ctx));
+    }
+    if (include.includes("passwordFields")) {
+      functionsToApply.push(traverseQueryFields(visitor$3, ctx));
+    }
+    if (functionsToApply.length === 0) {
+      return fields2;
+    }
+    return pipe(...functionsToApply)(fields2);
   }
-  return pipe(
-    // Only allow scalar attributes
-    traverseQueryFields(({ key, attribute, path }) => {
-      if ([ID_ATTRIBUTE$1, DOC_ID_ATTRIBUTE$1].includes(key)) {
-        return;
-      }
-      if (isNil(attribute) || !isScalarAttribute(attribute)) {
-        throwInvalidKey({ key, path: path.attribute });
-      }
-    }, ctx),
-    // private fields
-    traverseQueryFields(visitor$2, ctx),
-    // password fields
-    traverseQueryFields(visitor$3, ctx)
-  )(fields2);
+);
+const defaultValidateFields = asyncCurry(async (ctx, fields2) => {
+  return validateFields(ctx, fields2, FIELDS_TRAVERSALS);
 });
-const defaultValidatePopulate = curry((ctx, populate2) => {
+const POPULATE_TRAVERSALS = ["nonAttributesOperators", "private"];
+const validatePopulate = asyncCurry(
+  async (ctx, populate2, includes) => {
+    if (!ctx.schema) {
+      throw new Error("Missing schema in defaultValidatePopulate");
+    }
+    const functionsToApply = [];
+    functionsToApply.push(
+      traverseQueryPopulate(async ({ key, path, value, schema, attribute, getModel }, { set }) => {
+        if (attribute) {
+          const isPopulatableAttribute = ["relation", "dynamiczone", "component", "media"].includes(
+            attribute.type
+          );
+          if (!isPopulatableAttribute) {
+            throwInvalidKey({ key, path: path.raw });
+          }
+          return;
+        }
+        if (key === "on") {
+          if (!isObject(value)) {
+            return throwInvalidKey({ key, path: path.raw });
+          }
+          const targets = Object.keys(value);
+          for (const target of targets) {
+            const model = getModel(target);
+            if (!model) {
+              throwInvalidKey({ key: target, path: `${path.raw}.${target}` });
+            }
+          }
+          return;
+        }
+        if (key === "" && value === "*") {
+          return;
+        }
+        if (key === "count") {
+          try {
+            parseType({ type: "boolean", value });
+            return;
+          } catch {
+            throwInvalidKey({ key, path: path.attribute });
+          }
+        }
+        try {
+          parseType({ type: "boolean", value: key });
+          return;
+        } catch {
+        }
+        if (key === "sort") {
+          set(
+            key,
+            await validateSort(
+              {
+                schema,
+                getModel
+              },
+              value,
+              // pass the sort value
+              includes?.sort || SORT_TRAVERSALS
+            )
+          );
+          return;
+        }
+        if (key === "filters") {
+          set(
+            key,
+            await validateFilters(
+              {
+                schema,
+                getModel
+              },
+              value,
+              // pass the filters value
+              includes?.filters || FILTER_TRAVERSALS
+            )
+          );
+          return;
+        }
+        if (key === "fields") {
+          set(
+            key,
+            await validateFields(
+              {
+                schema,
+                getModel
+              },
+              value,
+              // pass the fields value
+              includes?.fields || FIELDS_TRAVERSALS
+            )
+          );
+          return;
+        }
+        if (key === "populate") {
+          set(
+            key,
+            await validatePopulate(
+              {
+                schema,
+                getModel
+              },
+              value,
+              // pass the nested populate value
+              includes
+              // pass down the same includes object
+            )
+          );
+          return;
+        }
+        if (includes?.populate?.includes("nonAttributesOperators")) {
+          throwInvalidKey({ key, path: path.attribute });
+        }
+      }, ctx)
+    );
+    if (includes?.populate?.includes("private")) {
+      functionsToApply.push(traverseQueryPopulate(visitor$2, ctx));
+    }
+    if (functionsToApply.length === 0) {
+      return populate2;
+    }
+    return pipe(...functionsToApply)(populate2);
+  }
+);
+const defaultValidatePopulate = asyncCurry(async (ctx, populate2) => {
   if (!ctx.schema) {
     throw new Error("Missing schema in defaultValidatePopulate");
   }
-  return pipe(
-    traverseQueryPopulate(async ({ key, value, schema, attribute, getModel }, { set }) => {
-      if (attribute) {
-        return;
-      }
-      if (key === "sort") {
-        set(
-          key,
-          await defaultValidateSort(
-            {
-              schema,
-              getModel
-            },
-            value
-          )
-        );
-      }
-      if (key === "filters") {
-        set(
-          key,
-          await defaultValidateFilters(
-            {
-              schema,
-              getModel
-            },
-            value
-          )
-        );
-      }
-      if (key === "fields") {
-        set(
-          key,
-          await defaultValidateFields(
-            {
-              schema,
-              getModel
-            },
-            value
-          )
-        );
-      }
-      if (key === "populate") {
-        set(
-          key,
-          await defaultValidatePopulate(
-            {
-              schema,
-              getModel
-            },
-            value
-          )
-        );
-      }
-    }, ctx),
-    // Remove private fields
-    traverseQueryPopulate(visitor$2, ctx)
-  )(populate2);
+  return validatePopulate(ctx, populate2, {
+    filters: FILTER_TRAVERSALS,
+    sort: SORT_TRAVERSALS,
+    fields: FIELDS_TRAVERSALS,
+    populate: POPULATE_TRAVERSALS
+  });
 });
 const validators = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   __proto__: null,
+  FIELDS_TRAVERSALS,
+  FILTER_TRAVERSALS,
+  POPULATE_TRAVERSALS,
+  SORT_TRAVERSALS,
   defaultValidateFields,
   defaultValidateFilters,
   defaultValidatePopulate,
   defaultValidateSort,
-  throwPasswords
+  throwPasswords,
+  validateFields,
+  validateFilters,
+  validatePopulate,
+  validateSort
 }, Symbol.toStringTag, { value: "Module" }));
 const { ID_ATTRIBUTE, DOC_ID_ATTRIBUTE } = constants$1;
 const createAPIValidators = (opts) => {
@@ -2528,24 +2684,24 @@ const createAPIValidators = (opts) => {
     }
     const { filters: filters2, sort: sort2, fields: fields2, populate: populate2 } = query;
     if (filters2) {
-      await validateFilters(filters2, schema, { auth });
+      await validateFilters2(filters2, schema, { auth });
     }
     if (sort2) {
-      await validateSort(sort2, schema, { auth });
+      await validateSort2(sort2, schema, { auth });
     }
     if (fields2) {
-      await validateFields(fields2, schema);
+      await validateFields2(fields2, schema);
     }
     if (populate2 && populate2 !== "*") {
-      await validatePopulate(populate2, schema);
+      await validatePopulate2(populate2, schema);
     }
   };
-  const validateFilters = async (filters2, schema, { auth } = {}) => {
+  const validateFilters2 = async (filters2, schema, { auth } = {}) => {
     if (!schema) {
       throw new Error("Missing schema in validateFilters");
     }
     if (isArray(filters2)) {
-      await Promise.all(filters2.map((filter) => validateFilters(filter, schema, { auth })));
+      await Promise.all(filters2.map((filter) => validateFilters2(filter, schema, { auth })));
       return;
     }
     const transforms = [defaultValidateFilters({ schema, getModel })];
@@ -2567,7 +2723,7 @@ const createAPIValidators = (opts) => {
       throw e;
     }
   };
-  const validateSort = async (sort2, schema, { auth } = {}) => {
+  const validateSort2 = async (sort2, schema, { auth } = {}) => {
     if (!schema) {
       throw new Error("Missing schema in validateSort");
     }
@@ -2590,7 +2746,7 @@ const createAPIValidators = (opts) => {
       throw e;
     }
   };
-  const validateFields = async (fields2, schema) => {
+  const validateFields2 = async (fields2, schema) => {
     if (!schema) {
       throw new Error("Missing schema in validateFields");
     }
@@ -2605,7 +2761,7 @@ const createAPIValidators = (opts) => {
       throw e;
     }
   };
-  const validatePopulate = async (populate2, schema, { auth } = {}) => {
+  const validatePopulate2 = async (populate2, schema, { auth } = {}) => {
     if (!schema) {
       throw new Error("Missing schema in sanitizePopulate");
     }
@@ -2631,10 +2787,10 @@ const createAPIValidators = (opts) => {
   return {
     input: validateInput,
     query: validateQuery,
-    filters: validateFilters,
-    sort: validateSort,
-    fields: validateFields,
-    populate: validatePopulate
+    filters: validateFilters2,
+    sort: validateSort2,
+    fields: validateFields2,
+    populate: validatePopulate2
   };
 };
 const index = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({