@strapi/utils 5.37.0 → 5.38.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (146) hide show
  1. package/dist/async.js.map +1 -1
  2. package/dist/async.mjs.map +1 -1
  3. package/dist/content-api-constants.js.map +1 -1
  4. package/dist/content-api-constants.mjs.map +1 -1
  5. package/dist/content-api-route-params.js.map +1 -1
  6. package/dist/content-api-route-params.mjs.map +1 -1
  7. package/dist/content-api-router.js.map +1 -1
  8. package/dist/content-api-router.mjs.map +1 -1
  9. package/dist/content-types.js.map +1 -1
  10. package/dist/content-types.mjs +1 -1
  11. package/dist/content-types.mjs.map +1 -1
  12. package/dist/convert-query-params.js.map +1 -1
  13. package/dist/convert-query-params.mjs +2 -2
  14. package/dist/convert-query-params.mjs.map +1 -1
  15. package/dist/env-helper.js.map +1 -1
  16. package/dist/env-helper.mjs.map +1 -1
  17. package/dist/errors.js.map +1 -1
  18. package/dist/errors.mjs.map +1 -1
  19. package/dist/file.js.map +1 -1
  20. package/dist/file.mjs.map +1 -1
  21. package/dist/format-yup-error.js.map +1 -1
  22. package/dist/format-yup-error.mjs.map +1 -1
  23. package/dist/hooks.js.map +1 -1
  24. package/dist/hooks.mjs.map +1 -1
  25. package/dist/import-default.js.map +1 -1
  26. package/dist/import-default.mjs.map +1 -1
  27. package/dist/index.js +4 -4
  28. package/dist/index.mjs +4 -4
  29. package/dist/install-id.js.map +1 -1
  30. package/dist/install-id.mjs.map +1 -1
  31. package/dist/model-cache.js.map +1 -1
  32. package/dist/model-cache.mjs.map +1 -1
  33. package/dist/operators.js.map +1 -1
  34. package/dist/operators.mjs.map +1 -1
  35. package/dist/package-manager.js.map +1 -1
  36. package/dist/package-manager.mjs.map +1 -1
  37. package/dist/pagination.js.map +1 -1
  38. package/dist/pagination.mjs +1 -1
  39. package/dist/pagination.mjs.map +1 -1
  40. package/dist/parse-type.js.map +1 -1
  41. package/dist/parse-type.mjs.map +1 -1
  42. package/dist/policy.js.map +1 -1
  43. package/dist/policy.mjs.map +1 -1
  44. package/dist/primitives/arrays.js.map +1 -1
  45. package/dist/primitives/arrays.mjs.map +1 -1
  46. package/dist/primitives/dates.js.map +1 -1
  47. package/dist/primitives/dates.mjs.map +1 -1
  48. package/dist/primitives/objects.js.map +1 -1
  49. package/dist/primitives/objects.mjs.map +1 -1
  50. package/dist/primitives/strings.js.map +1 -1
  51. package/dist/primitives/strings.mjs.map +1 -1
  52. package/dist/print-value.js.map +1 -1
  53. package/dist/print-value.mjs.map +1 -1
  54. package/dist/provider-factory.js.map +1 -1
  55. package/dist/provider-factory.mjs +1 -1
  56. package/dist/provider-factory.mjs.map +1 -1
  57. package/dist/relations.js.map +1 -1
  58. package/dist/relations.mjs.map +1 -1
  59. package/dist/route-serialization.js.map +1 -1
  60. package/dist/route-serialization.mjs.map +1 -1
  61. package/dist/sanitize/index.js +1 -1
  62. package/dist/sanitize/index.js.map +1 -1
  63. package/dist/sanitize/index.mjs +4 -4
  64. package/dist/sanitize/index.mjs.map +1 -1
  65. package/dist/sanitize/sanitizers.js +1 -0
  66. package/dist/sanitize/sanitizers.js.map +1 -1
  67. package/dist/sanitize/sanitizers.mjs +2 -1
  68. package/dist/sanitize/sanitizers.mjs.map +1 -1
  69. package/dist/sanitize/visitors/expand-wildcard-populate.js.map +1 -1
  70. package/dist/sanitize/visitors/expand-wildcard-populate.mjs.map +1 -1
  71. package/dist/sanitize/visitors/remove-disallowed-fields.js.map +1 -1
  72. package/dist/sanitize/visitors/remove-disallowed-fields.mjs.map +1 -1
  73. package/dist/sanitize/visitors/remove-dynamic-zones.js.map +1 -1
  74. package/dist/sanitize/visitors/remove-dynamic-zones.mjs.map +1 -1
  75. package/dist/sanitize/visitors/remove-morph-to-relations.js.map +1 -1
  76. package/dist/sanitize/visitors/remove-morph-to-relations.mjs.map +1 -1
  77. package/dist/sanitize/visitors/remove-password.js.map +1 -1
  78. package/dist/sanitize/visitors/remove-password.mjs.map +1 -1
  79. package/dist/sanitize/visitors/remove-private.js.map +1 -1
  80. package/dist/sanitize/visitors/remove-private.mjs.map +1 -1
  81. package/dist/sanitize/visitors/remove-restricted-fields.js.map +1 -1
  82. package/dist/sanitize/visitors/remove-restricted-fields.mjs.map +1 -1
  83. package/dist/sanitize/visitors/remove-restricted-relations.js.map +1 -1
  84. package/dist/sanitize/visitors/remove-restricted-relations.mjs.map +1 -1
  85. package/dist/sanitize/visitors/remove-unrecognized-fields.js.map +1 -1
  86. package/dist/sanitize/visitors/remove-unrecognized-fields.mjs.map +1 -1
  87. package/dist/security.js.map +1 -1
  88. package/dist/security.mjs.map +1 -1
  89. package/dist/set-creator-fields.js.map +1 -1
  90. package/dist/set-creator-fields.mjs.map +1 -1
  91. package/dist/template.js.map +1 -1
  92. package/dist/template.mjs.map +1 -1
  93. package/dist/traverse/factory.js.map +1 -1
  94. package/dist/traverse/factory.mjs.map +1 -1
  95. package/dist/traverse/query-fields.js.map +1 -1
  96. package/dist/traverse/query-fields.mjs.map +1 -1
  97. package/dist/traverse/query-filters.js.map +1 -1
  98. package/dist/traverse/query-filters.mjs.map +1 -1
  99. package/dist/traverse/query-populate.js.map +1 -1
  100. package/dist/traverse/query-populate.mjs +1 -1
  101. package/dist/traverse/query-populate.mjs.map +1 -1
  102. package/dist/traverse/query-sort.js.map +1 -1
  103. package/dist/traverse/query-sort.mjs +1 -1
  104. package/dist/traverse/query-sort.mjs.map +1 -1
  105. package/dist/traverse-entity.js.map +1 -1
  106. package/dist/traverse-entity.mjs +8 -8
  107. package/dist/traverse-entity.mjs.map +1 -1
  108. package/dist/validate/index.js +1 -1
  109. package/dist/validate/index.js.map +1 -1
  110. package/dist/validate/index.mjs +3 -3
  111. package/dist/validate/index.mjs.map +1 -1
  112. package/dist/validate/utils.js.map +1 -1
  113. package/dist/validate/utils.mjs.map +1 -1
  114. package/dist/validate/validators.js +2 -1
  115. package/dist/validate/validators.js.map +1 -1
  116. package/dist/validate/validators.mjs +3 -2
  117. package/dist/validate/validators.mjs.map +1 -1
  118. package/dist/validate/visitors/throw-disallowed-fields.js.map +1 -1
  119. package/dist/validate/visitors/throw-disallowed-fields.mjs.map +1 -1
  120. package/dist/validate/visitors/throw-dynamic-zones.js.map +1 -1
  121. package/dist/validate/visitors/throw-dynamic-zones.mjs.map +1 -1
  122. package/dist/validate/visitors/throw-morph-to-relations.js.map +1 -1
  123. package/dist/validate/visitors/throw-morph-to-relations.mjs.map +1 -1
  124. package/dist/validate/visitors/throw-password.js.map +1 -1
  125. package/dist/validate/visitors/throw-password.mjs.map +1 -1
  126. package/dist/validate/visitors/throw-private.js.map +1 -1
  127. package/dist/validate/visitors/throw-private.mjs.map +1 -1
  128. package/dist/validate/visitors/throw-restricted-fields.js.map +1 -1
  129. package/dist/validate/visitors/throw-restricted-fields.mjs.map +1 -1
  130. package/dist/validate/visitors/throw-restricted-relations.js.map +1 -1
  131. package/dist/validate/visitors/throw-restricted-relations.mjs.map +1 -1
  132. package/dist/validate/visitors/throw-unrecognized-fields.js.map +1 -1
  133. package/dist/validate/visitors/throw-unrecognized-fields.mjs.map +1 -1
  134. package/dist/validation/route-validators/base.js.map +1 -1
  135. package/dist/validation/route-validators/base.mjs.map +1 -1
  136. package/dist/validation/route-validators/query-params.js.map +1 -1
  137. package/dist/validation/route-validators/query-params.mjs.map +1 -1
  138. package/dist/validation/utilities.js.map +1 -1
  139. package/dist/validation/utilities.mjs.map +1 -1
  140. package/dist/validators.js.map +1 -1
  141. package/dist/validators.mjs.map +1 -1
  142. package/dist/yup.js.map +1 -1
  143. package/dist/yup.mjs.map +1 -1
  144. package/dist/zod.js.map +1 -1
  145. package/dist/zod.mjs.map +1 -1
  146. package/package.json +3 -3
package/dist/provider-factory.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider-factory.js","sources":["../src/provider-factory.ts"],"sourcesContent":["import { cloneDeep } from 'lodash/fp';\nimport {\n createAsyncSeriesHook,\n createAsyncParallelHook,\n AsyncSeriesHook,\n AsyncParallelHook,\n} from './hooks';\n\nexport interface ProviderHooksMap {\n willRegister: AsyncSeriesHook;\n didRegister: AsyncParallelHook;\n willDelete: AsyncParallelHook;\n didDelete: AsyncParallelHook;\n}\n\n/**\n * Creates a new object containing various hooks used by the providers\n */\nconst createProviderHooksMap = (): ProviderHooksMap => ({\n // Register events\n willRegister: createAsyncSeriesHook(),\n didRegister: createAsyncParallelHook(),\n // Delete events\n willDelete: createAsyncParallelHook(),\n didDelete: createAsyncParallelHook(),\n});\n\nexport interface Options {\n throwOnDuplicates?: boolean;\n}\n\ntype Item = Record<string, unknown>;\n\nexport interface Provider<T = unknown> {\n hooks: ProviderHooksMap;\n register(key: string, item: T): Promise<Provider>;\n delete(key: string): Promise<Provider>;\n get(key: string): T | undefined;\n values(): T[];\n keys(): string[];\n has(key: string): boolean;\n size(): number;\n clear(): Promise<Provider<T>>;\n}\n\nexport type ProviderFactory<T> = (options?: Options) => Provider<T>;\n\n/**\n * A Provider factory\n */\nconst providerFactory = <T = Item>(options: Options = {}): Provider<T> => {\n const { throwOnDuplicates = true } = options;\n\n const state = {\n hooks: createProviderHooksMap(),\n registry: new Map<string, T>(),\n };\n\n return {\n hooks: state.hooks,\n\n async register(key: string, item: T) {\n if (throwOnDuplicates && this.has(key)) {\n throw new Error(`Duplicated item key: ${key}`);\n }\n\n await state.hooks.willRegister.call({ key, value: item });\n\n state.registry.set(key, item);\n\n await state.hooks.didRegister.call({ key, value: cloneDeep(item) });\n\n return this;\n },\n\n async delete(key: string) {\n if (this.has(key)) {\n const item = this.get(key);\n\n await state.hooks.willDelete.call({ key, value: cloneDeep(item) });\n\n state.registry.delete(key);\n\n await state.hooks.didDelete.call({ key, value: cloneDeep(item) });\n }\n\n return this;\n },\n\n get(key: string) {\n return state.registry.get(key);\n },\n\n values() {\n return Array.from(state.registry.values());\n },\n\n keys() {\n return Array.from(state.registry.keys());\n },\n\n has(key: string) {\n return state.registry.has(key);\n },\n\n size() {\n return state.registry.size;\n },\n\n async clear() {\n const keys = this.keys();\n\n for (const key of keys) {\n await this.delete(key);\n }\n\n return this;\n },\n };\n};\n\nexport default providerFactory;\n"],"names":["createProviderHooksMap","willRegister","createAsyncSeriesHook","didRegister","createAsyncParallelHook","willDelete","didDelete","providerFactory","options","throwOnDuplicates","state","hooks","registry","Map","register","key","item","has","Error","call","value","set","cloneDeep","delete","get","values","Array","from","keys","size","clear"],"mappings":";;;;;AAeA;;IAGA,MAAMA,sBAAyB,GAAA,KAAyB;;QAEtDC,YAAcC,EAAAA,2BAAAA,EAAAA;QACdC,WAAaC,EAAAA,6BAAAA,EAAAA;;QAEbC,UAAYD,EAAAA,6BAAAA,EAAAA;QACZE,SAAWF,EAAAA,6BAAAA;KACb,CAAA;AAsBA;;AAEC,IACKG,MAAAA,eAAAA,GAAkB,CAAWC,OAAAA,GAAmB,EAAE,GAAA;AACtD,IAAA,MAAM,EAAEC,iBAAAA,GAAoB,IAAI,EAAE,GAAGD,OAAAA;AAErC,IAAA,MAAME,KAAQ,GAAA;QACZC,KAAOX,EAAAA,sBAAAA,EAAAA;AACPY,QAAAA,QAAAA,EAAU,IAAIC,GAAAA;AAChB,KAAA;IAEA,OAAO;AACLF,QAAAA,KAAAA,EAAOD,MAAMC,KAAK;QAElB,MAAMG,QAAAA,CAAAA,CAASC,GAAW,EAAEC,IAAO,EAAA;AACjC,YAAA,IAAIP,iBAAqB,IAAA,IAAI,CAACQ,GAAG,CAACF,GAAM,CAAA,EAAA;AACtC,gBAAA,MAAM,IAAIG,KAAAA,CAAM,CAAC,qBAAqB,EAAEH,GAAK,CAAA,CAAA,CAAA;AAC/C;AAEA,YAAA,MAAML,MAAMC,KAAK,CAACV,YAAY,CAACkB,IAAI,CAAC;AAAEJ,gBAAAA,GAAAA;gBAAKK,KAAOJ,EAAAA;AAAK,aAAA,CAAA;AAEvDN,YAAAA,KAAAA,CAAME,QAAQ,CAACS,GAAG,CAACN,GAAKC,EAAAA,IAAAA,CAAAA;AAExB,YAAA,MAAMN,MAAMC,KAAK,CAACR,WAAW,CAACgB,IAAI,CAAC;AAAEJ,gBAAAA,GAAAA;AAAKK,gBAAAA,KAAAA,EAAOE,YAAUN,CAAAA,IAAAA;AAAM,aAAA,CAAA;AAEjE,YAAA,OAAO,IAAI;AACb,SAAA;AAEA,QAAA,MAAMO,QAAOR,GAAW,EAAA;AACtB,YAAA,IAAI,IAAI,CAACE,GAAG,CAACF,GAAM,CAAA,EAAA;AACjB,gBAAA,MAAMC,IAAO,GAAA,IAAI,CAACQ,GAAG,CAACT,GAAAA,CAAAA;AAEtB,gBAAA,MAAML,MAAMC,KAAK,CAACN,UAAU,CAACc,IAAI,CAAC;AAAEJ,oBAAAA,GAAAA;AAAKK,oBAAAA,KAAAA,EAAOE,YAAUN,CAAAA,IAAAA;AAAM,iBAAA,CAAA;gBAEhEN,KAAME,CAAAA,QAAQ,CAACW,MAAM,CAACR,GAAAA,CAAAA;AAEtB,gBAAA,MAAML,MAAMC,KAAK,CAACL,SAAS,CAACa,IAAI,CAAC;AAAEJ,oBAAAA,GAAAA;AAAKK,oBAAAA,KAAAA,EAAOE,YAAUN,CAAAA,IAAAA;AAAM,iBAAA,CAAA;AACjE;AAEA,YAAA,OAAO,IAAI;AACb,SAAA;AAEAQ,QAAAA,GAAAA,CAAAA,CAAIT,GAAW,EAAA;AACb,YAAA,OAAOL,KAAME,CAAAA,QAAQ,CAACY,GAAG,CAACT,GAAAA,CAAAA;AAC5B,SAAA;AAEAU,QAAAA,MAAAA,CAAAA,GAAAA;AACE,YAAA,OAAOC,MAAMC,IAAI,CAACjB,KAAME,CAAAA,QAAQ,CAACa,MAAM,EAAA,CAAA;AACzC,SAAA;AAEAG,QAAAA,IAAAA,CAAAA,GAAAA;AACE,YAAA,OAAOF,MAAMC,IAAI,CAACjB,KAAME,CAAAA,QAAQ,CAACgB,IAAI,EAAA,CAAA;AACvC,SAAA;AAEAX,QAAAA,GAAAA,CAAAA,CAAIF,GAAW,EAAA;AACb,YAAA,OAAOL,KAAME,CAAAA,QAAQ,CAACK,GAAG,CAACF,GAAAA,CAAAA;AAC5B,SAAA;AAEAc,QAAAA,IAAAA,CAAAA,GAAAA;YACE,OAAOnB,KAAAA,CAAME,QAAQ,CAACiB,IAAI;AAC5B,SAAA;QAEA,MAAMC,KAAAA,CAAAA,GAAAA;YACJ,MAAMF,IAAAA,GAAO,IAAI,CAACA,IAAI,EAAA;YAEtB,KAAK,MAAMb,OAAOa,IAAM,CAAA;gBACtB,MAAM,IAAI,CAACL,MAAM,CAACR,GAAAA,CAAAA;AACpB;AAEA,YAAA,OAAO,IAAI;AACb;AACF,KAAA;AACF;;;;"}
1
+ {"version":3,"file":"provider-factory.js","sources":["../src/provider-factory.ts"],"sourcesContent":["import { cloneDeep } from 'lodash/fp';\nimport {\n createAsyncSeriesHook,\n createAsyncParallelHook,\n AsyncSeriesHook,\n AsyncParallelHook,\n} from './hooks';\n\nexport interface ProviderHooksMap {\n willRegister: AsyncSeriesHook;\n didRegister: AsyncParallelHook;\n willDelete: AsyncParallelHook;\n didDelete: AsyncParallelHook;\n}\n\n/**\n * Creates a new object containing various hooks used by the providers\n */\nconst createProviderHooksMap = (): ProviderHooksMap => ({\n // Register events\n willRegister: createAsyncSeriesHook(),\n didRegister: createAsyncParallelHook(),\n // Delete events\n willDelete: createAsyncParallelHook(),\n didDelete: createAsyncParallelHook(),\n});\n\nexport interface Options {\n throwOnDuplicates?: boolean;\n}\n\ntype Item = Record<string, unknown>;\n\nexport interface Provider<T = unknown> {\n hooks: ProviderHooksMap;\n register(key: string, item: T): Promise<Provider>;\n delete(key: string): Promise<Provider>;\n get(key: string): T | undefined;\n values(): T[];\n keys(): string[];\n has(key: string): boolean;\n size(): number;\n clear(): Promise<Provider<T>>;\n}\n\nexport type ProviderFactory<T> = (options?: Options) => Provider<T>;\n\n/**\n * A Provider factory\n */\nconst providerFactory = <T = Item>(options: Options = {}): Provider<T> => {\n const { throwOnDuplicates = true } = options;\n\n const state = {\n hooks: createProviderHooksMap(),\n registry: new Map<string, T>(),\n };\n\n return {\n hooks: state.hooks,\n\n async register(key: string, item: T) {\n if (throwOnDuplicates && this.has(key)) {\n throw new Error(`Duplicated item key: ${key}`);\n }\n\n await state.hooks.willRegister.call({ key, value: item });\n\n state.registry.set(key, item);\n\n await state.hooks.didRegister.call({ key, value: cloneDeep(item) });\n\n return this;\n },\n\n async delete(key: string) {\n if (this.has(key)) {\n const item = this.get(key);\n\n await state.hooks.willDelete.call({ key, value: cloneDeep(item) });\n\n state.registry.delete(key);\n\n await state.hooks.didDelete.call({ key, value: cloneDeep(item) });\n }\n\n return this;\n },\n\n get(key: string) {\n return state.registry.get(key);\n },\n\n values() {\n return Array.from(state.registry.values());\n },\n\n keys() {\n return Array.from(state.registry.keys());\n },\n\n has(key: string) {\n return state.registry.has(key);\n },\n\n size() {\n return state.registry.size;\n },\n\n async clear() {\n const keys = this.keys();\n\n for (const key of keys) {\n await this.delete(key);\n }\n\n return this;\n },\n };\n};\n\nexport default providerFactory;\n"],"names":["createProviderHooksMap","willRegister","createAsyncSeriesHook","didRegister","createAsyncParallelHook","willDelete","didDelete","providerFactory","options","throwOnDuplicates","state","hooks","registry","Map","register","key","item","has","Error","call","value","set","cloneDeep","delete","get","values","Array","from","keys","size","clear"],"mappings":";;;;;AAeA;;IAGA,MAAMA,sBAAAA,GAAyB,KAAyB;;QAEtDC,YAAAA,EAAcC,2BAAAA,EAAAA;QACdC,WAAAA,EAAaC,6BAAAA,EAAAA;;QAEbC,UAAAA,EAAYD,6BAAAA,EAAAA;QACZE,SAAAA,EAAWF,6BAAAA;KACb,CAAA;AAsBA;;AAEC,IACD,MAAMG,eAAAA,GAAkB,CAAWC,OAAAA,GAAmB,EAAE,GAAA;AACtD,IAAA,MAAM,EAAEC,iBAAAA,GAAoB,IAAI,EAAE,GAAGD,OAAAA;AAErC,IAAA,MAAME,KAAAA,GAAQ;QACZC,KAAAA,EAAOX,sBAAAA,EAAAA;AACPY,QAAAA,QAAAA,EAAU,IAAIC,GAAAA;AAChB,KAAA;IAEA,OAAO;AACLF,QAAAA,KAAAA,EAAOD,MAAMC,KAAK;QAElB,MAAMG,QAAAA,CAAAA,CAASC,GAAW,EAAEC,IAAO,EAAA;AACjC,YAAA,IAAIP,iBAAAA,IAAqB,IAAI,CAACQ,GAAG,CAACF,GAAAA,CAAAA,EAAM;AACtC,gBAAA,MAAM,IAAIG,KAAAA,CAAM,CAAC,qBAAqB,EAAEH,GAAAA,CAAAA,CAAK,CAAA;AAC/C,YAAA;AAEA,YAAA,MAAML,MAAMC,KAAK,CAACV,YAAY,CAACkB,IAAI,CAAC;AAAEJ,gBAAAA,GAAAA;gBAAKK,KAAAA,EAAOJ;AAAK,aAAA,CAAA;AAEvDN,YAAAA,KAAAA,CAAME,QAAQ,CAACS,GAAG,CAACN,GAAAA,EAAKC,IAAAA,CAAAA;AAExB,YAAA,MAAMN,MAAMC,KAAK,CAACR,WAAW,CAACgB,IAAI,CAAC;AAAEJ,gBAAAA,GAAAA;AAAKK,gBAAAA,KAAAA,EAAOE,YAAAA,CAAUN,IAAAA;AAAM,aAAA,CAAA;AAEjE,YAAA,OAAO,IAAI;AACb,QAAA,CAAA;AAEA,QAAA,MAAMO,QAAOR,GAAW,EAAA;AACtB,YAAA,IAAI,IAAI,CAACE,GAAG,CAACF,GAAAA,CAAAA,EAAM;AACjB,gBAAA,MAAMC,IAAAA,GAAO,IAAI,CAACQ,GAAG,CAACT,GAAAA,CAAAA;AAEtB,gBAAA,MAAML,MAAMC,KAAK,CAACN,UAAU,CAACc,IAAI,CAAC;AAAEJ,oBAAAA,GAAAA;AAAKK,oBAAAA,KAAAA,EAAOE,YAAAA,CAAUN,IAAAA;AAAM,iBAAA,CAAA;gBAEhEN,KAAAA,CAAME,QAAQ,CAACW,MAAM,CAACR,GAAAA,CAAAA;AAEtB,gBAAA,MAAML,MAAMC,KAAK,CAACL,SAAS,CAACa,IAAI,CAAC;AAAEJ,oBAAAA,GAAAA;AAAKK,oBAAAA,KAAAA,EAAOE,YAAAA,CAAUN,IAAAA;AAAM,iBAAA,CAAA;AACjE,YAAA;AAEA,YAAA,OAAO,IAAI;AACb,QAAA,CAAA;AAEAQ,QAAAA,GAAAA,CAAAA,CAAIT,GAAW,EAAA;AACb,YAAA,OAAOL,KAAAA,CAAME,QAAQ,CAACY,GAAG,CAACT,GAAAA,CAAAA;AAC5B,QAAA,CAAA;AAEAU,QAAAA,MAAAA,CAAAA,GAAAA;AACE,YAAA,OAAOC,MAAMC,IAAI,CAACjB,KAAAA,CAAME,QAAQ,CAACa,MAAM,EAAA,CAAA;AACzC,QAAA,CAAA;AAEAG,QAAAA,IAAAA,CAAAA,GAAAA;AACE,YAAA,OAAOF,MAAMC,IAAI,CAACjB,KAAAA,CAAME,QAAQ,CAACgB,IAAI,EAAA,CAAA;AACvC,QAAA,CAAA;AAEAX,QAAAA,GAAAA,CAAAA,CAAIF,GAAW,EAAA;AACb,YAAA,OAAOL,KAAAA,CAAME,QAAQ,CAACK,GAAG,CAACF,GAAAA,CAAAA;AAC5B,QAAA,CAAA;AAEAc,QAAAA,IAAAA,CAAAA,GAAAA;YACE,OAAOnB,KAAAA,CAAME,QAAQ,CAACiB,IAAI;AAC5B,QAAA,CAAA;QAEA,MAAMC,KAAAA,CAAAA,GAAAA;YACJ,MAAMF,IAAAA,GAAO,IAAI,CAACA,IAAI,EAAA;YAEtB,KAAK,MAAMb,OAAOa,IAAAA,CAAM;gBACtB,MAAM,IAAI,CAACL,MAAM,CAACR,GAAAA,CAAAA;AACpB,YAAA;AAEA,YAAA,OAAO,IAAI;AACb,QAAA;AACF,KAAA;AACF;;;;"}
package/dist/provider-factory.mjs CHANGED
@@ -1,5 +1,5 @@
1
1
  import { cloneDeep } from 'lodash/fp';
2
- import { createAsyncSeriesHook, createAsyncParallelHook } from './hooks.mjs';
2
+ import { createAsyncParallelHook, createAsyncSeriesHook } from './hooks.mjs';
3
3
 
4
4
  /**
5
5
  * Creates a new object containing various hooks used by the providers
package/dist/provider-factory.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider-factory.mjs","sources":["../src/provider-factory.ts"],"sourcesContent":["import { cloneDeep } from 'lodash/fp';\nimport {\n createAsyncSeriesHook,\n createAsyncParallelHook,\n AsyncSeriesHook,\n AsyncParallelHook,\n} from './hooks';\n\nexport interface ProviderHooksMap {\n willRegister: AsyncSeriesHook;\n didRegister: AsyncParallelHook;\n willDelete: AsyncParallelHook;\n didDelete: AsyncParallelHook;\n}\n\n/**\n * Creates a new object containing various hooks used by the providers\n */\nconst createProviderHooksMap = (): ProviderHooksMap => ({\n // Register events\n willRegister: createAsyncSeriesHook(),\n didRegister: createAsyncParallelHook(),\n // Delete events\n willDelete: createAsyncParallelHook(),\n didDelete: createAsyncParallelHook(),\n});\n\nexport interface Options {\n throwOnDuplicates?: boolean;\n}\n\ntype Item = Record<string, unknown>;\n\nexport interface Provider<T = unknown> {\n hooks: ProviderHooksMap;\n register(key: string, item: T): Promise<Provider>;\n delete(key: string): Promise<Provider>;\n get(key: string): T | undefined;\n values(): T[];\n keys(): string[];\n has(key: string): boolean;\n size(): number;\n clear(): Promise<Provider<T>>;\n}\n\nexport type ProviderFactory<T> = (options?: Options) => Provider<T>;\n\n/**\n * A Provider factory\n */\nconst providerFactory = <T = Item>(options: Options = {}): Provider<T> => {\n const { throwOnDuplicates = true } = options;\n\n const state = {\n hooks: createProviderHooksMap(),\n registry: new Map<string, T>(),\n };\n\n return {\n hooks: state.hooks,\n\n async register(key: string, item: T) {\n if (throwOnDuplicates && this.has(key)) {\n throw new Error(`Duplicated item key: ${key}`);\n }\n\n await state.hooks.willRegister.call({ key, value: item });\n\n state.registry.set(key, item);\n\n await state.hooks.didRegister.call({ key, value: cloneDeep(item) });\n\n return this;\n },\n\n async delete(key: string) {\n if (this.has(key)) {\n const item = this.get(key);\n\n await state.hooks.willDelete.call({ key, value: cloneDeep(item) });\n\n state.registry.delete(key);\n\n await state.hooks.didDelete.call({ key, value: cloneDeep(item) });\n }\n\n return this;\n },\n\n get(key: string) {\n return state.registry.get(key);\n },\n\n values() {\n return Array.from(state.registry.values());\n },\n\n keys() {\n return Array.from(state.registry.keys());\n },\n\n has(key: string) {\n return state.registry.has(key);\n },\n\n size() {\n return state.registry.size;\n },\n\n async clear() {\n const keys = this.keys();\n\n for (const key of keys) {\n await this.delete(key);\n }\n\n return this;\n },\n };\n};\n\nexport default providerFactory;\n"],"names":["createProviderHooksMap","willRegister","createAsyncSeriesHook","didRegister","createAsyncParallelHook","willDelete","didDelete","providerFactory","options","throwOnDuplicates","state","hooks","registry","Map","register","key","item","has","Error","call","value","set","cloneDeep","delete","get","values","Array","from","keys","size","clear"],"mappings":";;;AAeA;;IAGA,MAAMA,sBAAyB,GAAA,KAAyB;;QAEtDC,YAAcC,EAAAA,qBAAAA,EAAAA;QACdC,WAAaC,EAAAA,uBAAAA,EAAAA;;QAEbC,UAAYD,EAAAA,uBAAAA,EAAAA;QACZE,SAAWF,EAAAA,uBAAAA;KACb,CAAA;AAsBA;;AAEC,IACKG,MAAAA,eAAAA,GAAkB,CAAWC,OAAAA,GAAmB,EAAE,GAAA;AACtD,IAAA,MAAM,EAAEC,iBAAAA,GAAoB,IAAI,EAAE,GAAGD,OAAAA;AAErC,IAAA,MAAME,KAAQ,GAAA;QACZC,KAAOX,EAAAA,sBAAAA,EAAAA;AACPY,QAAAA,QAAAA,EAAU,IAAIC,GAAAA;AAChB,KAAA;IAEA,OAAO;AACLF,QAAAA,KAAAA,EAAOD,MAAMC,KAAK;QAElB,MAAMG,QAAAA,CAAAA,CAASC,GAAW,EAAEC,IAAO,EAAA;AACjC,YAAA,IAAIP,iBAAqB,IAAA,IAAI,CAACQ,GAAG,CAACF,GAAM,CAAA,EAAA;AACtC,gBAAA,MAAM,IAAIG,KAAAA,CAAM,CAAC,qBAAqB,EAAEH,GAAK,CAAA,CAAA,CAAA;AAC/C;AAEA,YAAA,MAAML,MAAMC,KAAK,CAACV,YAAY,CAACkB,IAAI,CAAC;AAAEJ,gBAAAA,GAAAA;gBAAKK,KAAOJ,EAAAA;AAAK,aAAA,CAAA;AAEvDN,YAAAA,KAAAA,CAAME,QAAQ,CAACS,GAAG,CAACN,GAAKC,EAAAA,IAAAA,CAAAA;AAExB,YAAA,MAAMN,MAAMC,KAAK,CAACR,WAAW,CAACgB,IAAI,CAAC;AAAEJ,gBAAAA,GAAAA;AAAKK,gBAAAA,KAAAA,EAAOE,SAAUN,CAAAA,IAAAA;AAAM,aAAA,CAAA;AAEjE,YAAA,OAAO,IAAI;AACb,SAAA;AAEA,QAAA,MAAMO,QAAOR,GAAW,EAAA;AACtB,YAAA,IAAI,IAAI,CAACE,GAAG,CAACF,GAAM,CAAA,EAAA;AACjB,gBAAA,MAAMC,IAAO,GAAA,IAAI,CAACQ,GAAG,CAACT,GAAAA,CAAAA;AAEtB,gBAAA,MAAML,MAAMC,KAAK,CAACN,UAAU,CAACc,IAAI,CAAC;AAAEJ,oBAAAA,GAAAA;AAAKK,oBAAAA,KAAAA,EAAOE,SAAUN,CAAAA,IAAAA;AAAM,iBAAA,CAAA;gBAEhEN,KAAME,CAAAA,QAAQ,CAACW,MAAM,CAACR,GAAAA,CAAAA;AAEtB,gBAAA,MAAML,MAAMC,KAAK,CAACL,SAAS,CAACa,IAAI,CAAC;AAAEJ,oBAAAA,GAAAA;AAAKK,oBAAAA,KAAAA,EAAOE,SAAUN,CAAAA,IAAAA;AAAM,iBAAA,CAAA;AACjE;AAEA,YAAA,OAAO,IAAI;AACb,SAAA;AAEAQ,QAAAA,GAAAA,CAAAA,CAAIT,GAAW,EAAA;AACb,YAAA,OAAOL,KAAME,CAAAA,QAAQ,CAACY,GAAG,CAACT,GAAAA,CAAAA;AAC5B,SAAA;AAEAU,QAAAA,MAAAA,CAAAA,GAAAA;AACE,YAAA,OAAOC,MAAMC,IAAI,CAACjB,KAAME,CAAAA,QAAQ,CAACa,MAAM,EAAA,CAAA;AACzC,SAAA;AAEAG,QAAAA,IAAAA,CAAAA,GAAAA;AACE,YAAA,OAAOF,MAAMC,IAAI,CAACjB,KAAME,CAAAA,QAAQ,CAACgB,IAAI,EAAA,CAAA;AACvC,SAAA;AAEAX,QAAAA,GAAAA,CAAAA,CAAIF,GAAW,EAAA;AACb,YAAA,OAAOL,KAAME,CAAAA,QAAQ,CAACK,GAAG,CAACF,GAAAA,CAAAA;AAC5B,SAAA;AAEAc,QAAAA,IAAAA,CAAAA,GAAAA;YACE,OAAOnB,KAAAA,CAAME,QAAQ,CAACiB,IAAI;AAC5B,SAAA;QAEA,MAAMC,KAAAA,CAAAA,GAAAA;YACJ,MAAMF,IAAAA,GAAO,IAAI,CAACA,IAAI,EAAA;YAEtB,KAAK,MAAMb,OAAOa,IAAM,CAAA;gBACtB,MAAM,IAAI,CAACL,MAAM,CAACR,GAAAA,CAAAA;AACpB;AAEA,YAAA,OAAO,IAAI;AACb;AACF,KAAA;AACF;;;;"}
1
+ {"version":3,"file":"provider-factory.mjs","sources":["../src/provider-factory.ts"],"sourcesContent":["import { cloneDeep } from 'lodash/fp';\nimport {\n createAsyncSeriesHook,\n createAsyncParallelHook,\n AsyncSeriesHook,\n AsyncParallelHook,\n} from './hooks';\n\nexport interface ProviderHooksMap {\n willRegister: AsyncSeriesHook;\n didRegister: AsyncParallelHook;\n willDelete: AsyncParallelHook;\n didDelete: AsyncParallelHook;\n}\n\n/**\n * Creates a new object containing various hooks used by the providers\n */\nconst createProviderHooksMap = (): ProviderHooksMap => ({\n // Register events\n willRegister: createAsyncSeriesHook(),\n didRegister: createAsyncParallelHook(),\n // Delete events\n willDelete: createAsyncParallelHook(),\n didDelete: createAsyncParallelHook(),\n});\n\nexport interface Options {\n throwOnDuplicates?: boolean;\n}\n\ntype Item = Record<string, unknown>;\n\nexport interface Provider<T = unknown> {\n hooks: ProviderHooksMap;\n register(key: string, item: T): Promise<Provider>;\n delete(key: string): Promise<Provider>;\n get(key: string): T | undefined;\n values(): T[];\n keys(): string[];\n has(key: string): boolean;\n size(): number;\n clear(): Promise<Provider<T>>;\n}\n\nexport type ProviderFactory<T> = (options?: Options) => Provider<T>;\n\n/**\n * A Provider factory\n */\nconst providerFactory = <T = Item>(options: Options = {}): Provider<T> => {\n const { throwOnDuplicates = true } = options;\n\n const state = {\n hooks: createProviderHooksMap(),\n registry: new Map<string, T>(),\n };\n\n return {\n hooks: state.hooks,\n\n async register(key: string, item: T) {\n if (throwOnDuplicates && this.has(key)) {\n throw new Error(`Duplicated item key: ${key}`);\n }\n\n await state.hooks.willRegister.call({ key, value: item });\n\n state.registry.set(key, item);\n\n await state.hooks.didRegister.call({ key, value: cloneDeep(item) });\n\n return this;\n },\n\n async delete(key: string) {\n if (this.has(key)) {\n const item = this.get(key);\n\n await state.hooks.willDelete.call({ key, value: cloneDeep(item) });\n\n state.registry.delete(key);\n\n await state.hooks.didDelete.call({ key, value: cloneDeep(item) });\n }\n\n return this;\n },\n\n get(key: string) {\n return state.registry.get(key);\n },\n\n values() {\n return Array.from(state.registry.values());\n },\n\n keys() {\n return Array.from(state.registry.keys());\n },\n\n has(key: string) {\n return state.registry.has(key);\n },\n\n size() {\n return state.registry.size;\n },\n\n async clear() {\n const keys = this.keys();\n\n for (const key of keys) {\n await this.delete(key);\n }\n\n return this;\n },\n };\n};\n\nexport default providerFactory;\n"],"names":["createProviderHooksMap","willRegister","createAsyncSeriesHook","didRegister","createAsyncParallelHook","willDelete","didDelete","providerFactory","options","throwOnDuplicates","state","hooks","registry","Map","register","key","item","has","Error","call","value","set","cloneDeep","delete","get","values","Array","from","keys","size","clear"],"mappings":";;;AAeA;;IAGA,MAAMA,sBAAAA,GAAyB,KAAyB;;QAEtDC,YAAAA,EAAcC,qBAAAA,EAAAA;QACdC,WAAAA,EAAaC,uBAAAA,EAAAA;;QAEbC,UAAAA,EAAYD,uBAAAA,EAAAA;QACZE,SAAAA,EAAWF,uBAAAA;KACb,CAAA;AAsBA;;AAEC,IACD,MAAMG,eAAAA,GAAkB,CAAWC,OAAAA,GAAmB,EAAE,GAAA;AACtD,IAAA,MAAM,EAAEC,iBAAAA,GAAoB,IAAI,EAAE,GAAGD,OAAAA;AAErC,IAAA,MAAME,KAAAA,GAAQ;QACZC,KAAAA,EAAOX,sBAAAA,EAAAA;AACPY,QAAAA,QAAAA,EAAU,IAAIC,GAAAA;AAChB,KAAA;IAEA,OAAO;AACLF,QAAAA,KAAAA,EAAOD,MAAMC,KAAK;QAElB,MAAMG,QAAAA,CAAAA,CAASC,GAAW,EAAEC,IAAO,EAAA;AACjC,YAAA,IAAIP,iBAAAA,IAAqB,IAAI,CAACQ,GAAG,CAACF,GAAAA,CAAAA,EAAM;AACtC,gBAAA,MAAM,IAAIG,KAAAA,CAAM,CAAC,qBAAqB,EAAEH,GAAAA,CAAAA,CAAK,CAAA;AAC/C,YAAA;AAEA,YAAA,MAAML,MAAMC,KAAK,CAACV,YAAY,CAACkB,IAAI,CAAC;AAAEJ,gBAAAA,GAAAA;gBAAKK,KAAAA,EAAOJ;AAAK,aAAA,CAAA;AAEvDN,YAAAA,KAAAA,CAAME,QAAQ,CAACS,GAAG,CAACN,GAAAA,EAAKC,IAAAA,CAAAA;AAExB,YAAA,MAAMN,MAAMC,KAAK,CAACR,WAAW,CAACgB,IAAI,CAAC;AAAEJ,gBAAAA,GAAAA;AAAKK,gBAAAA,KAAAA,EAAOE,SAAAA,CAAUN,IAAAA;AAAM,aAAA,CAAA;AAEjE,YAAA,OAAO,IAAI;AACb,QAAA,CAAA;AAEA,QAAA,MAAMO,QAAOR,GAAW,EAAA;AACtB,YAAA,IAAI,IAAI,CAACE,GAAG,CAACF,GAAAA,CAAAA,EAAM;AACjB,gBAAA,MAAMC,IAAAA,GAAO,IAAI,CAACQ,GAAG,CAACT,GAAAA,CAAAA;AAEtB,gBAAA,MAAML,MAAMC,KAAK,CAACN,UAAU,CAACc,IAAI,CAAC;AAAEJ,oBAAAA,GAAAA;AAAKK,oBAAAA,KAAAA,EAAOE,SAAAA,CAAUN,IAAAA;AAAM,iBAAA,CAAA;gBAEhEN,KAAAA,CAAME,QAAQ,CAACW,MAAM,CAACR,GAAAA,CAAAA;AAEtB,gBAAA,MAAML,MAAMC,KAAK,CAACL,SAAS,CAACa,IAAI,CAAC;AAAEJ,oBAAAA,GAAAA;AAAKK,oBAAAA,KAAAA,EAAOE,SAAAA,CAAUN,IAAAA;AAAM,iBAAA,CAAA;AACjE,YAAA;AAEA,YAAA,OAAO,IAAI;AACb,QAAA,CAAA;AAEAQ,QAAAA,GAAAA,CAAAA,CAAIT,GAAW,EAAA;AACb,YAAA,OAAOL,KAAAA,CAAME,QAAQ,CAACY,GAAG,CAACT,GAAAA,CAAAA;AAC5B,QAAA,CAAA;AAEAU,QAAAA,MAAAA,CAAAA,GAAAA;AACE,YAAA,OAAOC,MAAMC,IAAI,CAACjB,KAAAA,CAAME,QAAQ,CAACa,MAAM,EAAA,CAAA;AACzC,QAAA,CAAA;AAEAG,QAAAA,IAAAA,CAAAA,GAAAA;AACE,YAAA,OAAOF,MAAMC,IAAI,CAACjB,KAAAA,CAAME,QAAQ,CAACgB,IAAI,EAAA,CAAA;AACvC,QAAA,CAAA;AAEAX,QAAAA,GAAAA,CAAAA,CAAIF,GAAW,EAAA;AACb,YAAA,OAAOL,KAAAA,CAAME,QAAQ,CAACK,GAAG,CAACF,GAAAA,CAAAA;AAC5B,QAAA,CAAA;AAEAc,QAAAA,IAAAA,CAAAA,GAAAA;YACE,OAAOnB,KAAAA,CAAME,QAAQ,CAACiB,IAAI;AAC5B,QAAA,CAAA;QAEA,MAAMC,KAAAA,CAAAA,GAAAA;YACJ,MAAMF,IAAAA,GAAO,IAAI,CAACA,IAAI,EAAA;YAEtB,KAAK,MAAMb,OAAOa,IAAAA,CAAM;gBACtB,MAAM,IAAI,CAACL,MAAM,CAACR,GAAAA,CAAAA;AACpB,YAAA;AAEA,YAAA,OAAO,IAAI;AACb,QAAA;AACF,KAAA;AACF;;;;"}
package/dist/relations.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"relations.js","sources":["../src/relations.ts"],"sourcesContent":["import { isBoolean } from 'lodash/fp';\nimport type { Attribute, Model } from './types';\n\nimport { isRelationalAttribute } from './content-types';\n\nconst MANY_RELATIONS = ['oneToMany', 'manyToMany'];\n\nexport const getRelationalFields = (contentType: Model) => {\n return Object.keys(contentType.attributes).filter((attributeName) => {\n return contentType.attributes[attributeName].type === 'relation';\n });\n};\n\nexport const isOneToAny = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['oneToOne', 'oneToMany'].includes(attribute.relation);\n\nexport const isManyToAny = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['manyToMany', 'manyToOne'].includes(attribute.relation);\n\nexport const isAnyToOne = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['oneToOne', 'manyToOne'].includes(attribute.relation);\n\nexport const isAnyToMany = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['oneToMany', 'manyToMany'].includes(attribute.relation);\n\nexport const isPolymorphic = (attribute: any): any =>\n ['morphOne', 'morphMany', 'morphToOne', 'morphToMany'].includes(attribute.relation);\n\nexport const constants = {\n MANY_RELATIONS,\n};\n\n// Valid keys in the `options` property of relations reordering\n// The value for each key must be a function that returns true if it is a valid value\nexport const VALID_RELATION_ORDERING_KEYS: { [key: string]: (value: any) => boolean } = {\n strict: isBoolean,\n};\n"],"names":["MANY_RELATIONS","getRelationalFields","contentType","Object","keys","attributes","filter","attributeName","type","isOneToAny","attribute","isRelationalAttribute","includes","relation","isManyToAny","isAnyToOne","isAnyToMany","isPolymorphic","constants","VALID_RELATION_ORDERING_KEYS","strict","isBoolean"],"mappings":";;;;;AAKA,MAAMA,cAAiB,GAAA;AAAC,IAAA,WAAA;AAAa,IAAA;AAAa,CAAA;AAE3C,MAAMC,sBAAsB,CAACC,WAAAA,GAAAA;IAClC,OAAOC,MAAAA,CAAOC,IAAI,CAACF,WAAAA,CAAYG,UAAU,CAAEC,CAAAA,MAAM,CAAC,CAACC,aAAAA,GAAAA;AACjD,QAAA,OAAOL,YAAYG,UAAU,CAACE,aAAc,CAAA,CAACC,IAAI,KAAK,UAAA;AACxD,KAAA,CAAA;AACF;AAEaC,MAAAA,UAAAA,GAAa,CAACC,SAAAA,GACzBC,mCAAsBD,SAAc,CAAA,IAAA;AAAC,QAAA,UAAA;AAAY,QAAA;AAAY,KAAA,CAACE,QAAQ,CAACF,SAAUG,CAAAA,QAAQ;AAE9EC,MAAAA,WAAAA,GAAc,CAACJ,SAAAA,GAC1BC,mCAAsBD,SAAc,CAAA,IAAA;AAAC,QAAA,YAAA;AAAc,QAAA;AAAY,KAAA,CAACE,QAAQ,CAACF,SAAUG,CAAAA,QAAQ;AAEhFE,MAAAA,UAAAA,GAAa,CAACL,SAAAA,GACzBC,mCAAsBD,SAAc,CAAA,IAAA;AAAC,QAAA,UAAA;AAAY,QAAA;AAAY,KAAA,CAACE,QAAQ,CAACF,SAAUG,CAAAA,QAAQ;AAE9EG,MAAAA,WAAAA,GAAc,CAACN,SAAAA,GAC1BC,mCAAsBD,SAAc,CAAA,IAAA;AAAC,QAAA,WAAA;AAAa,QAAA;AAAa,KAAA,CAACE,QAAQ,CAACF,SAAUG,CAAAA,QAAQ;AAEtF,MAAMI,aAAgB,GAAA,CAACP,SAC5B,GAAA;AAAC,QAAA,UAAA;AAAY,QAAA,WAAA;AAAa,QAAA,YAAA;AAAc,QAAA;AAAc,KAAA,CAACE,QAAQ,CAACF,SAAUG,CAAAA,QAAQ;MAEvEK,SAAY,GAAA;AACvBlB,IAAAA;AACF;AAEA;AACA;MACamB,4BAA2E,GAAA;IACtFC,MAAQC,EAAAA;AACV;;;;;;;;;;;"}
1
+ {"version":3,"file":"relations.js","sources":["../src/relations.ts"],"sourcesContent":["import { isBoolean } from 'lodash/fp';\nimport type { Attribute, Model } from './types';\n\nimport { isRelationalAttribute } from './content-types';\n\nconst MANY_RELATIONS = ['oneToMany', 'manyToMany'];\n\nexport const getRelationalFields = (contentType: Model) => {\n return Object.keys(contentType.attributes).filter((attributeName) => {\n return contentType.attributes[attributeName].type === 'relation';\n });\n};\n\nexport const isOneToAny = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['oneToOne', 'oneToMany'].includes(attribute.relation);\n\nexport const isManyToAny = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['manyToMany', 'manyToOne'].includes(attribute.relation);\n\nexport const isAnyToOne = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['oneToOne', 'manyToOne'].includes(attribute.relation);\n\nexport const isAnyToMany = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['oneToMany', 'manyToMany'].includes(attribute.relation);\n\nexport const isPolymorphic = (attribute: any): any =>\n ['morphOne', 'morphMany', 'morphToOne', 'morphToMany'].includes(attribute.relation);\n\nexport const constants = {\n MANY_RELATIONS,\n};\n\n// Valid keys in the `options` property of relations reordering\n// The value for each key must be a function that returns true if it is a valid value\nexport const VALID_RELATION_ORDERING_KEYS: { [key: string]: (value: any) => boolean } = {\n strict: isBoolean,\n};\n"],"names":["MANY_RELATIONS","getRelationalFields","contentType","Object","keys","attributes","filter","attributeName","type","isOneToAny","attribute","isRelationalAttribute","includes","relation","isManyToAny","isAnyToOne","isAnyToMany","isPolymorphic","constants","VALID_RELATION_ORDERING_KEYS","strict","isBoolean"],"mappings":";;;;;AAKA,MAAMA,cAAAA,GAAiB;AAAC,IAAA,WAAA;AAAa,IAAA;AAAa,CAAA;AAE3C,MAAMC,sBAAsB,CAACC,WAAAA,GAAAA;IAClC,OAAOC,MAAAA,CAAOC,IAAI,CAACF,WAAAA,CAAYG,UAAU,CAAA,CAAEC,MAAM,CAAC,CAACC,aAAAA,GAAAA;AACjD,QAAA,OAAOL,YAAYG,UAAU,CAACE,aAAAA,CAAc,CAACC,IAAI,KAAK,UAAA;AACxD,IAAA,CAAA,CAAA;AACF;AAEO,MAAMC,UAAAA,GAAa,CAACC,SAAAA,GACzBC,mCAAsBD,SAAAA,CAAAA,IAAc;AAAC,QAAA,UAAA;AAAY,QAAA;AAAY,KAAA,CAACE,QAAQ,CAACF,SAAAA,CAAUG,QAAQ;AAEpF,MAAMC,WAAAA,GAAc,CAACJ,SAAAA,GAC1BC,mCAAsBD,SAAAA,CAAAA,IAAc;AAAC,QAAA,YAAA;AAAc,QAAA;AAAY,KAAA,CAACE,QAAQ,CAACF,SAAAA,CAAUG,QAAQ;AAEtF,MAAME,UAAAA,GAAa,CAACL,SAAAA,GACzBC,mCAAsBD,SAAAA,CAAAA,IAAc;AAAC,QAAA,UAAA;AAAY,QAAA;AAAY,KAAA,CAACE,QAAQ,CAACF,SAAAA,CAAUG,QAAQ;AAEpF,MAAMG,WAAAA,GAAc,CAACN,SAAAA,GAC1BC,mCAAsBD,SAAAA,CAAAA,IAAc;AAAC,QAAA,WAAA;AAAa,QAAA;AAAa,KAAA,CAACE,QAAQ,CAACF,SAAAA,CAAUG,QAAQ;AAEtF,MAAMI,aAAAA,GAAgB,CAACP,SAAAA,GAC5B;AAAC,QAAA,UAAA;AAAY,QAAA,WAAA;AAAa,QAAA,YAAA;AAAc,QAAA;AAAc,KAAA,CAACE,QAAQ,CAACF,SAAAA,CAAUG,QAAQ;MAEvEK,SAAAA,GAAY;AACvBlB,IAAAA;AACF;AAEA;AACA;MACamB,4BAAAA,GAA2E;IACtFC,MAAAA,EAAQC;AACV;;;;;;;;;;;"}
package/dist/relations.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"relations.mjs","sources":["../src/relations.ts"],"sourcesContent":["import { isBoolean } from 'lodash/fp';\nimport type { Attribute, Model } from './types';\n\nimport { isRelationalAttribute } from './content-types';\n\nconst MANY_RELATIONS = ['oneToMany', 'manyToMany'];\n\nexport const getRelationalFields = (contentType: Model) => {\n return Object.keys(contentType.attributes).filter((attributeName) => {\n return contentType.attributes[attributeName].type === 'relation';\n });\n};\n\nexport const isOneToAny = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['oneToOne', 'oneToMany'].includes(attribute.relation);\n\nexport const isManyToAny = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['manyToMany', 'manyToOne'].includes(attribute.relation);\n\nexport const isAnyToOne = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['oneToOne', 'manyToOne'].includes(attribute.relation);\n\nexport const isAnyToMany = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['oneToMany', 'manyToMany'].includes(attribute.relation);\n\nexport const isPolymorphic = (attribute: any): any =>\n ['morphOne', 'morphMany', 'morphToOne', 'morphToMany'].includes(attribute.relation);\n\nexport const constants = {\n MANY_RELATIONS,\n};\n\n// Valid keys in the `options` property of relations reordering\n// The value for each key must be a function that returns true if it is a valid value\nexport const VALID_RELATION_ORDERING_KEYS: { [key: string]: (value: any) => boolean } = {\n strict: isBoolean,\n};\n"],"names":["MANY_RELATIONS","getRelationalFields","contentType","Object","keys","attributes","filter","attributeName","type","isOneToAny","attribute","isRelationalAttribute","includes","relation","isManyToAny","isAnyToOne","isAnyToMany","isPolymorphic","constants","VALID_RELATION_ORDERING_KEYS","strict","isBoolean"],"mappings":";;;AAKA,MAAMA,cAAiB,GAAA;AAAC,IAAA,WAAA;AAAa,IAAA;AAAa,CAAA;AAE3C,MAAMC,sBAAsB,CAACC,WAAAA,GAAAA;IAClC,OAAOC,MAAAA,CAAOC,IAAI,CAACF,WAAAA,CAAYG,UAAU,CAAEC,CAAAA,MAAM,CAAC,CAACC,aAAAA,GAAAA;AACjD,QAAA,OAAOL,YAAYG,UAAU,CAACE,aAAc,CAAA,CAACC,IAAI,KAAK,UAAA;AACxD,KAAA,CAAA;AACF;AAEaC,MAAAA,UAAAA,GAAa,CAACC,SAAAA,GACzBC,sBAAsBD,SAAc,CAAA,IAAA;AAAC,QAAA,UAAA;AAAY,QAAA;AAAY,KAAA,CAACE,QAAQ,CAACF,SAAUG,CAAAA,QAAQ;AAE9EC,MAAAA,WAAAA,GAAc,CAACJ,SAAAA,GAC1BC,sBAAsBD,SAAc,CAAA,IAAA;AAAC,QAAA,YAAA;AAAc,QAAA;AAAY,KAAA,CAACE,QAAQ,CAACF,SAAUG,CAAAA,QAAQ;AAEhFE,MAAAA,UAAAA,GAAa,CAACL,SAAAA,GACzBC,sBAAsBD,SAAc,CAAA,IAAA;AAAC,QAAA,UAAA;AAAY,QAAA;AAAY,KAAA,CAACE,QAAQ,CAACF,SAAUG,CAAAA,QAAQ;AAE9EG,MAAAA,WAAAA,GAAc,CAACN,SAAAA,GAC1BC,sBAAsBD,SAAc,CAAA,IAAA;AAAC,QAAA,WAAA;AAAa,QAAA;AAAa,KAAA,CAACE,QAAQ,CAACF,SAAUG,CAAAA,QAAQ;AAEtF,MAAMI,aAAgB,GAAA,CAACP,SAC5B,GAAA;AAAC,QAAA,UAAA;AAAY,QAAA,WAAA;AAAa,QAAA,YAAA;AAAc,QAAA;AAAc,KAAA,CAACE,QAAQ,CAACF,SAAUG,CAAAA,QAAQ;MAEvEK,SAAY,GAAA;AACvBlB,IAAAA;AACF;AAEA;AACA;MACamB,4BAA2E,GAAA;IACtFC,MAAQC,EAAAA;AACV;;;;"}
1
+ {"version":3,"file":"relations.mjs","sources":["../src/relations.ts"],"sourcesContent":["import { isBoolean } from 'lodash/fp';\nimport type { Attribute, Model } from './types';\n\nimport { isRelationalAttribute } from './content-types';\n\nconst MANY_RELATIONS = ['oneToMany', 'manyToMany'];\n\nexport const getRelationalFields = (contentType: Model) => {\n return Object.keys(contentType.attributes).filter((attributeName) => {\n return contentType.attributes[attributeName].type === 'relation';\n });\n};\n\nexport const isOneToAny = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['oneToOne', 'oneToMany'].includes(attribute.relation);\n\nexport const isManyToAny = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['manyToMany', 'manyToOne'].includes(attribute.relation);\n\nexport const isAnyToOne = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['oneToOne', 'manyToOne'].includes(attribute.relation);\n\nexport const isAnyToMany = (attribute: Attribute) =>\n isRelationalAttribute(attribute) && ['oneToMany', 'manyToMany'].includes(attribute.relation);\n\nexport const isPolymorphic = (attribute: any): any =>\n ['morphOne', 'morphMany', 'morphToOne', 'morphToMany'].includes(attribute.relation);\n\nexport const constants = {\n MANY_RELATIONS,\n};\n\n// Valid keys in the `options` property of relations reordering\n// The value for each key must be a function that returns true if it is a valid value\nexport const VALID_RELATION_ORDERING_KEYS: { [key: string]: (value: any) => boolean } = {\n strict: isBoolean,\n};\n"],"names":["MANY_RELATIONS","getRelationalFields","contentType","Object","keys","attributes","filter","attributeName","type","isOneToAny","attribute","isRelationalAttribute","includes","relation","isManyToAny","isAnyToOne","isAnyToMany","isPolymorphic","constants","VALID_RELATION_ORDERING_KEYS","strict","isBoolean"],"mappings":";;;AAKA,MAAMA,cAAAA,GAAiB;AAAC,IAAA,WAAA;AAAa,IAAA;AAAa,CAAA;AAE3C,MAAMC,sBAAsB,CAACC,WAAAA,GAAAA;IAClC,OAAOC,MAAAA,CAAOC,IAAI,CAACF,WAAAA,CAAYG,UAAU,CAAA,CAAEC,MAAM,CAAC,CAACC,aAAAA,GAAAA;AACjD,QAAA,OAAOL,YAAYG,UAAU,CAACE,aAAAA,CAAc,CAACC,IAAI,KAAK,UAAA;AACxD,IAAA,CAAA,CAAA;AACF;AAEO,MAAMC,UAAAA,GAAa,CAACC,SAAAA,GACzBC,sBAAsBD,SAAAA,CAAAA,IAAc;AAAC,QAAA,UAAA;AAAY,QAAA;AAAY,KAAA,CAACE,QAAQ,CAACF,SAAAA,CAAUG,QAAQ;AAEpF,MAAMC,WAAAA,GAAc,CAACJ,SAAAA,GAC1BC,sBAAsBD,SAAAA,CAAAA,IAAc;AAAC,QAAA,YAAA;AAAc,QAAA;AAAY,KAAA,CAACE,QAAQ,CAACF,SAAAA,CAAUG,QAAQ;AAEtF,MAAME,UAAAA,GAAa,CAACL,SAAAA,GACzBC,sBAAsBD,SAAAA,CAAAA,IAAc;AAAC,QAAA,UAAA;AAAY,QAAA;AAAY,KAAA,CAACE,QAAQ,CAACF,SAAAA,CAAUG,QAAQ;AAEpF,MAAMG,WAAAA,GAAc,CAACN,SAAAA,GAC1BC,sBAAsBD,SAAAA,CAAAA,IAAc;AAAC,QAAA,WAAA;AAAa,QAAA;AAAa,KAAA,CAACE,QAAQ,CAACF,SAAAA,CAAUG,QAAQ;AAEtF,MAAMI,aAAAA,GAAgB,CAACP,SAAAA,GAC5B;AAAC,QAAA,UAAA;AAAY,QAAA,WAAA;AAAa,QAAA,YAAA;AAAc,QAAA;AAAc,KAAA,CAACE,QAAQ,CAACF,SAAAA,CAAUG,QAAQ;MAEvEK,SAAAA,GAAY;AACvBlB,IAAAA;AACF;AAEA;AACA;MACamB,4BAAAA,GAA2E;IACtFC,MAAAA,EAAQC;AACV;;;;"}
package/dist/route-serialization.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"route-serialization.js","sources":["../src/route-serialization.ts"],"sourcesContent":["/*\n * Utility to sanitize content API route objects for safe JSON serialization.\n * Removes Zod validation fields (request/response) for safe serialization.\n *\n * NOTE: some content API routes are returned to the admin panel e.g. to\n * populate the users and permissions roles page. We need to ensure that the\n * routes can be serialized to JSON without errors.\n */\n\nexport const sanitizeRouteForSerialization = ({\n request,\n response,\n ...rest\n}: Record<string, unknown>) => rest as Record<string, unknown>;\n\nexport const sanitizeRoutesArrayForSerialization = (routes: unknown[]): Record<string, unknown>[] =>\n routes\n .filter((route): route is Record<string, unknown> => !!route && typeof route === 'object')\n .map(sanitizeRouteForSerialization);\n\nexport const sanitizeRoutesMapForSerialization = (\n map: Record<string, unknown[]>\n): Record<string, unknown> =>\n Object.entries(map).reduce(\n (acc, [key, value]) => ({\n ...acc,\n [key]: Array.isArray(value) ? sanitizeRoutesArrayForSerialization(value) : value,\n }),\n {}\n );\n"],"names":["sanitizeRouteForSerialization","request","response","rest","sanitizeRoutesArrayForSerialization","routes","filter","route","map","sanitizeRoutesMapForSerialization","Object","entries","reduce","acc","key","value","Array","isArray"],"mappings":";;AAAA;;;;;;;AAOC,IAEM,MAAMA,6BAAgC,GAAA,CAAC,EAC5CC,OAAO,EACPC,QAAQ,EACR,GAAGC,IACqB,EAAA,GAAKA;MAElBC,mCAAsC,GAAA,CAACC,MAClDA,GAAAA,MAAAA,CACGC,MAAM,CAAC,CAACC,KAA4C,GAAA,CAAC,CAACA,KAAS,IAAA,OAAOA,UAAU,QAChFC,CAAAA,CAAAA,GAAG,CAACR,6BAA+B;MAE3BS,iCAAoC,GAAA,CAC/CD,GAEAE,GAAAA,MAAAA,CAAOC,OAAO,CAACH,GAAAA,CAAAA,CAAKI,MAAM,CACxB,CAACC,GAAK,EAAA,CAACC,GAAKC,EAAAA,KAAAA,CAAM,IAAM;AACtB,YAAA,GAAGF,GAAG;AACN,YAAA,CAACC,MAAME,KAAAA,CAAMC,OAAO,CAACF,KAAAA,CAAAA,GAASX,oCAAoCW,KAASA,CAAAA,GAAAA;SAC7E,CAAA,EACA,EACA;;;;;;"}
1
+ {"version":3,"file":"route-serialization.js","sources":["../src/route-serialization.ts"],"sourcesContent":["/*\n * Utility to sanitize content API route objects for safe JSON serialization.\n * Removes Zod validation fields (request/response) for safe serialization.\n *\n * NOTE: some content API routes are returned to the admin panel e.g. to\n * populate the users and permissions roles page. We need to ensure that the\n * routes can be serialized to JSON without errors.\n */\n\nexport const sanitizeRouteForSerialization = ({\n request,\n response,\n ...rest\n}: Record<string, unknown>) => rest as Record<string, unknown>;\n\nexport const sanitizeRoutesArrayForSerialization = (routes: unknown[]): Record<string, unknown>[] =>\n routes\n .filter((route): route is Record<string, unknown> => !!route && typeof route === 'object')\n .map(sanitizeRouteForSerialization);\n\nexport const sanitizeRoutesMapForSerialization = (\n map: Record<string, unknown[]>\n): Record<string, unknown> =>\n Object.entries(map).reduce(\n (acc, [key, value]) => ({\n ...acc,\n [key]: Array.isArray(value) ? sanitizeRoutesArrayForSerialization(value) : value,\n }),\n {}\n );\n"],"names":["sanitizeRouteForSerialization","request","response","rest","sanitizeRoutesArrayForSerialization","routes","filter","route","map","sanitizeRoutesMapForSerialization","Object","entries","reduce","acc","key","value","Array","isArray"],"mappings":";;AAAA;;;;;;;AAOC,IAEM,MAAMA,6BAAAA,GAAgC,CAAC,EAC5CC,OAAO,EACPC,QAAQ,EACR,GAAGC,IAAAA,EACqB,GAAKA;MAElBC,mCAAAA,GAAsC,CAACC,MAAAA,GAClDA,MAAAA,CACGC,MAAM,CAAC,CAACC,KAAAA,GAA4C,CAAC,CAACA,KAAAA,IAAS,OAAOA,UAAU,QAAA,CAAA,CAChFC,GAAG,CAACR,6BAAAA;MAEIS,iCAAAA,GAAoC,CAC/CD,GAAAA,GAEAE,MAAAA,CAAOC,OAAO,CAACH,GAAAA,CAAAA,CAAKI,MAAM,CACxB,CAACC,GAAAA,EAAK,CAACC,GAAAA,EAAKC,KAAAA,CAAM,IAAM;AACtB,YAAA,GAAGF,GAAG;AACN,YAAA,CAACC,MAAME,KAAAA,CAAMC,OAAO,CAACF,KAAAA,CAAAA,GAASX,oCAAoCW,KAAAA,CAAAA,GAASA;SAC7E,CAAA,EACA,EAAC;;;;;;"}
package/dist/route-serialization.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"route-serialization.mjs","sources":["../src/route-serialization.ts"],"sourcesContent":["/*\n * Utility to sanitize content API route objects for safe JSON serialization.\n * Removes Zod validation fields (request/response) for safe serialization.\n *\n * NOTE: some content API routes are returned to the admin panel e.g. to\n * populate the users and permissions roles page. We need to ensure that the\n * routes can be serialized to JSON without errors.\n */\n\nexport const sanitizeRouteForSerialization = ({\n request,\n response,\n ...rest\n}: Record<string, unknown>) => rest as Record<string, unknown>;\n\nexport const sanitizeRoutesArrayForSerialization = (routes: unknown[]): Record<string, unknown>[] =>\n routes\n .filter((route): route is Record<string, unknown> => !!route && typeof route === 'object')\n .map(sanitizeRouteForSerialization);\n\nexport const sanitizeRoutesMapForSerialization = (\n map: Record<string, unknown[]>\n): Record<string, unknown> =>\n Object.entries(map).reduce(\n (acc, [key, value]) => ({\n ...acc,\n [key]: Array.isArray(value) ? sanitizeRoutesArrayForSerialization(value) : value,\n }),\n {}\n );\n"],"names":["sanitizeRouteForSerialization","request","response","rest","sanitizeRoutesArrayForSerialization","routes","filter","route","map","sanitizeRoutesMapForSerialization","Object","entries","reduce","acc","key","value","Array","isArray"],"mappings":"AAAA;;;;;;;AAOC,IAEM,MAAMA,6BAAgC,GAAA,CAAC,EAC5CC,OAAO,EACPC,QAAQ,EACR,GAAGC,IACqB,EAAA,GAAKA;MAElBC,mCAAsC,GAAA,CAACC,MAClDA,GAAAA,MAAAA,CACGC,MAAM,CAAC,CAACC,KAA4C,GAAA,CAAC,CAACA,KAAS,IAAA,OAAOA,UAAU,QAChFC,CAAAA,CAAAA,GAAG,CAACR,6BAA+B;MAE3BS,iCAAoC,GAAA,CAC/CD,GAEAE,GAAAA,MAAAA,CAAOC,OAAO,CAACH,GAAAA,CAAAA,CAAKI,MAAM,CACxB,CAACC,GAAK,EAAA,CAACC,GAAKC,EAAAA,KAAAA,CAAM,IAAM;AACtB,YAAA,GAAGF,GAAG;AACN,YAAA,CAACC,MAAME,KAAAA,CAAMC,OAAO,CAACF,KAAAA,CAAAA,GAASX,oCAAoCW,KAASA,CAAAA,GAAAA;SAC7E,CAAA,EACA,EACA;;;;"}
1
+ {"version":3,"file":"route-serialization.mjs","sources":["../src/route-serialization.ts"],"sourcesContent":["/*\n * Utility to sanitize content API route objects for safe JSON serialization.\n * Removes Zod validation fields (request/response) for safe serialization.\n *\n * NOTE: some content API routes are returned to the admin panel e.g. to\n * populate the users and permissions roles page. We need to ensure that the\n * routes can be serialized to JSON without errors.\n */\n\nexport const sanitizeRouteForSerialization = ({\n request,\n response,\n ...rest\n}: Record<string, unknown>) => rest as Record<string, unknown>;\n\nexport const sanitizeRoutesArrayForSerialization = (routes: unknown[]): Record<string, unknown>[] =>\n routes\n .filter((route): route is Record<string, unknown> => !!route && typeof route === 'object')\n .map(sanitizeRouteForSerialization);\n\nexport const sanitizeRoutesMapForSerialization = (\n map: Record<string, unknown[]>\n): Record<string, unknown> =>\n Object.entries(map).reduce(\n (acc, [key, value]) => ({\n ...acc,\n [key]: Array.isArray(value) ? sanitizeRoutesArrayForSerialization(value) : value,\n }),\n {}\n );\n"],"names":["sanitizeRouteForSerialization","request","response","rest","sanitizeRoutesArrayForSerialization","routes","filter","route","map","sanitizeRoutesMapForSerialization","Object","entries","reduce","acc","key","value","Array","isArray"],"mappings":"AAAA;;;;;;;AAOC,IAEM,MAAMA,6BAAAA,GAAgC,CAAC,EAC5CC,OAAO,EACPC,QAAQ,EACR,GAAGC,IAAAA,EACqB,GAAKA;MAElBC,mCAAAA,GAAsC,CAACC,MAAAA,GAClDA,MAAAA,CACGC,MAAM,CAAC,CAACC,KAAAA,GAA4C,CAAC,CAACA,KAAAA,IAAS,OAAOA,UAAU,QAAA,CAAA,CAChFC,GAAG,CAACR,6BAAAA;MAEIS,iCAAAA,GAAoC,CAC/CD,GAAAA,GAEAE,MAAAA,CAAOC,OAAO,CAACH,GAAAA,CAAAA,CAAKI,MAAM,CACxB,CAACC,GAAAA,EAAK,CAACC,GAAAA,EAAKC,KAAAA,CAAM,IAAM;AACtB,YAAA,GAAGF,GAAG;AACN,YAAA,CAACC,MAAME,KAAAA,CAAMC,OAAO,CAACF,KAAAA,CAAAA,GAASX,oCAAoCW,KAAAA,CAAAA,GAASA;SAC7E,CAAA,EACA,EAAC;;;;"}
package/dist/sanitize/index.js CHANGED
@@ -13,8 +13,8 @@ var querySort = require('../traverse/query-sort.js');
13
13
  var queryPopulate = require('../traverse/query-populate.js');
14
14
  require('../traverse/query-fields.js');
15
15
  var removeUnrecognizedFields = require('./visitors/remove-unrecognized-fields.js');
16
- var removeRestrictedFields = require('./visitors/remove-restricted-fields.js');
17
16
  var removeRestrictedRelations = require('./visitors/remove-restricted-relations.js');
17
+ var removeRestrictedFields = require('./visitors/remove-restricted-fields.js');
18
18
 
19
19
  const createAPISanitizers = (opts)=>{
20
20
  const { getModel } = opts;
package/dist/sanitize/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sources":["../../src/sanitize/index.ts"],"sourcesContent":["import { CurriedFunction1 } from 'lodash';\nimport { isArray, cloneDeep, omit, pick } from 'lodash/fp';\nimport type { z } from 'zod/v4';\n\nimport { constants, getNonWritableAttributes } from '../content-types';\nimport { ALLOWED_QUERY_PARAM_KEYS } from '../content-api-constants';\nimport {\n type RouteLike,\n getExtraQueryKeysFromRoute,\n getExtraRootKeysFromRouteBody,\n} from '../content-api-route-params';\nimport { pipe as pipeAsync } from '../async';\n\nimport * as visitors from './visitors';\nimport * as sanitizers from './sanitizers';\nimport traverseEntity from '../traverse-entity';\n\nimport { traverseQueryFilters, traverseQuerySort, traverseQueryPopulate } from '../traverse';\nimport type { Model, Data } from '../types';\n\nexport interface Options {\n auth?: unknown;\n /**\n * If true, removes fields that are not declared in the schema (input) or keeps only allowed query param keys (query).\n * Defaults to false for backward compatibility.\n * TODO: In Strapi 6, strictParams will default to true (and may be removed as an option)\n */\n strictParams?: boolean;\n /**\n * When set, extra query/input params are derived from the route's request schema (and validated/sanitized with Zod).\n * When absent, no extra params are allowed in strict mode.\n */\n route?: RouteLike;\n}\n\nexport interface Sanitizer {\n (schema: Model): CurriedFunction1<Data, Promise<Data>>;\n}\nexport interface SanitizeFunc {\n (data: unknown, schema: Model, options?: Options): Promise<unknown>;\n}\n\nexport type SanitizeQueryParamHandler = (\n value: unknown,\n schema: Model,\n options?: Options\n) => Promise<unknown>;\n\nexport type SanitizeBodyParamHandler = (\n value: unknown,\n schema: Model,\n options?: Options\n) => Promise<unknown>;\n\nexport interface APIOptions {\n sanitizers?: Sanitizers;\n getModel: (model: string) => Model;\n}\n\nexport interface Sanitizers {\n input?: Sanitizer[];\n output?: Sanitizer[];\n}\n\nconst createAPISanitizers = (opts: APIOptions) => {\n const { getModel } = opts;\n\n const sanitizeInput: SanitizeFunc = (\n data: unknown,\n schema: Model,\n { auth, strictParams = false, route } = {}\n ) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeInput');\n }\n if (isArray(data)) {\n return Promise.all(\n data.map((entry) => sanitizeInput(entry, schema, { auth, strictParams, route }))\n );\n }\n\n const allowedExtraRootKeys = getExtraRootKeysFromRouteBody(route);\n\n const nonWritableAttributes = getNonWritableAttributes(schema);\n\n const transforms = [\n // Remove first level ID in inputs\n omit(constants.ID_ATTRIBUTE),\n omit(constants.DOC_ID_ATTRIBUTE),\n // Remove non-writable attributes\n traverseEntity(visitors.removeRestrictedFields(nonWritableAttributes), { schema, getModel }),\n ];\n\n if (strictParams) {\n // Remove unrecognized fields (allowedExtraRootKeys = registered input param keys)\n transforms.push(\n traverseEntity(visitors.removeUnrecognizedFields, {\n schema,\n getModel,\n allowedExtraRootKeys,\n })\n );\n }\n\n if (auth) {\n // Remove restricted relations\n transforms.push(\n traverseEntity(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n // Apply sanitizers from registry if exists\n opts?.sanitizers?.input?.forEach((sanitizer: Sanitizer) => transforms.push(sanitizer(schema)));\n\n /**\n * For each extra root key from the route's body schema present in data, run Zod safeParse.\n * If parsing fails, the key is removed from the output.\n *\n * Content-api sends the document payload as body.data; the controller calls sanitizeInput(body.data, ctx),\n * so the input we receive here is the inner payload (keys like \"relatedMedia\", \"name\"), not the full body.\n * The route's body schema is z.object({ data: ... }), so its shape includes \"data\". We skip \"data\" because\n * the main document payload is already sanitized above by traverseEntity (removeUnrecognizedFields, etc.);\n * relation ops (connect/disconnect/set) are handled there, not by the route's Zod schema. We only run\n * Zod here for truly extra root keys added via addInputParams (e.g. clientMutationId).\n */\n const routeBodySanitizeTransform = async (data: Data): Promise<Data> => {\n if (!data || typeof data !== 'object' || Array.isArray(data)) return data;\n const obj = data as Record<string, unknown>;\n const bodySchema = route?.request?.body?.['application/json'];\n if (bodySchema && typeof bodySchema === 'object' && 'shape' in bodySchema) {\n const shape = (bodySchema as { shape: Record<string, z.ZodTypeAny> }).shape;\n for (const key of Object.keys(shape)) {\n if (key === 'data' || !(key in obj)) continue;\n const zodSchema = shape[key];\n if (zodSchema && typeof (zodSchema as z.ZodTypeAny).safeParse === 'function') {\n const result = (zodSchema as z.ZodTypeAny).safeParse(obj[key]);\n if (result.success) {\n obj[key] = result.data;\n } else {\n delete obj[key];\n }\n }\n }\n }\n return data;\n };\n (transforms as Array<(data: Data) => Data | Promise<Data>>).push(routeBodySanitizeTransform);\n\n return pipeAsync(...transforms)(data as Data);\n };\n\n const sanitizeOutput: SanitizeFunc = async (data, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeOutput');\n }\n if (isArray(data)) {\n const res = new Array(data.length);\n for (let i = 0; i < data.length; i += 1) {\n res[i] = await sanitizeOutput(data[i], schema, { auth });\n }\n return res;\n }\n\n const transforms = [\n (data: Data) => sanitizers.defaultSanitizeOutput({ schema, getModel }, data),\n ];\n\n if (auth) {\n transforms.push(\n traverseEntity(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n // Apply sanitizers from registry if exists\n opts?.sanitizers?.output?.forEach((sanitizer: Sanitizer) => transforms.push(sanitizer(schema)));\n\n return pipeAsync(...transforms)(data as Data);\n };\n\n const sanitizeQuery = async (\n query: Record<string, unknown>,\n schema: Model,\n { auth, strictParams = false, route }: Options = {}\n ) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeQuery');\n }\n const { filters, sort, fields, populate } = query;\n\n const sanitizedQuery = cloneDeep(query);\n\n if (filters) {\n Object.assign(sanitizedQuery, { filters: await sanitizeFilters(filters, schema, { auth }) });\n }\n\n if (sort) {\n Object.assign(sanitizedQuery, { sort: await sanitizeSort(sort, schema, { auth }) });\n }\n\n if (fields) {\n Object.assign(sanitizedQuery, { fields: await sanitizeFields(fields, schema) });\n }\n\n if (populate) {\n Object.assign(sanitizedQuery, { populate: await sanitizePopulate(populate, schema) });\n }\n\n const extraQueryKeys = getExtraQueryKeysFromRoute(route);\n const routeQuerySchema = route?.request?.query;\n if (routeQuerySchema) {\n for (const key of extraQueryKeys) {\n if (key in query) {\n const zodSchema = routeQuerySchema[key];\n if (zodSchema && typeof (zodSchema as z.ZodTypeAny).safeParse === 'function') {\n const result = (zodSchema as z.ZodTypeAny).safeParse(query[key]);\n if (result.success) {\n sanitizedQuery[key] = result.data;\n } else {\n delete sanitizedQuery[key];\n }\n }\n }\n }\n }\n\n if (strictParams) {\n const allowedKeys = [...ALLOWED_QUERY_PARAM_KEYS, ...extraQueryKeys];\n return pick(allowedKeys, sanitizedQuery) as Record<string, unknown>;\n }\n\n return sanitizedQuery;\n };\n\n const sanitizeFilters: SanitizeFunc = (filters, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeFilters');\n }\n if (isArray(filters)) {\n return Promise.all(filters.map((filter) => sanitizeFilters(filter, schema, { auth })));\n }\n\n const transforms = [sanitizers.defaultSanitizeFilters({ schema, getModel })];\n\n if (auth) {\n transforms.push(\n traverseQueryFilters(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n return pipeAsync(...transforms)(filters);\n };\n\n const sanitizeSort: SanitizeFunc = (sort, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeSort');\n }\n const transforms = [sanitizers.defaultSanitizeSort({ schema, getModel })];\n\n if (auth) {\n transforms.push(\n traverseQuerySort(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n return pipeAsync(...transforms)(sort);\n };\n\n const sanitizeFields: SanitizeFunc = (fields, schema: Model) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeFields');\n }\n const transforms = [sanitizers.defaultSanitizeFields({ schema, getModel })];\n\n return pipeAsync(...transforms)(fields);\n };\n\n const sanitizePopulate: SanitizeFunc = (populate, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizePopulate');\n }\n const transforms = [sanitizers.defaultSanitizePopulate({ schema, getModel })];\n\n if (auth) {\n transforms.push(\n traverseQueryPopulate(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n return pipeAsync(...transforms)(populate);\n };\n\n return {\n input: sanitizeInput,\n output: sanitizeOutput,\n query: sanitizeQuery,\n filters: sanitizeFilters,\n sort: sanitizeSort,\n fields: sanitizeFields,\n populate: sanitizePopulate,\n };\n};\n\nexport { createAPISanitizers, sanitizers, visitors };\n\nexport type APISanitiers = ReturnType<typeof createAPISanitizers>;\n"],"names":["createAPISanitizers","opts","getModel","sanitizeInput","data","schema","auth","strictParams","route","Error","isArray","Promise","all","map","entry","allowedExtraRootKeys","getExtraRootKeysFromRouteBody","nonWritableAttributes","getNonWritableAttributes","transforms","omit","constants","ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","traverseEntity","visitors","push","sanitizers","input","forEach","sanitizer","routeBodySanitizeTransform","Array","obj","bodySchema","request","body","shape","key","Object","keys","zodSchema","safeParse","result","success","pipeAsync","sanitizeOutput","res","length","i","output","sanitizeQuery","query","filters","sort","fields","populate","sanitizedQuery","cloneDeep","assign","sanitizeFilters","sanitizeSort","sanitizeFields","sanitizePopulate","extraQueryKeys","getExtraQueryKeysFromRoute","routeQuerySchema","allowedKeys","ALLOWED_QUERY_PARAM_KEYS","pick","filter","traverseQueryFilters","traverseQuerySort","traverseQueryPopulate"],"mappings":";;;;;;;;;;;;;;;;;;AAgEA,MAAMA,sBAAsB,CAACC,IAAAA,GAAAA;IAC3B,MAAM,EAAEC,QAAQ,EAAE,GAAGD,IAAAA;AAErB,IAAA,MAAME,aAA8B,GAAA,CAClCC,IACAC,EAAAA,MAAAA,EACA,EAAEC,IAAI,EAAEC,YAAe,GAAA,KAAK,EAAEC,KAAK,EAAE,GAAG,EAAE,GAAA;AAE1C,QAAA,IAAI,CAACH,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,iCAAA,CAAA;AAClB;AACA,QAAA,IAAIC,WAAQN,IAAO,CAAA,EAAA;YACjB,OAAOO,OAAAA,CAAQC,GAAG,CAChBR,IAAKS,CAAAA,GAAG,CAAC,CAACC,KAAAA,GAAUX,aAAcW,CAAAA,KAAAA,EAAOT,MAAQ,EAAA;AAAEC,oBAAAA,IAAAA;AAAMC,oBAAAA,YAAAA;AAAcC,oBAAAA;AAAM,iBAAA,CAAA,CAAA,CAAA;AAEjF;AAEA,QAAA,MAAMO,uBAAuBC,mDAA8BR,CAAAA,KAAAA,CAAAA;AAE3D,QAAA,MAAMS,wBAAwBC,qCAAyBb,CAAAA,MAAAA,CAAAA;AAEvD,QAAA,MAAMc,UAAa,GAAA;;AAEjBC,YAAAA,OAAAA,CAAKC,uBAAUC,YAAY,CAAA;AAC3BF,YAAAA,OAAAA,CAAKC,uBAAUE,gBAAgB,CAAA;;YAE/BC,cAAeC,CAAAA,sBAA+B,CAACR,qBAAwB,CAAA,EAAA;AAAEZ,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAC3F,SAAA;AAED,QAAA,IAAIK,YAAc,EAAA;;AAEhBY,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAeC,CAAAA,wBAAiC,EAAE;AAChDpB,gBAAAA,MAAAA;AACAH,gBAAAA,QAAAA;AACAa,gBAAAA;AACF,aAAA,CAAA,CAAA;AAEJ;AAEA,QAAA,IAAIT,IAAM,EAAA;;AAERa,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAAA,CAAeC,yBAAkC,CAACnB,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEhF;;QAGAD,IAAM0B,EAAAA,UAAAA,EAAYC,OAAOC,OAAQ,CAAA,CAACC,YAAyBX,UAAWO,CAAAA,IAAI,CAACI,SAAUzB,CAAAA,MAAAA,CAAAA,CAAAA,CAAAA;AAErF;;;;;;;;;;QAWA,MAAM0B,6BAA6B,OAAO3B,IAAAA,GAAAA;YACxC,IAAI,CAACA,QAAQ,OAAOA,IAAAA,KAAS,YAAY4B,KAAMtB,CAAAA,OAAO,CAACN,IAAAA,CAAAA,EAAO,OAAOA,IAAAA;AACrE,YAAA,MAAM6B,GAAM7B,GAAAA,IAAAA;AACZ,YAAA,MAAM8B,UAAa1B,GAAAA,KAAAA,EAAO2B,OAASC,EAAAA,IAAAA,GAAO,kBAAmB,CAAA;AAC7D,YAAA,IAAIF,UAAc,IAAA,OAAOA,UAAe,KAAA,QAAA,IAAY,WAAWA,UAAY,EAAA;gBACzE,MAAMG,KAAAA,GAAQ,UAACH,CAAuDG,KAAK;AAC3E,gBAAA,KAAK,MAAMC,GAAAA,IAAOC,MAAOC,CAAAA,IAAI,CAACH,KAAQ,CAAA,CAAA;AACpC,oBAAA,IAAIC,QAAQ,MAAU,IAAA,EAAEA,GAAAA,IAAOL,GAAE,CAAI,EAAA;oBACrC,MAAMQ,SAAAA,GAAYJ,KAAK,CAACC,GAAI,CAAA;AAC5B,oBAAA,IAAIG,aAAa,OAAQA,SAA2BC,CAAAA,SAAS,KAAK,UAAY,EAAA;AAC5E,wBAAA,MAAMC,SAAS,SAACF,CAA2BC,SAAS,CAACT,GAAG,CAACK,GAAI,CAAA,CAAA;wBAC7D,IAAIK,MAAAA,CAAOC,OAAO,EAAE;AAClBX,4BAAAA,GAAG,CAACK,GAAAA,CAAI,GAAGK,MAAAA,CAAOvC,IAAI;yBACjB,MAAA;4BACL,OAAO6B,GAAG,CAACK,GAAI,CAAA;AACjB;AACF;AACF;AACF;YACA,OAAOlC,IAAAA;AACT,SAAA;AACCe,QAAAA,UAAAA,CAA2DO,IAAI,CAACK,0BAAAA,CAAAA;AAEjE,QAAA,OAAOc,cAAa1B,UAAYf,CAAAA,CAAAA,IAAAA,CAAAA;AAClC,KAAA;IAEA,MAAM0C,cAAAA,GAA+B,OAAO1C,IAAMC,EAAAA,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC5E,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,kCAAA,CAAA;AAClB;AACA,QAAA,IAAIC,WAAQN,IAAO,CAAA,EAAA;AACjB,YAAA,MAAM2C,GAAM,GAAA,IAAIf,KAAM5B,CAAAA,IAAAA,CAAK4C,MAAM,CAAA;YACjC,IAAK,IAAIC,IAAI,CAAGA,EAAAA,CAAAA,GAAI7C,KAAK4C,MAAM,EAAEC,KAAK,CAAG,CAAA;gBACvCF,GAAG,CAACE,EAAE,GAAG,MAAMH,eAAe1C,IAAI,CAAC6C,CAAE,CAAA,EAAE5C,MAAQ,EAAA;AAAEC,oBAAAA;AAAK,iBAAA,CAAA;AACxD;YACA,OAAOyC,GAAAA;AACT;AAEA,QAAA,MAAM5B,UAAa,GAAA;YACjB,CAACf,IAAAA,GAAeuB,gCAAgC,CAAC;AAAEtB,oBAAAA,MAAAA;AAAQH,oBAAAA;iBAAYE,EAAAA,IAAAA;AACxE,SAAA;AAED,QAAA,IAAIE,IAAM,EAAA;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAAA,CAAeC,yBAAkC,CAACnB,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEhF;;QAGAD,IAAM0B,EAAAA,UAAAA,EAAYuB,QAAQrB,OAAQ,CAAA,CAACC,YAAyBX,UAAWO,CAAAA,IAAI,CAACI,SAAUzB,CAAAA,MAAAA,CAAAA,CAAAA,CAAAA;AAEtF,QAAA,OAAOwC,cAAa1B,UAAYf,CAAAA,CAAAA,IAAAA,CAAAA;AAClC,KAAA;AAEA,IAAA,MAAM+C,aAAgB,GAAA,OACpBC,KACA/C,EAAAA,MAAAA,EACA,EAAEC,IAAI,EAAEC,YAAe,GAAA,KAAK,EAAEC,KAAK,EAAW,GAAG,EAAE,GAAA;AAEnD,QAAA,IAAI,CAACH,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,iCAAA,CAAA;AAClB;QACA,MAAM,EAAE4C,OAAO,EAAEC,IAAI,EAAEC,MAAM,EAAEC,QAAQ,EAAE,GAAGJ,KAAAA;AAE5C,QAAA,MAAMK,iBAAiBC,YAAUN,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,IAAIC,OAAS,EAAA;YACXd,MAAOoB,CAAAA,MAAM,CAACF,cAAgB,EAAA;gBAAEJ,OAAS,EAAA,MAAMO,eAAgBP,CAAAA,OAAAA,EAAShD,MAAQ,EAAA;AAAEC,oBAAAA;AAAK,iBAAA;AAAG,aAAA,CAAA;AAC5F;AAEA,QAAA,IAAIgD,IAAM,EAAA;YACRf,MAAOoB,CAAAA,MAAM,CAACF,cAAgB,EAAA;gBAAEH,IAAM,EAAA,MAAMO,YAAaP,CAAAA,IAAAA,EAAMjD,MAAQ,EAAA;AAAEC,oBAAAA;AAAK,iBAAA;AAAG,aAAA,CAAA;AACnF;AAEA,QAAA,IAAIiD,MAAQ,EAAA;YACVhB,MAAOoB,CAAAA,MAAM,CAACF,cAAgB,EAAA;gBAAEF,MAAQ,EAAA,MAAMO,eAAeP,MAAQlD,EAAAA,MAAAA;AAAQ,aAAA,CAAA;AAC/E;AAEA,QAAA,IAAImD,QAAU,EAAA;YACZjB,MAAOoB,CAAAA,MAAM,CAACF,cAAgB,EAAA;gBAAED,QAAU,EAAA,MAAMO,iBAAiBP,QAAUnD,EAAAA,MAAAA;AAAQ,aAAA,CAAA;AACrF;AAEA,QAAA,MAAM2D,iBAAiBC,gDAA2BzD,CAAAA,KAAAA,CAAAA;QAClD,MAAM0D,gBAAAA,GAAmB1D,OAAO2B,OAASiB,EAAAA,KAAAA;AACzC,QAAA,IAAIc,gBAAkB,EAAA;YACpB,KAAK,MAAM5B,OAAO0B,cAAgB,CAAA;AAChC,gBAAA,IAAI1B,OAAOc,KAAO,EAAA;oBAChB,MAAMX,SAAAA,GAAYyB,gBAAgB,CAAC5B,GAAI,CAAA;AACvC,oBAAA,IAAIG,aAAa,OAAQA,SAA2BC,CAAAA,SAAS,KAAK,UAAY,EAAA;AAC5E,wBAAA,MAAMC,SAAS,SAACF,CAA2BC,SAAS,CAACU,KAAK,CAACd,GAAI,CAAA,CAAA;wBAC/D,IAAIK,MAAAA,CAAOC,OAAO,EAAE;AAClBa,4BAAAA,cAAc,CAACnB,GAAAA,CAAI,GAAGK,MAAAA,CAAOvC,IAAI;yBAC5B,MAAA;4BACL,OAAOqD,cAAc,CAACnB,GAAI,CAAA;AAC5B;AACF;AACF;AACF;AACF;AAEA,QAAA,IAAI/B,YAAc,EAAA;AAChB,YAAA,MAAM4D,WAAc,GAAA;AAAIC,gBAAAA,GAAAA,4CAAAA;AAA6BJ,gBAAAA,GAAAA;AAAe,aAAA;AACpE,YAAA,OAAOK,QAAKF,WAAaV,EAAAA,cAAAA,CAAAA;AAC3B;QAEA,OAAOA,cAAAA;AACT,KAAA;IAEA,MAAMG,eAAAA,GAAgC,CAACP,OAAShD,EAAAA,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC1E,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,mCAAA,CAAA;AAClB;AACA,QAAA,IAAIC,WAAQ2C,OAAU,CAAA,EAAA;YACpB,OAAO1C,OAAAA,CAAQC,GAAG,CAACyC,OAAQxC,CAAAA,GAAG,CAAC,CAACyD,MAAAA,GAAWV,eAAgBU,CAAAA,MAAAA,EAAQjE,MAAQ,EAAA;AAAEC,oBAAAA;AAAK,iBAAA,CAAA,CAAA,CAAA;AACpF;AAEA,QAAA,MAAMa,UAAa,GAAA;AAACQ,YAAAA,iCAAiC,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE5E,QAAA,IAAII,IAAM,EAAA;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACb6C,YAAAA,CAAqB9C,yBAAkC,CAACnB,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEtF;AAEA,QAAA,OAAO2C,cAAa1B,UAAYkC,CAAAA,CAAAA,OAAAA,CAAAA;AAClC,KAAA;IAEA,MAAMQ,YAAAA,GAA6B,CAACP,IAAMjD,EAAAA,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AACpE,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,gCAAA,CAAA;AAClB;AACA,QAAA,MAAMU,UAAa,GAAA;AAACQ,YAAAA,8BAA8B,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAEzE,QAAA,IAAII,IAAM,EAAA;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACb8C,SAAAA,CAAkB/C,yBAAkC,CAACnB,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEnF;AAEA,QAAA,OAAO2C,cAAa1B,UAAYmC,CAAAA,CAAAA,IAAAA,CAAAA;AAClC,KAAA;IAEA,MAAMQ,cAAAA,GAA+B,CAACP,MAAQlD,EAAAA,MAAAA,GAAAA;AAC5C,QAAA,IAAI,CAACA,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,kCAAA,CAAA;AAClB;AACA,QAAA,MAAMU,UAAa,GAAA;AAACQ,YAAAA,gCAAgC,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE3E,QAAA,OAAO2C,cAAa1B,UAAYoC,CAAAA,CAAAA,MAAAA,CAAAA;AAClC,KAAA;IAEA,MAAMQ,gBAAAA,GAAiC,CAACP,QAAUnD,EAAAA,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC5E,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,oCAAA,CAAA;AAClB;AACA,QAAA,MAAMU,UAAa,GAAA;AAACQ,YAAAA,kCAAkC,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE7E,QAAA,IAAII,IAAM,EAAA;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACb+C,aAAAA,CAAsBhD,yBAAkC,CAACnB,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEvF;AAEA,QAAA,OAAO2C,cAAa1B,UAAYqC,CAAAA,CAAAA,QAAAA,CAAAA;AAClC,KAAA;IAEA,OAAO;QACL5B,KAAOzB,EAAAA,aAAAA;QACP+C,MAAQJ,EAAAA,cAAAA;QACRM,KAAOD,EAAAA,aAAAA;QACPE,OAASO,EAAAA,eAAAA;QACTN,IAAMO,EAAAA,YAAAA;QACNN,MAAQO,EAAAA,cAAAA;QACRN,QAAUO,EAAAA;AACZ,KAAA;AACF;;;;;;"}
1
+ {"version":3,"file":"index.js","sources":["../../src/sanitize/index.ts"],"sourcesContent":["import { CurriedFunction1 } from 'lodash';\nimport { isArray, cloneDeep, omit, pick } from 'lodash/fp';\nimport type { z } from 'zod/v4';\n\nimport { constants, getNonWritableAttributes } from '../content-types';\nimport { ALLOWED_QUERY_PARAM_KEYS } from '../content-api-constants';\nimport {\n type RouteLike,\n getExtraQueryKeysFromRoute,\n getExtraRootKeysFromRouteBody,\n} from '../content-api-route-params';\nimport { pipe as pipeAsync } from '../async';\n\nimport * as visitors from './visitors';\nimport * as sanitizers from './sanitizers';\nimport traverseEntity from '../traverse-entity';\n\nimport { traverseQueryFilters, traverseQuerySort, traverseQueryPopulate } from '../traverse';\nimport type { Model, Data } from '../types';\n\nexport interface Options {\n auth?: unknown;\n /**\n * If true, removes fields that are not declared in the schema (input) or keeps only allowed query param keys (query).\n * Defaults to false for backward compatibility.\n * TODO: In Strapi 6, strictParams will default to true (and may be removed as an option)\n */\n strictParams?: boolean;\n /**\n * When set, extra query/input params are derived from the route's request schema (and validated/sanitized with Zod).\n * When absent, no extra params are allowed in strict mode.\n */\n route?: RouteLike;\n}\n\nexport interface Sanitizer {\n (schema: Model): CurriedFunction1<Data, Promise<Data>>;\n}\nexport interface SanitizeFunc {\n (data: unknown, schema: Model, options?: Options): Promise<unknown>;\n}\n\nexport type SanitizeQueryParamHandler = (\n value: unknown,\n schema: Model,\n options?: Options\n) => Promise<unknown>;\n\nexport type SanitizeBodyParamHandler = (\n value: unknown,\n schema: Model,\n options?: Options\n) => Promise<unknown>;\n\nexport interface APIOptions {\n sanitizers?: Sanitizers;\n getModel: (model: string) => Model;\n}\n\nexport interface Sanitizers {\n input?: Sanitizer[];\n output?: Sanitizer[];\n}\n\nconst createAPISanitizers = (opts: APIOptions) => {\n const { getModel } = opts;\n\n const sanitizeInput: SanitizeFunc = (\n data: unknown,\n schema: Model,\n { auth, strictParams = false, route } = {}\n ) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeInput');\n }\n if (isArray(data)) {\n return Promise.all(\n data.map((entry) => sanitizeInput(entry, schema, { auth, strictParams, route }))\n );\n }\n\n const allowedExtraRootKeys = getExtraRootKeysFromRouteBody(route);\n\n const nonWritableAttributes = getNonWritableAttributes(schema);\n\n const transforms = [\n // Remove first level ID in inputs\n omit(constants.ID_ATTRIBUTE),\n omit(constants.DOC_ID_ATTRIBUTE),\n // Remove non-writable attributes\n traverseEntity(visitors.removeRestrictedFields(nonWritableAttributes), { schema, getModel }),\n ];\n\n if (strictParams) {\n // Remove unrecognized fields (allowedExtraRootKeys = registered input param keys)\n transforms.push(\n traverseEntity(visitors.removeUnrecognizedFields, {\n schema,\n getModel,\n allowedExtraRootKeys,\n })\n );\n }\n\n if (auth) {\n // Remove restricted relations\n transforms.push(\n traverseEntity(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n // Apply sanitizers from registry if exists\n opts?.sanitizers?.input?.forEach((sanitizer: Sanitizer) => transforms.push(sanitizer(schema)));\n\n /**\n * For each extra root key from the route's body schema present in data, run Zod safeParse.\n * If parsing fails, the key is removed from the output.\n *\n * Content-api sends the document payload as body.data; the controller calls sanitizeInput(body.data, ctx),\n * so the input we receive here is the inner payload (keys like \"relatedMedia\", \"name\"), not the full body.\n * The route's body schema is z.object({ data: ... }), so its shape includes \"data\". We skip \"data\" because\n * the main document payload is already sanitized above by traverseEntity (removeUnrecognizedFields, etc.);\n * relation ops (connect/disconnect/set) are handled there, not by the route's Zod schema. We only run\n * Zod here for truly extra root keys added via addInputParams (e.g. clientMutationId).\n */\n const routeBodySanitizeTransform = async (data: Data): Promise<Data> => {\n if (!data || typeof data !== 'object' || Array.isArray(data)) return data;\n const obj = data as Record<string, unknown>;\n const bodySchema = route?.request?.body?.['application/json'];\n if (bodySchema && typeof bodySchema === 'object' && 'shape' in bodySchema) {\n const shape = (bodySchema as { shape: Record<string, z.ZodTypeAny> }).shape;\n for (const key of Object.keys(shape)) {\n if (key === 'data' || !(key in obj)) continue;\n const zodSchema = shape[key];\n if (zodSchema && typeof (zodSchema as z.ZodTypeAny).safeParse === 'function') {\n const result = (zodSchema as z.ZodTypeAny).safeParse(obj[key]);\n if (result.success) {\n obj[key] = result.data;\n } else {\n delete obj[key];\n }\n }\n }\n }\n return data;\n };\n (transforms as Array<(data: Data) => Data | Promise<Data>>).push(routeBodySanitizeTransform);\n\n return pipeAsync(...transforms)(data as Data);\n };\n\n const sanitizeOutput: SanitizeFunc = async (data, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeOutput');\n }\n if (isArray(data)) {\n const res = new Array(data.length);\n for (let i = 0; i < data.length; i += 1) {\n res[i] = await sanitizeOutput(data[i], schema, { auth });\n }\n return res;\n }\n\n const transforms = [\n (data: Data) => sanitizers.defaultSanitizeOutput({ schema, getModel }, data),\n ];\n\n if (auth) {\n transforms.push(\n traverseEntity(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n // Apply sanitizers from registry if exists\n opts?.sanitizers?.output?.forEach((sanitizer: Sanitizer) => transforms.push(sanitizer(schema)));\n\n return pipeAsync(...transforms)(data as Data);\n };\n\n const sanitizeQuery = async (\n query: Record<string, unknown>,\n schema: Model,\n { auth, strictParams = false, route }: Options = {}\n ) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeQuery');\n }\n const { filters, sort, fields, populate } = query;\n\n const sanitizedQuery = cloneDeep(query);\n\n if (filters) {\n Object.assign(sanitizedQuery, { filters: await sanitizeFilters(filters, schema, { auth }) });\n }\n\n if (sort) {\n Object.assign(sanitizedQuery, { sort: await sanitizeSort(sort, schema, { auth }) });\n }\n\n if (fields) {\n Object.assign(sanitizedQuery, { fields: await sanitizeFields(fields, schema) });\n }\n\n if (populate) {\n Object.assign(sanitizedQuery, { populate: await sanitizePopulate(populate, schema) });\n }\n\n const extraQueryKeys = getExtraQueryKeysFromRoute(route);\n const routeQuerySchema = route?.request?.query;\n if (routeQuerySchema) {\n for (const key of extraQueryKeys) {\n if (key in query) {\n const zodSchema = routeQuerySchema[key];\n if (zodSchema && typeof (zodSchema as z.ZodTypeAny).safeParse === 'function') {\n const result = (zodSchema as z.ZodTypeAny).safeParse(query[key]);\n if (result.success) {\n sanitizedQuery[key] = result.data;\n } else {\n delete sanitizedQuery[key];\n }\n }\n }\n }\n }\n\n if (strictParams) {\n const allowedKeys = [...ALLOWED_QUERY_PARAM_KEYS, ...extraQueryKeys];\n return pick(allowedKeys, sanitizedQuery) as Record<string, unknown>;\n }\n\n return sanitizedQuery;\n };\n\n const sanitizeFilters: SanitizeFunc = (filters, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeFilters');\n }\n if (isArray(filters)) {\n return Promise.all(filters.map((filter) => sanitizeFilters(filter, schema, { auth })));\n }\n\n const transforms = [sanitizers.defaultSanitizeFilters({ schema, getModel })];\n\n if (auth) {\n transforms.push(\n traverseQueryFilters(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n return pipeAsync(...transforms)(filters);\n };\n\n const sanitizeSort: SanitizeFunc = (sort, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeSort');\n }\n const transforms = [sanitizers.defaultSanitizeSort({ schema, getModel })];\n\n if (auth) {\n transforms.push(\n traverseQuerySort(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n return pipeAsync(...transforms)(sort);\n };\n\n const sanitizeFields: SanitizeFunc = (fields, schema: Model) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeFields');\n }\n const transforms = [sanitizers.defaultSanitizeFields({ schema, getModel })];\n\n return pipeAsync(...transforms)(fields);\n };\n\n const sanitizePopulate: SanitizeFunc = (populate, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizePopulate');\n }\n const transforms = [sanitizers.defaultSanitizePopulate({ schema, getModel })];\n\n if (auth) {\n transforms.push(\n traverseQueryPopulate(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n return pipeAsync(...transforms)(populate);\n };\n\n return {\n input: sanitizeInput,\n output: sanitizeOutput,\n query: sanitizeQuery,\n filters: sanitizeFilters,\n sort: sanitizeSort,\n fields: sanitizeFields,\n populate: sanitizePopulate,\n };\n};\n\nexport { createAPISanitizers, sanitizers, visitors };\n\nexport type APISanitiers = ReturnType<typeof createAPISanitizers>;\n"],"names":["createAPISanitizers","opts","getModel","sanitizeInput","data","schema","auth","strictParams","route","Error","isArray","Promise","all","map","entry","allowedExtraRootKeys","getExtraRootKeysFromRouteBody","nonWritableAttributes","getNonWritableAttributes","transforms","omit","constants","ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","traverseEntity","visitors","push","sanitizers","input","forEach","sanitizer","routeBodySanitizeTransform","Array","obj","bodySchema","request","body","shape","key","Object","keys","zodSchema","safeParse","result","success","pipeAsync","sanitizeOutput","res","length","i","output","sanitizeQuery","query","filters","sort","fields","populate","sanitizedQuery","cloneDeep","assign","sanitizeFilters","sanitizeSort","sanitizeFields","sanitizePopulate","extraQueryKeys","getExtraQueryKeysFromRoute","routeQuerySchema","allowedKeys","ALLOWED_QUERY_PARAM_KEYS","pick","filter","traverseQueryFilters","traverseQuerySort","traverseQueryPopulate"],"mappings":";;;;;;;;;;;;;;;;;;AAgEA,MAAMA,sBAAsB,CAACC,IAAAA,GAAAA;IAC3B,MAAM,EAAEC,QAAQ,EAAE,GAAGD,IAAAA;AAErB,IAAA,MAAME,aAAAA,GAA8B,CAClCC,IAAAA,EACAC,MAAAA,EACA,EAAEC,IAAI,EAAEC,YAAAA,GAAe,KAAK,EAAEC,KAAK,EAAE,GAAG,EAAE,GAAA;AAE1C,QAAA,IAAI,CAACH,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,iCAAA,CAAA;AAClB,QAAA;AACA,QAAA,IAAIC,WAAQN,IAAAA,CAAAA,EAAO;YACjB,OAAOO,OAAAA,CAAQC,GAAG,CAChBR,IAAAA,CAAKS,GAAG,CAAC,CAACC,KAAAA,GAAUX,aAAAA,CAAcW,KAAAA,EAAOT,MAAAA,EAAQ;AAAEC,oBAAAA,IAAAA;AAAMC,oBAAAA,YAAAA;AAAcC,oBAAAA;AAAM,iBAAA,CAAA,CAAA,CAAA;AAEjF,QAAA;AAEA,QAAA,MAAMO,uBAAuBC,mDAAAA,CAA8BR,KAAAA,CAAAA;AAE3D,QAAA,MAAMS,wBAAwBC,qCAAAA,CAAyBb,MAAAA,CAAAA;AAEvD,QAAA,MAAMc,UAAAA,GAAa;;AAEjBC,YAAAA,OAAAA,CAAKC,uBAAUC,YAAY,CAAA;AAC3BF,YAAAA,OAAAA,CAAKC,uBAAUE,gBAAgB,CAAA;;YAE/BC,cAAAA,CAAeC,sBAA+B,CAACR,qBAAAA,CAAAA,EAAwB;AAAEZ,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAC3F,SAAA;AAED,QAAA,IAAIK,YAAAA,EAAc;;AAEhBY,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAAA,CAAeC,wBAAiC,EAAE;AAChDpB,gBAAAA,MAAAA;AACAH,gBAAAA,QAAAA;AACAa,gBAAAA;AACF,aAAA,CAAA,CAAA;AAEJ,QAAA;AAEA,QAAA,IAAIT,IAAAA,EAAM;;AAERa,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAAA,CAAeC,yBAAkC,CAACnB,IAAAA,CAAAA,EAAO;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEhF,QAAA;;QAGAD,IAAAA,EAAM0B,UAAAA,EAAYC,OAAOC,OAAAA,CAAQ,CAACC,YAAyBX,UAAAA,CAAWO,IAAI,CAACI,SAAAA,CAAUzB,MAAAA,CAAAA,CAAAA,CAAAA;AAErF;;;;;;;;;;QAWA,MAAM0B,6BAA6B,OAAO3B,IAAAA,GAAAA;YACxC,IAAI,CAACA,QAAQ,OAAOA,IAAAA,KAAS,YAAY4B,KAAAA,CAAMtB,OAAO,CAACN,IAAAA,CAAAA,EAAO,OAAOA,IAAAA;AACrE,YAAA,MAAM6B,GAAAA,GAAM7B,IAAAA;AACZ,YAAA,MAAM8B,UAAAA,GAAa1B,KAAAA,EAAO2B,OAAAA,EAASC,IAAAA,GAAO,kBAAA,CAAmB;AAC7D,YAAA,IAAIF,UAAAA,IAAc,OAAOA,UAAAA,KAAe,QAAA,IAAY,WAAWA,UAAAA,EAAY;gBACzE,MAAMG,KAAAA,GAAQ,UAACH,CAAuDG,KAAK;AAC3E,gBAAA,KAAK,MAAMC,GAAAA,IAAOC,MAAAA,CAAOC,IAAI,CAACH,KAAAA,CAAAA,CAAQ;AACpC,oBAAA,IAAIC,QAAQ,MAAA,IAAU,EAAEA,GAAAA,IAAOL,GAAE,CAAA,EAAI;oBACrC,MAAMQ,SAAAA,GAAYJ,KAAK,CAACC,GAAAA,CAAI;AAC5B,oBAAA,IAAIG,aAAa,OAAQA,SAAAA,CAA2BC,SAAS,KAAK,UAAA,EAAY;AAC5E,wBAAA,MAAMC,SAAS,SAACF,CAA2BC,SAAS,CAACT,GAAG,CAACK,GAAAA,CAAI,CAAA;wBAC7D,IAAIK,MAAAA,CAAOC,OAAO,EAAE;AAClBX,4BAAAA,GAAG,CAACK,GAAAA,CAAI,GAAGK,MAAAA,CAAOvC,IAAI;wBACxB,CAAA,MAAO;4BACL,OAAO6B,GAAG,CAACK,GAAAA,CAAI;AACjB,wBAAA;AACF,oBAAA;AACF,gBAAA;AACF,YAAA;YACA,OAAOlC,IAAAA;AACT,QAAA,CAAA;AACCe,QAAAA,UAAAA,CAA2DO,IAAI,CAACK,0BAAAA,CAAAA;AAEjE,QAAA,OAAOc,cAAa1B,UAAAA,CAAAA,CAAYf,IAAAA,CAAAA;AAClC,IAAA,CAAA;IAEA,MAAM0C,cAAAA,GAA+B,OAAO1C,IAAAA,EAAMC,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC5E,QAAA,IAAI,CAACD,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,kCAAA,CAAA;AAClB,QAAA;AACA,QAAA,IAAIC,WAAQN,IAAAA,CAAAA,EAAO;AACjB,YAAA,MAAM2C,GAAAA,GAAM,IAAIf,KAAAA,CAAM5B,IAAAA,CAAK4C,MAAM,CAAA;YACjC,IAAK,IAAIC,IAAI,CAAA,EAAGA,CAAAA,GAAI7C,KAAK4C,MAAM,EAAEC,KAAK,CAAA,CAAG;gBACvCF,GAAG,CAACE,EAAE,GAAG,MAAMH,eAAe1C,IAAI,CAAC6C,CAAAA,CAAE,EAAE5C,MAAAA,EAAQ;AAAEC,oBAAAA;AAAK,iBAAA,CAAA;AACxD,YAAA;YACA,OAAOyC,GAAAA;AACT,QAAA;AAEA,QAAA,MAAM5B,UAAAA,GAAa;YACjB,CAACf,IAAAA,GAAeuB,gCAAgC,CAAC;AAAEtB,oBAAAA,MAAAA;AAAQH,oBAAAA;iBAAS,EAAGE,IAAAA;AACxE,SAAA;AAED,QAAA,IAAIE,IAAAA,EAAM;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAAA,CAAeC,yBAAkC,CAACnB,IAAAA,CAAAA,EAAO;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEhF,QAAA;;QAGAD,IAAAA,EAAM0B,UAAAA,EAAYuB,QAAQrB,OAAAA,CAAQ,CAACC,YAAyBX,UAAAA,CAAWO,IAAI,CAACI,SAAAA,CAAUzB,MAAAA,CAAAA,CAAAA,CAAAA;AAEtF,QAAA,OAAOwC,cAAa1B,UAAAA,CAAAA,CAAYf,IAAAA,CAAAA;AAClC,IAAA,CAAA;AAEA,IAAA,MAAM+C,aAAAA,GAAgB,OACpBC,KAAAA,EACA/C,MAAAA,EACA,EAAEC,IAAI,EAAEC,YAAAA,GAAe,KAAK,EAAEC,KAAK,EAAW,GAAG,EAAE,GAAA;AAEnD,QAAA,IAAI,CAACH,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,iCAAA,CAAA;AAClB,QAAA;QACA,MAAM,EAAE4C,OAAO,EAAEC,IAAI,EAAEC,MAAM,EAAEC,QAAQ,EAAE,GAAGJ,KAAAA;AAE5C,QAAA,MAAMK,iBAAiBC,YAAAA,CAAUN,KAAAA,CAAAA;AAEjC,QAAA,IAAIC,OAAAA,EAAS;YACXd,MAAAA,CAAOoB,MAAM,CAACF,cAAAA,EAAgB;gBAAEJ,OAAAA,EAAS,MAAMO,eAAAA,CAAgBP,OAAAA,EAAShD,MAAAA,EAAQ;AAAEC,oBAAAA;AAAK,iBAAA;AAAG,aAAA,CAAA;AAC5F,QAAA;AAEA,QAAA,IAAIgD,IAAAA,EAAM;YACRf,MAAAA,CAAOoB,MAAM,CAACF,cAAAA,EAAgB;gBAAEH,IAAAA,EAAM,MAAMO,YAAAA,CAAaP,IAAAA,EAAMjD,MAAAA,EAAQ;AAAEC,oBAAAA;AAAK,iBAAA;AAAG,aAAA,CAAA;AACnF,QAAA;AAEA,QAAA,IAAIiD,MAAAA,EAAQ;YACVhB,MAAAA,CAAOoB,MAAM,CAACF,cAAAA,EAAgB;gBAAEF,MAAAA,EAAQ,MAAMO,eAAeP,MAAAA,EAAQlD,MAAAA;AAAQ,aAAA,CAAA;AAC/E,QAAA;AAEA,QAAA,IAAImD,QAAAA,EAAU;YACZjB,MAAAA,CAAOoB,MAAM,CAACF,cAAAA,EAAgB;gBAAED,QAAAA,EAAU,MAAMO,iBAAiBP,QAAAA,EAAUnD,MAAAA;AAAQ,aAAA,CAAA;AACrF,QAAA;AAEA,QAAA,MAAM2D,iBAAiBC,gDAAAA,CAA2BzD,KAAAA,CAAAA;QAClD,MAAM0D,gBAAAA,GAAmB1D,OAAO2B,OAAAA,EAASiB,KAAAA;AACzC,QAAA,IAAIc,gBAAAA,EAAkB;YACpB,KAAK,MAAM5B,OAAO0B,cAAAA,CAAgB;AAChC,gBAAA,IAAI1B,OAAOc,KAAAA,EAAO;oBAChB,MAAMX,SAAAA,GAAYyB,gBAAgB,CAAC5B,GAAAA,CAAI;AACvC,oBAAA,IAAIG,aAAa,OAAQA,SAAAA,CAA2BC,SAAS,KAAK,UAAA,EAAY;AAC5E,wBAAA,MAAMC,SAAS,SAACF,CAA2BC,SAAS,CAACU,KAAK,CAACd,GAAAA,CAAI,CAAA;wBAC/D,IAAIK,MAAAA,CAAOC,OAAO,EAAE;AAClBa,4BAAAA,cAAc,CAACnB,GAAAA,CAAI,GAAGK,MAAAA,CAAOvC,IAAI;wBACnC,CAAA,MAAO;4BACL,OAAOqD,cAAc,CAACnB,GAAAA,CAAI;AAC5B,wBAAA;AACF,oBAAA;AACF,gBAAA;AACF,YAAA;AACF,QAAA;AAEA,QAAA,IAAI/B,YAAAA,EAAc;AAChB,YAAA,MAAM4D,WAAAA,GAAc;AAAIC,gBAAAA,GAAAA,4CAAAA;AAA6BJ,gBAAAA,GAAAA;AAAe,aAAA;AACpE,YAAA,OAAOK,QAAKF,WAAAA,EAAaV,cAAAA,CAAAA;AAC3B,QAAA;QAEA,OAAOA,cAAAA;AACT,IAAA,CAAA;IAEA,MAAMG,eAAAA,GAAgC,CAACP,OAAAA,EAAShD,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC1E,QAAA,IAAI,CAACD,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,mCAAA,CAAA;AAClB,QAAA;AACA,QAAA,IAAIC,WAAQ2C,OAAAA,CAAAA,EAAU;YACpB,OAAO1C,OAAAA,CAAQC,GAAG,CAACyC,OAAAA,CAAQxC,GAAG,CAAC,CAACyD,MAAAA,GAAWV,eAAAA,CAAgBU,MAAAA,EAAQjE,MAAAA,EAAQ;AAAEC,oBAAAA;AAAK,iBAAA,CAAA,CAAA,CAAA;AACpF,QAAA;AAEA,QAAA,MAAMa,UAAAA,GAAa;AAACQ,YAAAA,iCAAiC,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE5E,QAAA,IAAII,IAAAA,EAAM;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACb6C,YAAAA,CAAqB9C,yBAAkC,CAACnB,IAAAA,CAAAA,EAAO;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEtF,QAAA;AAEA,QAAA,OAAO2C,cAAa1B,UAAAA,CAAAA,CAAYkC,OAAAA,CAAAA;AAClC,IAAA,CAAA;IAEA,MAAMQ,YAAAA,GAA6B,CAACP,IAAAA,EAAMjD,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AACpE,QAAA,IAAI,CAACD,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,gCAAA,CAAA;AAClB,QAAA;AACA,QAAA,MAAMU,UAAAA,GAAa;AAACQ,YAAAA,8BAA8B,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAEzE,QAAA,IAAII,IAAAA,EAAM;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACb8C,SAAAA,CAAkB/C,yBAAkC,CAACnB,IAAAA,CAAAA,EAAO;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEnF,QAAA;AAEA,QAAA,OAAO2C,cAAa1B,UAAAA,CAAAA,CAAYmC,IAAAA,CAAAA;AAClC,IAAA,CAAA;IAEA,MAAMQ,cAAAA,GAA+B,CAACP,MAAAA,EAAQlD,MAAAA,GAAAA;AAC5C,QAAA,IAAI,CAACA,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,kCAAA,CAAA;AAClB,QAAA;AACA,QAAA,MAAMU,UAAAA,GAAa;AAACQ,YAAAA,gCAAgC,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE3E,QAAA,OAAO2C,cAAa1B,UAAAA,CAAAA,CAAYoC,MAAAA,CAAAA;AAClC,IAAA,CAAA;IAEA,MAAMQ,gBAAAA,GAAiC,CAACP,QAAAA,EAAUnD,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC5E,QAAA,IAAI,CAACD,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,oCAAA,CAAA;AAClB,QAAA;AACA,QAAA,MAAMU,UAAAA,GAAa;AAACQ,YAAAA,kCAAkC,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE7E,QAAA,IAAII,IAAAA,EAAM;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACb+C,aAAAA,CAAsBhD,yBAAkC,CAACnB,IAAAA,CAAAA,EAAO;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEvF,QAAA;AAEA,QAAA,OAAO2C,cAAa1B,UAAAA,CAAAA,CAAYqC,QAAAA,CAAAA;AAClC,IAAA,CAAA;IAEA,OAAO;QACL5B,KAAAA,EAAOzB,aAAAA;QACP+C,MAAAA,EAAQJ,cAAAA;QACRM,KAAAA,EAAOD,aAAAA;QACPE,OAAAA,EAASO,eAAAA;QACTN,IAAAA,EAAMO,YAAAA;QACNN,MAAAA,EAAQO,cAAAA;QACRN,QAAAA,EAAUO;AACZ,KAAA;AACF;;;;;;"}
package/dist/sanitize/index.mjs CHANGED
@@ -1,11 +1,11 @@
1
- import { isArray, omit, cloneDeep, pick } from 'lodash/fp';
1
+ import { isArray, cloneDeep, pick, omit } from 'lodash/fp';
2
2
  import { getNonWritableAttributes, constants } from '../content-types.mjs';
3
3
  import { ALLOWED_QUERY_PARAM_KEYS } from '../content-api-constants.mjs';
4
- import { getExtraRootKeysFromRouteBody, getExtraQueryKeysFromRoute } from '../content-api-route-params.mjs';
4
+ import { getExtraQueryKeysFromRoute, getExtraRootKeysFromRouteBody } from '../content-api-route-params.mjs';
5
5
  import { pipe } from '../async.mjs';
6
6
  import * as index from './visitors/index.mjs';
7
7
  export { index as visitors };
8
- import { defaultSanitizeFilters, defaultSanitizeSort, defaultSanitizeFields, defaultSanitizePopulate, defaultSanitizeOutput } from './sanitizers.mjs';
8
+ import { defaultSanitizePopulate, defaultSanitizeFields, defaultSanitizeSort, defaultSanitizeFilters, defaultSanitizeOutput } from './sanitizers.mjs';
9
9
  import * as sanitizers from './sanitizers.mjs';
10
10
  export { sanitizers };
11
11
  import traverseEntity from '../traverse-entity.mjs';
@@ -14,8 +14,8 @@ import traverseQuerySort from '../traverse/query-sort.mjs';
14
14
  import traverseQueryPopulate from '../traverse/query-populate.mjs';
15
15
  import '../traverse/query-fields.mjs';
16
16
  import removeUnrecognizedFields from './visitors/remove-unrecognized-fields.mjs';
17
- import removeRestrictedFields from './visitors/remove-restricted-fields.mjs';
18
17
  import removeRestrictedRelations from './visitors/remove-restricted-relations.mjs';
18
+ import removeRestrictedFields from './visitors/remove-restricted-fields.mjs';
19
19
 
20
20
  const createAPISanitizers = (opts)=>{
21
21
  const { getModel } = opts;
package/dist/sanitize/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.mjs","sources":["../../src/sanitize/index.ts"],"sourcesContent":["import { CurriedFunction1 } from 'lodash';\nimport { isArray, cloneDeep, omit, pick } from 'lodash/fp';\nimport type { z } from 'zod/v4';\n\nimport { constants, getNonWritableAttributes } from '../content-types';\nimport { ALLOWED_QUERY_PARAM_KEYS } from '../content-api-constants';\nimport {\n type RouteLike,\n getExtraQueryKeysFromRoute,\n getExtraRootKeysFromRouteBody,\n} from '../content-api-route-params';\nimport { pipe as pipeAsync } from '../async';\n\nimport * as visitors from './visitors';\nimport * as sanitizers from './sanitizers';\nimport traverseEntity from '../traverse-entity';\n\nimport { traverseQueryFilters, traverseQuerySort, traverseQueryPopulate } from '../traverse';\nimport type { Model, Data } from '../types';\n\nexport interface Options {\n auth?: unknown;\n /**\n * If true, removes fields that are not declared in the schema (input) or keeps only allowed query param keys (query).\n * Defaults to false for backward compatibility.\n * TODO: In Strapi 6, strictParams will default to true (and may be removed as an option)\n */\n strictParams?: boolean;\n /**\n * When set, extra query/input params are derived from the route's request schema (and validated/sanitized with Zod).\n * When absent, no extra params are allowed in strict mode.\n */\n route?: RouteLike;\n}\n\nexport interface Sanitizer {\n (schema: Model): CurriedFunction1<Data, Promise<Data>>;\n}\nexport interface SanitizeFunc {\n (data: unknown, schema: Model, options?: Options): Promise<unknown>;\n}\n\nexport type SanitizeQueryParamHandler = (\n value: unknown,\n schema: Model,\n options?: Options\n) => Promise<unknown>;\n\nexport type SanitizeBodyParamHandler = (\n value: unknown,\n schema: Model,\n options?: Options\n) => Promise<unknown>;\n\nexport interface APIOptions {\n sanitizers?: Sanitizers;\n getModel: (model: string) => Model;\n}\n\nexport interface Sanitizers {\n input?: Sanitizer[];\n output?: Sanitizer[];\n}\n\nconst createAPISanitizers = (opts: APIOptions) => {\n const { getModel } = opts;\n\n const sanitizeInput: SanitizeFunc = (\n data: unknown,\n schema: Model,\n { auth, strictParams = false, route } = {}\n ) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeInput');\n }\n if (isArray(data)) {\n return Promise.all(\n data.map((entry) => sanitizeInput(entry, schema, { auth, strictParams, route }))\n );\n }\n\n const allowedExtraRootKeys = getExtraRootKeysFromRouteBody(route);\n\n const nonWritableAttributes = getNonWritableAttributes(schema);\n\n const transforms = [\n // Remove first level ID in inputs\n omit(constants.ID_ATTRIBUTE),\n omit(constants.DOC_ID_ATTRIBUTE),\n // Remove non-writable attributes\n traverseEntity(visitors.removeRestrictedFields(nonWritableAttributes), { schema, getModel }),\n ];\n\n if (strictParams) {\n // Remove unrecognized fields (allowedExtraRootKeys = registered input param keys)\n transforms.push(\n traverseEntity(visitors.removeUnrecognizedFields, {\n schema,\n getModel,\n allowedExtraRootKeys,\n })\n );\n }\n\n if (auth) {\n // Remove restricted relations\n transforms.push(\n traverseEntity(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n // Apply sanitizers from registry if exists\n opts?.sanitizers?.input?.forEach((sanitizer: Sanitizer) => transforms.push(sanitizer(schema)));\n\n /**\n * For each extra root key from the route's body schema present in data, run Zod safeParse.\n * If parsing fails, the key is removed from the output.\n *\n * Content-api sends the document payload as body.data; the controller calls sanitizeInput(body.data, ctx),\n * so the input we receive here is the inner payload (keys like \"relatedMedia\", \"name\"), not the full body.\n * The route's body schema is z.object({ data: ... }), so its shape includes \"data\". We skip \"data\" because\n * the main document payload is already sanitized above by traverseEntity (removeUnrecognizedFields, etc.);\n * relation ops (connect/disconnect/set) are handled there, not by the route's Zod schema. We only run\n * Zod here for truly extra root keys added via addInputParams (e.g. clientMutationId).\n */\n const routeBodySanitizeTransform = async (data: Data): Promise<Data> => {\n if (!data || typeof data !== 'object' || Array.isArray(data)) return data;\n const obj = data as Record<string, unknown>;\n const bodySchema = route?.request?.body?.['application/json'];\n if (bodySchema && typeof bodySchema === 'object' && 'shape' in bodySchema) {\n const shape = (bodySchema as { shape: Record<string, z.ZodTypeAny> }).shape;\n for (const key of Object.keys(shape)) {\n if (key === 'data' || !(key in obj)) continue;\n const zodSchema = shape[key];\n if (zodSchema && typeof (zodSchema as z.ZodTypeAny).safeParse === 'function') {\n const result = (zodSchema as z.ZodTypeAny).safeParse(obj[key]);\n if (result.success) {\n obj[key] = result.data;\n } else {\n delete obj[key];\n }\n }\n }\n }\n return data;\n };\n (transforms as Array<(data: Data) => Data | Promise<Data>>).push(routeBodySanitizeTransform);\n\n return pipeAsync(...transforms)(data as Data);\n };\n\n const sanitizeOutput: SanitizeFunc = async (data, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeOutput');\n }\n if (isArray(data)) {\n const res = new Array(data.length);\n for (let i = 0; i < data.length; i += 1) {\n res[i] = await sanitizeOutput(data[i], schema, { auth });\n }\n return res;\n }\n\n const transforms = [\n (data: Data) => sanitizers.defaultSanitizeOutput({ schema, getModel }, data),\n ];\n\n if (auth) {\n transforms.push(\n traverseEntity(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n // Apply sanitizers from registry if exists\n opts?.sanitizers?.output?.forEach((sanitizer: Sanitizer) => transforms.push(sanitizer(schema)));\n\n return pipeAsync(...transforms)(data as Data);\n };\n\n const sanitizeQuery = async (\n query: Record<string, unknown>,\n schema: Model,\n { auth, strictParams = false, route }: Options = {}\n ) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeQuery');\n }\n const { filters, sort, fields, populate } = query;\n\n const sanitizedQuery = cloneDeep(query);\n\n if (filters) {\n Object.assign(sanitizedQuery, { filters: await sanitizeFilters(filters, schema, { auth }) });\n }\n\n if (sort) {\n Object.assign(sanitizedQuery, { sort: await sanitizeSort(sort, schema, { auth }) });\n }\n\n if (fields) {\n Object.assign(sanitizedQuery, { fields: await sanitizeFields(fields, schema) });\n }\n\n if (populate) {\n Object.assign(sanitizedQuery, { populate: await sanitizePopulate(populate, schema) });\n }\n\n const extraQueryKeys = getExtraQueryKeysFromRoute(route);\n const routeQuerySchema = route?.request?.query;\n if (routeQuerySchema) {\n for (const key of extraQueryKeys) {\n if (key in query) {\n const zodSchema = routeQuerySchema[key];\n if (zodSchema && typeof (zodSchema as z.ZodTypeAny).safeParse === 'function') {\n const result = (zodSchema as z.ZodTypeAny).safeParse(query[key]);\n if (result.success) {\n sanitizedQuery[key] = result.data;\n } else {\n delete sanitizedQuery[key];\n }\n }\n }\n }\n }\n\n if (strictParams) {\n const allowedKeys = [...ALLOWED_QUERY_PARAM_KEYS, ...extraQueryKeys];\n return pick(allowedKeys, sanitizedQuery) as Record<string, unknown>;\n }\n\n return sanitizedQuery;\n };\n\n const sanitizeFilters: SanitizeFunc = (filters, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeFilters');\n }\n if (isArray(filters)) {\n return Promise.all(filters.map((filter) => sanitizeFilters(filter, schema, { auth })));\n }\n\n const transforms = [sanitizers.defaultSanitizeFilters({ schema, getModel })];\n\n if (auth) {\n transforms.push(\n traverseQueryFilters(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n return pipeAsync(...transforms)(filters);\n };\n\n const sanitizeSort: SanitizeFunc = (sort, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeSort');\n }\n const transforms = [sanitizers.defaultSanitizeSort({ schema, getModel })];\n\n if (auth) {\n transforms.push(\n traverseQuerySort(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n return pipeAsync(...transforms)(sort);\n };\n\n const sanitizeFields: SanitizeFunc = (fields, schema: Model) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeFields');\n }\n const transforms = [sanitizers.defaultSanitizeFields({ schema, getModel })];\n\n return pipeAsync(...transforms)(fields);\n };\n\n const sanitizePopulate: SanitizeFunc = (populate, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizePopulate');\n }\n const transforms = [sanitizers.defaultSanitizePopulate({ schema, getModel })];\n\n if (auth) {\n transforms.push(\n traverseQueryPopulate(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n return pipeAsync(...transforms)(populate);\n };\n\n return {\n input: sanitizeInput,\n output: sanitizeOutput,\n query: sanitizeQuery,\n filters: sanitizeFilters,\n sort: sanitizeSort,\n fields: sanitizeFields,\n populate: sanitizePopulate,\n };\n};\n\nexport { createAPISanitizers, sanitizers, visitors };\n\nexport type APISanitiers = ReturnType<typeof createAPISanitizers>;\n"],"names":["createAPISanitizers","opts","getModel","sanitizeInput","data","schema","auth","strictParams","route","Error","isArray","Promise","all","map","entry","allowedExtraRootKeys","getExtraRootKeysFromRouteBody","nonWritableAttributes","getNonWritableAttributes","transforms","omit","constants","ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","traverseEntity","visitors","push","sanitizers","input","forEach","sanitizer","routeBodySanitizeTransform","Array","obj","bodySchema","request","body","shape","key","Object","keys","zodSchema","safeParse","result","success","pipeAsync","sanitizeOutput","res","length","i","output","sanitizeQuery","query","filters","sort","fields","populate","sanitizedQuery","cloneDeep","assign","sanitizeFilters","sanitizeSort","sanitizeFields","sanitizePopulate","extraQueryKeys","getExtraQueryKeysFromRoute","routeQuerySchema","allowedKeys","ALLOWED_QUERY_PARAM_KEYS","pick","filter","traverseQueryFilters","traverseQuerySort","traverseQueryPopulate"],"mappings":";;;;;;;;;;;;;;;;;;;AAgEA,MAAMA,sBAAsB,CAACC,IAAAA,GAAAA;IAC3B,MAAM,EAAEC,QAAQ,EAAE,GAAGD,IAAAA;AAErB,IAAA,MAAME,aAA8B,GAAA,CAClCC,IACAC,EAAAA,MAAAA,EACA,EAAEC,IAAI,EAAEC,YAAe,GAAA,KAAK,EAAEC,KAAK,EAAE,GAAG,EAAE,GAAA;AAE1C,QAAA,IAAI,CAACH,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,iCAAA,CAAA;AAClB;AACA,QAAA,IAAIC,QAAQN,IAAO,CAAA,EAAA;YACjB,OAAOO,OAAAA,CAAQC,GAAG,CAChBR,IAAKS,CAAAA,GAAG,CAAC,CAACC,KAAAA,GAAUX,aAAcW,CAAAA,KAAAA,EAAOT,MAAQ,EAAA;AAAEC,oBAAAA,IAAAA;AAAMC,oBAAAA,YAAAA;AAAcC,oBAAAA;AAAM,iBAAA,CAAA,CAAA,CAAA;AAEjF;AAEA,QAAA,MAAMO,uBAAuBC,6BAA8BR,CAAAA,KAAAA,CAAAA;AAE3D,QAAA,MAAMS,wBAAwBC,wBAAyBb,CAAAA,MAAAA,CAAAA;AAEvD,QAAA,MAAMc,UAAa,GAAA;;AAEjBC,YAAAA,IAAAA,CAAKC,UAAUC,YAAY,CAAA;AAC3BF,YAAAA,IAAAA,CAAKC,UAAUE,gBAAgB,CAAA;;YAE/BC,cAAeC,CAAAA,sBAA+B,CAACR,qBAAwB,CAAA,EAAA;AAAEZ,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAC3F,SAAA;AAED,QAAA,IAAIK,YAAc,EAAA;;AAEhBY,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAeC,CAAAA,wBAAiC,EAAE;AAChDpB,gBAAAA,MAAAA;AACAH,gBAAAA,QAAAA;AACAa,gBAAAA;AACF,aAAA,CAAA,CAAA;AAEJ;AAEA,QAAA,IAAIT,IAAM,EAAA;;AAERa,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAAA,CAAeC,yBAAkC,CAACnB,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEhF;;QAGAD,IAAM0B,EAAAA,UAAAA,EAAYC,OAAOC,OAAQ,CAAA,CAACC,YAAyBX,UAAWO,CAAAA,IAAI,CAACI,SAAUzB,CAAAA,MAAAA,CAAAA,CAAAA,CAAAA;AAErF;;;;;;;;;;QAWA,MAAM0B,6BAA6B,OAAO3B,IAAAA,GAAAA;YACxC,IAAI,CAACA,QAAQ,OAAOA,IAAAA,KAAS,YAAY4B,KAAMtB,CAAAA,OAAO,CAACN,IAAAA,CAAAA,EAAO,OAAOA,IAAAA;AACrE,YAAA,MAAM6B,GAAM7B,GAAAA,IAAAA;AACZ,YAAA,MAAM8B,UAAa1B,GAAAA,KAAAA,EAAO2B,OAASC,EAAAA,IAAAA,GAAO,kBAAmB,CAAA;AAC7D,YAAA,IAAIF,UAAc,IAAA,OAAOA,UAAe,KAAA,QAAA,IAAY,WAAWA,UAAY,EAAA;gBACzE,MAAMG,KAAAA,GAAQ,UAACH,CAAuDG,KAAK;AAC3E,gBAAA,KAAK,MAAMC,GAAAA,IAAOC,MAAOC,CAAAA,IAAI,CAACH,KAAQ,CAAA,CAAA;AACpC,oBAAA,IAAIC,QAAQ,MAAU,IAAA,EAAEA,GAAAA,IAAOL,GAAE,CAAI,EAAA;oBACrC,MAAMQ,SAAAA,GAAYJ,KAAK,CAACC,GAAI,CAAA;AAC5B,oBAAA,IAAIG,aAAa,OAAQA,SAA2BC,CAAAA,SAAS,KAAK,UAAY,EAAA;AAC5E,wBAAA,MAAMC,SAAS,SAACF,CAA2BC,SAAS,CAACT,GAAG,CAACK,GAAI,CAAA,CAAA;wBAC7D,IAAIK,MAAAA,CAAOC,OAAO,EAAE;AAClBX,4BAAAA,GAAG,CAACK,GAAAA,CAAI,GAAGK,MAAAA,CAAOvC,IAAI;yBACjB,MAAA;4BACL,OAAO6B,GAAG,CAACK,GAAI,CAAA;AACjB;AACF;AACF;AACF;YACA,OAAOlC,IAAAA;AACT,SAAA;AACCe,QAAAA,UAAAA,CAA2DO,IAAI,CAACK,0BAAAA,CAAAA;AAEjE,QAAA,OAAOc,QAAa1B,UAAYf,CAAAA,CAAAA,IAAAA,CAAAA;AAClC,KAAA;IAEA,MAAM0C,cAAAA,GAA+B,OAAO1C,IAAMC,EAAAA,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC5E,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,kCAAA,CAAA;AAClB;AACA,QAAA,IAAIC,QAAQN,IAAO,CAAA,EAAA;AACjB,YAAA,MAAM2C,GAAM,GAAA,IAAIf,KAAM5B,CAAAA,IAAAA,CAAK4C,MAAM,CAAA;YACjC,IAAK,IAAIC,IAAI,CAAGA,EAAAA,CAAAA,GAAI7C,KAAK4C,MAAM,EAAEC,KAAK,CAAG,CAAA;gBACvCF,GAAG,CAACE,EAAE,GAAG,MAAMH,eAAe1C,IAAI,CAAC6C,CAAE,CAAA,EAAE5C,MAAQ,EAAA;AAAEC,oBAAAA;AAAK,iBAAA,CAAA;AACxD;YACA,OAAOyC,GAAAA;AACT;AAEA,QAAA,MAAM5B,UAAa,GAAA;YACjB,CAACf,IAAAA,GAAeuB,qBAAgC,CAAC;AAAEtB,oBAAAA,MAAAA;AAAQH,oBAAAA;iBAAYE,EAAAA,IAAAA;AACxE,SAAA;AAED,QAAA,IAAIE,IAAM,EAAA;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAAA,CAAeC,yBAAkC,CAACnB,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEhF;;QAGAD,IAAM0B,EAAAA,UAAAA,EAAYuB,QAAQrB,OAAQ,CAAA,CAACC,YAAyBX,UAAWO,CAAAA,IAAI,CAACI,SAAUzB,CAAAA,MAAAA,CAAAA,CAAAA,CAAAA;AAEtF,QAAA,OAAOwC,QAAa1B,UAAYf,CAAAA,CAAAA,IAAAA,CAAAA;AAClC,KAAA;AAEA,IAAA,MAAM+C,aAAgB,GAAA,OACpBC,KACA/C,EAAAA,MAAAA,EACA,EAAEC,IAAI,EAAEC,YAAe,GAAA,KAAK,EAAEC,KAAK,EAAW,GAAG,EAAE,GAAA;AAEnD,QAAA,IAAI,CAACH,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,iCAAA,CAAA;AAClB;QACA,MAAM,EAAE4C,OAAO,EAAEC,IAAI,EAAEC,MAAM,EAAEC,QAAQ,EAAE,GAAGJ,KAAAA;AAE5C,QAAA,MAAMK,iBAAiBC,SAAUN,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,IAAIC,OAAS,EAAA;YACXd,MAAOoB,CAAAA,MAAM,CAACF,cAAgB,EAAA;gBAAEJ,OAAS,EAAA,MAAMO,eAAgBP,CAAAA,OAAAA,EAAShD,MAAQ,EAAA;AAAEC,oBAAAA;AAAK,iBAAA;AAAG,aAAA,CAAA;AAC5F;AAEA,QAAA,IAAIgD,IAAM,EAAA;YACRf,MAAOoB,CAAAA,MAAM,CAACF,cAAgB,EAAA;gBAAEH,IAAM,EAAA,MAAMO,YAAaP,CAAAA,IAAAA,EAAMjD,MAAQ,EAAA;AAAEC,oBAAAA;AAAK,iBAAA;AAAG,aAAA,CAAA;AACnF;AAEA,QAAA,IAAIiD,MAAQ,EAAA;YACVhB,MAAOoB,CAAAA,MAAM,CAACF,cAAgB,EAAA;gBAAEF,MAAQ,EAAA,MAAMO,eAAeP,MAAQlD,EAAAA,MAAAA;AAAQ,aAAA,CAAA;AAC/E;AAEA,QAAA,IAAImD,QAAU,EAAA;YACZjB,MAAOoB,CAAAA,MAAM,CAACF,cAAgB,EAAA;gBAAED,QAAU,EAAA,MAAMO,iBAAiBP,QAAUnD,EAAAA,MAAAA;AAAQ,aAAA,CAAA;AACrF;AAEA,QAAA,MAAM2D,iBAAiBC,0BAA2BzD,CAAAA,KAAAA,CAAAA;QAClD,MAAM0D,gBAAAA,GAAmB1D,OAAO2B,OAASiB,EAAAA,KAAAA;AACzC,QAAA,IAAIc,gBAAkB,EAAA;YACpB,KAAK,MAAM5B,OAAO0B,cAAgB,CAAA;AAChC,gBAAA,IAAI1B,OAAOc,KAAO,EAAA;oBAChB,MAAMX,SAAAA,GAAYyB,gBAAgB,CAAC5B,GAAI,CAAA;AACvC,oBAAA,IAAIG,aAAa,OAAQA,SAA2BC,CAAAA,SAAS,KAAK,UAAY,EAAA;AAC5E,wBAAA,MAAMC,SAAS,SAACF,CAA2BC,SAAS,CAACU,KAAK,CAACd,GAAI,CAAA,CAAA;wBAC/D,IAAIK,MAAAA,CAAOC,OAAO,EAAE;AAClBa,4BAAAA,cAAc,CAACnB,GAAAA,CAAI,GAAGK,MAAAA,CAAOvC,IAAI;yBAC5B,MAAA;4BACL,OAAOqD,cAAc,CAACnB,GAAI,CAAA;AAC5B;AACF;AACF;AACF;AACF;AAEA,QAAA,IAAI/B,YAAc,EAAA;AAChB,YAAA,MAAM4D,WAAc,GAAA;AAAIC,gBAAAA,GAAAA,wBAAAA;AAA6BJ,gBAAAA,GAAAA;AAAe,aAAA;AACpE,YAAA,OAAOK,KAAKF,WAAaV,EAAAA,cAAAA,CAAAA;AAC3B;QAEA,OAAOA,cAAAA;AACT,KAAA;IAEA,MAAMG,eAAAA,GAAgC,CAACP,OAAShD,EAAAA,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC1E,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,mCAAA,CAAA;AAClB;AACA,QAAA,IAAIC,QAAQ2C,OAAU,CAAA,EAAA;YACpB,OAAO1C,OAAAA,CAAQC,GAAG,CAACyC,OAAQxC,CAAAA,GAAG,CAAC,CAACyD,MAAAA,GAAWV,eAAgBU,CAAAA,MAAAA,EAAQjE,MAAQ,EAAA;AAAEC,oBAAAA;AAAK,iBAAA,CAAA,CAAA,CAAA;AACpF;AAEA,QAAA,MAAMa,UAAa,GAAA;AAACQ,YAAAA,sBAAiC,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE5E,QAAA,IAAII,IAAM,EAAA;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACb6C,oBAAAA,CAAqB9C,yBAAkC,CAACnB,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEtF;AAEA,QAAA,OAAO2C,QAAa1B,UAAYkC,CAAAA,CAAAA,OAAAA,CAAAA;AAClC,KAAA;IAEA,MAAMQ,YAAAA,GAA6B,CAACP,IAAMjD,EAAAA,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AACpE,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,gCAAA,CAAA;AAClB;AACA,QAAA,MAAMU,UAAa,GAAA;AAACQ,YAAAA,mBAA8B,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAEzE,QAAA,IAAII,IAAM,EAAA;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACb8C,iBAAAA,CAAkB/C,yBAAkC,CAACnB,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEnF;AAEA,QAAA,OAAO2C,QAAa1B,UAAYmC,CAAAA,CAAAA,IAAAA,CAAAA;AAClC,KAAA;IAEA,MAAMQ,cAAAA,GAA+B,CAACP,MAAQlD,EAAAA,MAAAA,GAAAA;AAC5C,QAAA,IAAI,CAACA,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,kCAAA,CAAA;AAClB;AACA,QAAA,MAAMU,UAAa,GAAA;AAACQ,YAAAA,qBAAgC,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE3E,QAAA,OAAO2C,QAAa1B,UAAYoC,CAAAA,CAAAA,MAAAA,CAAAA;AAClC,KAAA;IAEA,MAAMQ,gBAAAA,GAAiC,CAACP,QAAUnD,EAAAA,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC5E,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAII,KAAM,CAAA,oCAAA,CAAA;AAClB;AACA,QAAA,MAAMU,UAAa,GAAA;AAACQ,YAAAA,uBAAkC,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE7E,QAAA,IAAII,IAAM,EAAA;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACb+C,qBAAAA,CAAsBhD,yBAAkC,CAACnB,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEvF;AAEA,QAAA,OAAO2C,QAAa1B,UAAYqC,CAAAA,CAAAA,QAAAA,CAAAA;AAClC,KAAA;IAEA,OAAO;QACL5B,KAAOzB,EAAAA,aAAAA;QACP+C,MAAQJ,EAAAA,cAAAA;QACRM,KAAOD,EAAAA,aAAAA;QACPE,OAASO,EAAAA,eAAAA;QACTN,IAAMO,EAAAA,YAAAA;QACNN,MAAQO,EAAAA,cAAAA;QACRN,QAAUO,EAAAA;AACZ,KAAA;AACF;;;;"}
1
+ {"version":3,"file":"index.mjs","sources":["../../src/sanitize/index.ts"],"sourcesContent":["import { CurriedFunction1 } from 'lodash';\nimport { isArray, cloneDeep, omit, pick } from 'lodash/fp';\nimport type { z } from 'zod/v4';\n\nimport { constants, getNonWritableAttributes } from '../content-types';\nimport { ALLOWED_QUERY_PARAM_KEYS } from '../content-api-constants';\nimport {\n type RouteLike,\n getExtraQueryKeysFromRoute,\n getExtraRootKeysFromRouteBody,\n} from '../content-api-route-params';\nimport { pipe as pipeAsync } from '../async';\n\nimport * as visitors from './visitors';\nimport * as sanitizers from './sanitizers';\nimport traverseEntity from '../traverse-entity';\n\nimport { traverseQueryFilters, traverseQuerySort, traverseQueryPopulate } from '../traverse';\nimport type { Model, Data } from '../types';\n\nexport interface Options {\n auth?: unknown;\n /**\n * If true, removes fields that are not declared in the schema (input) or keeps only allowed query param keys (query).\n * Defaults to false for backward compatibility.\n * TODO: In Strapi 6, strictParams will default to true (and may be removed as an option)\n */\n strictParams?: boolean;\n /**\n * When set, extra query/input params are derived from the route's request schema (and validated/sanitized with Zod).\n * When absent, no extra params are allowed in strict mode.\n */\n route?: RouteLike;\n}\n\nexport interface Sanitizer {\n (schema: Model): CurriedFunction1<Data, Promise<Data>>;\n}\nexport interface SanitizeFunc {\n (data: unknown, schema: Model, options?: Options): Promise<unknown>;\n}\n\nexport type SanitizeQueryParamHandler = (\n value: unknown,\n schema: Model,\n options?: Options\n) => Promise<unknown>;\n\nexport type SanitizeBodyParamHandler = (\n value: unknown,\n schema: Model,\n options?: Options\n) => Promise<unknown>;\n\nexport interface APIOptions {\n sanitizers?: Sanitizers;\n getModel: (model: string) => Model;\n}\n\nexport interface Sanitizers {\n input?: Sanitizer[];\n output?: Sanitizer[];\n}\n\nconst createAPISanitizers = (opts: APIOptions) => {\n const { getModel } = opts;\n\n const sanitizeInput: SanitizeFunc = (\n data: unknown,\n schema: Model,\n { auth, strictParams = false, route } = {}\n ) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeInput');\n }\n if (isArray(data)) {\n return Promise.all(\n data.map((entry) => sanitizeInput(entry, schema, { auth, strictParams, route }))\n );\n }\n\n const allowedExtraRootKeys = getExtraRootKeysFromRouteBody(route);\n\n const nonWritableAttributes = getNonWritableAttributes(schema);\n\n const transforms = [\n // Remove first level ID in inputs\n omit(constants.ID_ATTRIBUTE),\n omit(constants.DOC_ID_ATTRIBUTE),\n // Remove non-writable attributes\n traverseEntity(visitors.removeRestrictedFields(nonWritableAttributes), { schema, getModel }),\n ];\n\n if (strictParams) {\n // Remove unrecognized fields (allowedExtraRootKeys = registered input param keys)\n transforms.push(\n traverseEntity(visitors.removeUnrecognizedFields, {\n schema,\n getModel,\n allowedExtraRootKeys,\n })\n );\n }\n\n if (auth) {\n // Remove restricted relations\n transforms.push(\n traverseEntity(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n // Apply sanitizers from registry if exists\n opts?.sanitizers?.input?.forEach((sanitizer: Sanitizer) => transforms.push(sanitizer(schema)));\n\n /**\n * For each extra root key from the route's body schema present in data, run Zod safeParse.\n * If parsing fails, the key is removed from the output.\n *\n * Content-api sends the document payload as body.data; the controller calls sanitizeInput(body.data, ctx),\n * so the input we receive here is the inner payload (keys like \"relatedMedia\", \"name\"), not the full body.\n * The route's body schema is z.object({ data: ... }), so its shape includes \"data\". We skip \"data\" because\n * the main document payload is already sanitized above by traverseEntity (removeUnrecognizedFields, etc.);\n * relation ops (connect/disconnect/set) are handled there, not by the route's Zod schema. We only run\n * Zod here for truly extra root keys added via addInputParams (e.g. clientMutationId).\n */\n const routeBodySanitizeTransform = async (data: Data): Promise<Data> => {\n if (!data || typeof data !== 'object' || Array.isArray(data)) return data;\n const obj = data as Record<string, unknown>;\n const bodySchema = route?.request?.body?.['application/json'];\n if (bodySchema && typeof bodySchema === 'object' && 'shape' in bodySchema) {\n const shape = (bodySchema as { shape: Record<string, z.ZodTypeAny> }).shape;\n for (const key of Object.keys(shape)) {\n if (key === 'data' || !(key in obj)) continue;\n const zodSchema = shape[key];\n if (zodSchema && typeof (zodSchema as z.ZodTypeAny).safeParse === 'function') {\n const result = (zodSchema as z.ZodTypeAny).safeParse(obj[key]);\n if (result.success) {\n obj[key] = result.data;\n } else {\n delete obj[key];\n }\n }\n }\n }\n return data;\n };\n (transforms as Array<(data: Data) => Data | Promise<Data>>).push(routeBodySanitizeTransform);\n\n return pipeAsync(...transforms)(data as Data);\n };\n\n const sanitizeOutput: SanitizeFunc = async (data, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeOutput');\n }\n if (isArray(data)) {\n const res = new Array(data.length);\n for (let i = 0; i < data.length; i += 1) {\n res[i] = await sanitizeOutput(data[i], schema, { auth });\n }\n return res;\n }\n\n const transforms = [\n (data: Data) => sanitizers.defaultSanitizeOutput({ schema, getModel }, data),\n ];\n\n if (auth) {\n transforms.push(\n traverseEntity(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n // Apply sanitizers from registry if exists\n opts?.sanitizers?.output?.forEach((sanitizer: Sanitizer) => transforms.push(sanitizer(schema)));\n\n return pipeAsync(...transforms)(data as Data);\n };\n\n const sanitizeQuery = async (\n query: Record<string, unknown>,\n schema: Model,\n { auth, strictParams = false, route }: Options = {}\n ) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeQuery');\n }\n const { filters, sort, fields, populate } = query;\n\n const sanitizedQuery = cloneDeep(query);\n\n if (filters) {\n Object.assign(sanitizedQuery, { filters: await sanitizeFilters(filters, schema, { auth }) });\n }\n\n if (sort) {\n Object.assign(sanitizedQuery, { sort: await sanitizeSort(sort, schema, { auth }) });\n }\n\n if (fields) {\n Object.assign(sanitizedQuery, { fields: await sanitizeFields(fields, schema) });\n }\n\n if (populate) {\n Object.assign(sanitizedQuery, { populate: await sanitizePopulate(populate, schema) });\n }\n\n const extraQueryKeys = getExtraQueryKeysFromRoute(route);\n const routeQuerySchema = route?.request?.query;\n if (routeQuerySchema) {\n for (const key of extraQueryKeys) {\n if (key in query) {\n const zodSchema = routeQuerySchema[key];\n if (zodSchema && typeof (zodSchema as z.ZodTypeAny).safeParse === 'function') {\n const result = (zodSchema as z.ZodTypeAny).safeParse(query[key]);\n if (result.success) {\n sanitizedQuery[key] = result.data;\n } else {\n delete sanitizedQuery[key];\n }\n }\n }\n }\n }\n\n if (strictParams) {\n const allowedKeys = [...ALLOWED_QUERY_PARAM_KEYS, ...extraQueryKeys];\n return pick(allowedKeys, sanitizedQuery) as Record<string, unknown>;\n }\n\n return sanitizedQuery;\n };\n\n const sanitizeFilters: SanitizeFunc = (filters, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeFilters');\n }\n if (isArray(filters)) {\n return Promise.all(filters.map((filter) => sanitizeFilters(filter, schema, { auth })));\n }\n\n const transforms = [sanitizers.defaultSanitizeFilters({ schema, getModel })];\n\n if (auth) {\n transforms.push(\n traverseQueryFilters(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n return pipeAsync(...transforms)(filters);\n };\n\n const sanitizeSort: SanitizeFunc = (sort, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeSort');\n }\n const transforms = [sanitizers.defaultSanitizeSort({ schema, getModel })];\n\n if (auth) {\n transforms.push(\n traverseQuerySort(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n return pipeAsync(...transforms)(sort);\n };\n\n const sanitizeFields: SanitizeFunc = (fields, schema: Model) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizeFields');\n }\n const transforms = [sanitizers.defaultSanitizeFields({ schema, getModel })];\n\n return pipeAsync(...transforms)(fields);\n };\n\n const sanitizePopulate: SanitizeFunc = (populate, schema: Model, { auth } = {}) => {\n if (!schema) {\n throw new Error('Missing schema in sanitizePopulate');\n }\n const transforms = [sanitizers.defaultSanitizePopulate({ schema, getModel })];\n\n if (auth) {\n transforms.push(\n traverseQueryPopulate(visitors.removeRestrictedRelations(auth), { schema, getModel })\n );\n }\n\n return pipeAsync(...transforms)(populate);\n };\n\n return {\n input: sanitizeInput,\n output: sanitizeOutput,\n query: sanitizeQuery,\n filters: sanitizeFilters,\n sort: sanitizeSort,\n fields: sanitizeFields,\n populate: sanitizePopulate,\n };\n};\n\nexport { createAPISanitizers, sanitizers, visitors };\n\nexport type APISanitiers = ReturnType<typeof createAPISanitizers>;\n"],"names":["createAPISanitizers","opts","getModel","sanitizeInput","data","schema","auth","strictParams","route","Error","isArray","Promise","all","map","entry","allowedExtraRootKeys","getExtraRootKeysFromRouteBody","nonWritableAttributes","getNonWritableAttributes","transforms","omit","constants","ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","traverseEntity","visitors","push","sanitizers","input","forEach","sanitizer","routeBodySanitizeTransform","Array","obj","bodySchema","request","body","shape","key","Object","keys","zodSchema","safeParse","result","success","pipeAsync","sanitizeOutput","res","length","i","output","sanitizeQuery","query","filters","sort","fields","populate","sanitizedQuery","cloneDeep","assign","sanitizeFilters","sanitizeSort","sanitizeFields","sanitizePopulate","extraQueryKeys","getExtraQueryKeysFromRoute","routeQuerySchema","allowedKeys","ALLOWED_QUERY_PARAM_KEYS","pick","filter","traverseQueryFilters","traverseQuerySort","traverseQueryPopulate"],"mappings":";;;;;;;;;;;;;;;;;;;AAgEA,MAAMA,sBAAsB,CAACC,IAAAA,GAAAA;IAC3B,MAAM,EAAEC,QAAQ,EAAE,GAAGD,IAAAA;AAErB,IAAA,MAAME,aAAAA,GAA8B,CAClCC,IAAAA,EACAC,MAAAA,EACA,EAAEC,IAAI,EAAEC,YAAAA,GAAe,KAAK,EAAEC,KAAK,EAAE,GAAG,EAAE,GAAA;AAE1C,QAAA,IAAI,CAACH,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,iCAAA,CAAA;AAClB,QAAA;AACA,QAAA,IAAIC,QAAQN,IAAAA,CAAAA,EAAO;YACjB,OAAOO,OAAAA,CAAQC,GAAG,CAChBR,IAAAA,CAAKS,GAAG,CAAC,CAACC,KAAAA,GAAUX,aAAAA,CAAcW,KAAAA,EAAOT,MAAAA,EAAQ;AAAEC,oBAAAA,IAAAA;AAAMC,oBAAAA,YAAAA;AAAcC,oBAAAA;AAAM,iBAAA,CAAA,CAAA,CAAA;AAEjF,QAAA;AAEA,QAAA,MAAMO,uBAAuBC,6BAAAA,CAA8BR,KAAAA,CAAAA;AAE3D,QAAA,MAAMS,wBAAwBC,wBAAAA,CAAyBb,MAAAA,CAAAA;AAEvD,QAAA,MAAMc,UAAAA,GAAa;;AAEjBC,YAAAA,IAAAA,CAAKC,UAAUC,YAAY,CAAA;AAC3BF,YAAAA,IAAAA,CAAKC,UAAUE,gBAAgB,CAAA;;YAE/BC,cAAAA,CAAeC,sBAA+B,CAACR,qBAAAA,CAAAA,EAAwB;AAAEZ,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAC3F,SAAA;AAED,QAAA,IAAIK,YAAAA,EAAc;;AAEhBY,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAAA,CAAeC,wBAAiC,EAAE;AAChDpB,gBAAAA,MAAAA;AACAH,gBAAAA,QAAAA;AACAa,gBAAAA;AACF,aAAA,CAAA,CAAA;AAEJ,QAAA;AAEA,QAAA,IAAIT,IAAAA,EAAM;;AAERa,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAAA,CAAeC,yBAAkC,CAACnB,IAAAA,CAAAA,EAAO;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEhF,QAAA;;QAGAD,IAAAA,EAAM0B,UAAAA,EAAYC,OAAOC,OAAAA,CAAQ,CAACC,YAAyBX,UAAAA,CAAWO,IAAI,CAACI,SAAAA,CAAUzB,MAAAA,CAAAA,CAAAA,CAAAA;AAErF;;;;;;;;;;QAWA,MAAM0B,6BAA6B,OAAO3B,IAAAA,GAAAA;YACxC,IAAI,CAACA,QAAQ,OAAOA,IAAAA,KAAS,YAAY4B,KAAAA,CAAMtB,OAAO,CAACN,IAAAA,CAAAA,EAAO,OAAOA,IAAAA;AACrE,YAAA,MAAM6B,GAAAA,GAAM7B,IAAAA;AACZ,YAAA,MAAM8B,UAAAA,GAAa1B,KAAAA,EAAO2B,OAAAA,EAASC,IAAAA,GAAO,kBAAA,CAAmB;AAC7D,YAAA,IAAIF,UAAAA,IAAc,OAAOA,UAAAA,KAAe,QAAA,IAAY,WAAWA,UAAAA,EAAY;gBACzE,MAAMG,KAAAA,GAAQ,UAACH,CAAuDG,KAAK;AAC3E,gBAAA,KAAK,MAAMC,GAAAA,IAAOC,MAAAA,CAAOC,IAAI,CAACH,KAAAA,CAAAA,CAAQ;AACpC,oBAAA,IAAIC,QAAQ,MAAA,IAAU,EAAEA,GAAAA,IAAOL,GAAE,CAAA,EAAI;oBACrC,MAAMQ,SAAAA,GAAYJ,KAAK,CAACC,GAAAA,CAAI;AAC5B,oBAAA,IAAIG,aAAa,OAAQA,SAAAA,CAA2BC,SAAS,KAAK,UAAA,EAAY;AAC5E,wBAAA,MAAMC,SAAS,SAACF,CAA2BC,SAAS,CAACT,GAAG,CAACK,GAAAA,CAAI,CAAA;wBAC7D,IAAIK,MAAAA,CAAOC,OAAO,EAAE;AAClBX,4BAAAA,GAAG,CAACK,GAAAA,CAAI,GAAGK,MAAAA,CAAOvC,IAAI;wBACxB,CAAA,MAAO;4BACL,OAAO6B,GAAG,CAACK,GAAAA,CAAI;AACjB,wBAAA;AACF,oBAAA;AACF,gBAAA;AACF,YAAA;YACA,OAAOlC,IAAAA;AACT,QAAA,CAAA;AACCe,QAAAA,UAAAA,CAA2DO,IAAI,CAACK,0BAAAA,CAAAA;AAEjE,QAAA,OAAOc,QAAa1B,UAAAA,CAAAA,CAAYf,IAAAA,CAAAA;AAClC,IAAA,CAAA;IAEA,MAAM0C,cAAAA,GAA+B,OAAO1C,IAAAA,EAAMC,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC5E,QAAA,IAAI,CAACD,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,kCAAA,CAAA;AAClB,QAAA;AACA,QAAA,IAAIC,QAAQN,IAAAA,CAAAA,EAAO;AACjB,YAAA,MAAM2C,GAAAA,GAAM,IAAIf,KAAAA,CAAM5B,IAAAA,CAAK4C,MAAM,CAAA;YACjC,IAAK,IAAIC,IAAI,CAAA,EAAGA,CAAAA,GAAI7C,KAAK4C,MAAM,EAAEC,KAAK,CAAA,CAAG;gBACvCF,GAAG,CAACE,EAAE,GAAG,MAAMH,eAAe1C,IAAI,CAAC6C,CAAAA,CAAE,EAAE5C,MAAAA,EAAQ;AAAEC,oBAAAA;AAAK,iBAAA,CAAA;AACxD,YAAA;YACA,OAAOyC,GAAAA;AACT,QAAA;AAEA,QAAA,MAAM5B,UAAAA,GAAa;YACjB,CAACf,IAAAA,GAAeuB,qBAAgC,CAAC;AAAEtB,oBAAAA,MAAAA;AAAQH,oBAAAA;iBAAS,EAAGE,IAAAA;AACxE,SAAA;AAED,QAAA,IAAIE,IAAAA,EAAM;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAAA,CAAeC,yBAAkC,CAACnB,IAAAA,CAAAA,EAAO;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEhF,QAAA;;QAGAD,IAAAA,EAAM0B,UAAAA,EAAYuB,QAAQrB,OAAAA,CAAQ,CAACC,YAAyBX,UAAAA,CAAWO,IAAI,CAACI,SAAAA,CAAUzB,MAAAA,CAAAA,CAAAA,CAAAA;AAEtF,QAAA,OAAOwC,QAAa1B,UAAAA,CAAAA,CAAYf,IAAAA,CAAAA;AAClC,IAAA,CAAA;AAEA,IAAA,MAAM+C,aAAAA,GAAgB,OACpBC,KAAAA,EACA/C,MAAAA,EACA,EAAEC,IAAI,EAAEC,YAAAA,GAAe,KAAK,EAAEC,KAAK,EAAW,GAAG,EAAE,GAAA;AAEnD,QAAA,IAAI,CAACH,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,iCAAA,CAAA;AAClB,QAAA;QACA,MAAM,EAAE4C,OAAO,EAAEC,IAAI,EAAEC,MAAM,EAAEC,QAAQ,EAAE,GAAGJ,KAAAA;AAE5C,QAAA,MAAMK,iBAAiBC,SAAAA,CAAUN,KAAAA,CAAAA;AAEjC,QAAA,IAAIC,OAAAA,EAAS;YACXd,MAAAA,CAAOoB,MAAM,CAACF,cAAAA,EAAgB;gBAAEJ,OAAAA,EAAS,MAAMO,eAAAA,CAAgBP,OAAAA,EAAShD,MAAAA,EAAQ;AAAEC,oBAAAA;AAAK,iBAAA;AAAG,aAAA,CAAA;AAC5F,QAAA;AAEA,QAAA,IAAIgD,IAAAA,EAAM;YACRf,MAAAA,CAAOoB,MAAM,CAACF,cAAAA,EAAgB;gBAAEH,IAAAA,EAAM,MAAMO,YAAAA,CAAaP,IAAAA,EAAMjD,MAAAA,EAAQ;AAAEC,oBAAAA;AAAK,iBAAA;AAAG,aAAA,CAAA;AACnF,QAAA;AAEA,QAAA,IAAIiD,MAAAA,EAAQ;YACVhB,MAAAA,CAAOoB,MAAM,CAACF,cAAAA,EAAgB;gBAAEF,MAAAA,EAAQ,MAAMO,eAAeP,MAAAA,EAAQlD,MAAAA;AAAQ,aAAA,CAAA;AAC/E,QAAA;AAEA,QAAA,IAAImD,QAAAA,EAAU;YACZjB,MAAAA,CAAOoB,MAAM,CAACF,cAAAA,EAAgB;gBAAED,QAAAA,EAAU,MAAMO,iBAAiBP,QAAAA,EAAUnD,MAAAA;AAAQ,aAAA,CAAA;AACrF,QAAA;AAEA,QAAA,MAAM2D,iBAAiBC,0BAAAA,CAA2BzD,KAAAA,CAAAA;QAClD,MAAM0D,gBAAAA,GAAmB1D,OAAO2B,OAAAA,EAASiB,KAAAA;AACzC,QAAA,IAAIc,gBAAAA,EAAkB;YACpB,KAAK,MAAM5B,OAAO0B,cAAAA,CAAgB;AAChC,gBAAA,IAAI1B,OAAOc,KAAAA,EAAO;oBAChB,MAAMX,SAAAA,GAAYyB,gBAAgB,CAAC5B,GAAAA,CAAI;AACvC,oBAAA,IAAIG,aAAa,OAAQA,SAAAA,CAA2BC,SAAS,KAAK,UAAA,EAAY;AAC5E,wBAAA,MAAMC,SAAS,SAACF,CAA2BC,SAAS,CAACU,KAAK,CAACd,GAAAA,CAAI,CAAA;wBAC/D,IAAIK,MAAAA,CAAOC,OAAO,EAAE;AAClBa,4BAAAA,cAAc,CAACnB,GAAAA,CAAI,GAAGK,MAAAA,CAAOvC,IAAI;wBACnC,CAAA,MAAO;4BACL,OAAOqD,cAAc,CAACnB,GAAAA,CAAI;AAC5B,wBAAA;AACF,oBAAA;AACF,gBAAA;AACF,YAAA;AACF,QAAA;AAEA,QAAA,IAAI/B,YAAAA,EAAc;AAChB,YAAA,MAAM4D,WAAAA,GAAc;AAAIC,gBAAAA,GAAAA,wBAAAA;AAA6BJ,gBAAAA,GAAAA;AAAe,aAAA;AACpE,YAAA,OAAOK,KAAKF,WAAAA,EAAaV,cAAAA,CAAAA;AAC3B,QAAA;QAEA,OAAOA,cAAAA;AACT,IAAA,CAAA;IAEA,MAAMG,eAAAA,GAAgC,CAACP,OAAAA,EAAShD,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC1E,QAAA,IAAI,CAACD,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,mCAAA,CAAA;AAClB,QAAA;AACA,QAAA,IAAIC,QAAQ2C,OAAAA,CAAAA,EAAU;YACpB,OAAO1C,OAAAA,CAAQC,GAAG,CAACyC,OAAAA,CAAQxC,GAAG,CAAC,CAACyD,MAAAA,GAAWV,eAAAA,CAAgBU,MAAAA,EAAQjE,MAAAA,EAAQ;AAAEC,oBAAAA;AAAK,iBAAA,CAAA,CAAA,CAAA;AACpF,QAAA;AAEA,QAAA,MAAMa,UAAAA,GAAa;AAACQ,YAAAA,sBAAiC,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE5E,QAAA,IAAII,IAAAA,EAAM;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACb6C,oBAAAA,CAAqB9C,yBAAkC,CAACnB,IAAAA,CAAAA,EAAO;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEtF,QAAA;AAEA,QAAA,OAAO2C,QAAa1B,UAAAA,CAAAA,CAAYkC,OAAAA,CAAAA;AAClC,IAAA,CAAA;IAEA,MAAMQ,YAAAA,GAA6B,CAACP,IAAAA,EAAMjD,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AACpE,QAAA,IAAI,CAACD,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,gCAAA,CAAA;AAClB,QAAA;AACA,QAAA,MAAMU,UAAAA,GAAa;AAACQ,YAAAA,mBAA8B,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAEzE,QAAA,IAAII,IAAAA,EAAM;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACb8C,iBAAAA,CAAkB/C,yBAAkC,CAACnB,IAAAA,CAAAA,EAAO;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEnF,QAAA;AAEA,QAAA,OAAO2C,QAAa1B,UAAAA,CAAAA,CAAYmC,IAAAA,CAAAA;AAClC,IAAA,CAAA;IAEA,MAAMQ,cAAAA,GAA+B,CAACP,MAAAA,EAAQlD,MAAAA,GAAAA;AAC5C,QAAA,IAAI,CAACA,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,kCAAA,CAAA;AAClB,QAAA;AACA,QAAA,MAAMU,UAAAA,GAAa;AAACQ,YAAAA,qBAAgC,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE3E,QAAA,OAAO2C,QAAa1B,UAAAA,CAAAA,CAAYoC,MAAAA,CAAAA;AAClC,IAAA,CAAA;IAEA,MAAMQ,gBAAAA,GAAiC,CAACP,QAAAA,EAAUnD,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC5E,QAAA,IAAI,CAACD,MAAAA,EAAQ;AACX,YAAA,MAAM,IAAII,KAAAA,CAAM,oCAAA,CAAA;AAClB,QAAA;AACA,QAAA,MAAMU,UAAAA,GAAa;AAACQ,YAAAA,uBAAkC,CAAC;AAAEtB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE7E,QAAA,IAAII,IAAAA,EAAM;AACRa,YAAAA,UAAAA,CAAWO,IAAI,CACb+C,qBAAAA,CAAsBhD,yBAAkC,CAACnB,IAAAA,CAAAA,EAAO;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEvF,QAAA;AAEA,QAAA,OAAO2C,QAAa1B,UAAAA,CAAAA,CAAYqC,QAAAA,CAAAA;AAClC,IAAA,CAAA;IAEA,OAAO;QACL5B,KAAAA,EAAOzB,aAAAA;QACP+C,MAAAA,EAAQJ,cAAAA;QACRM,KAAAA,EAAOD,aAAAA;QACPE,OAAAA,EAASO,eAAAA;QACTN,IAAAA,EAAMO,YAAAA;QACNN,MAAAA,EAAQO,cAAAA;QACRN,QAAAA,EAAUO;AACZ,KAAA;AACF;;;;"}
package/dist/sanitize/sanitizers.js CHANGED
@@ -10,6 +10,7 @@ var queryPopulate = require('../traverse/query-populate.js');
10
10
  var queryFields = require('../traverse/query-fields.js');
11
11
  var removePassword = require('./visitors/remove-password.js');
12
12
  var removePrivate = require('./visitors/remove-private.js');
13
+ require('./visitors/remove-restricted-relations.js');
13
14
  var removeMorphToRelations = require('./visitors/remove-morph-to-relations.js');
14
15
  var removeDynamicZones = require('./visitors/remove-dynamic-zones.js');
15
16
  var expandWildcardPopulate = require('./visitors/expand-wildcard-populate.js');
package/dist/sanitize/sanitizers.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sanitizers.js","sources":["../../src/sanitize/sanitizers.ts"],"sourcesContent":["import { curry, isEmpty, isNil, isArray, isObject } from 'lodash/fp';\n\nimport { pipe as pipeAsync } from '../async';\nimport traverseEntity from '../traverse-entity';\nimport { isScalarAttribute, constants } from '../content-types';\n\nimport {\n traverseQueryFilters,\n traverseQuerySort,\n traverseQueryPopulate,\n traverseQueryFields,\n} from '../traverse';\n\nimport {\n removePassword,\n removePrivate,\n removeDynamicZones,\n removeMorphToRelations,\n expandWildcardPopulate,\n} from './visitors';\nimport { isOperator } from '../operators';\n\nimport type { Model, Data } from '../types';\nimport type { Parent } from '../traverse/factory';\n\ninterface Context {\n schema: Model;\n getModel: (model: string) => Model;\n parent?: Parent;\n}\n\nconst { ID_ATTRIBUTE, DOC_ID_ATTRIBUTE } = constants;\n\nconst sanitizePasswords = (ctx: Context) => async (entity: Data) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in sanitizePasswords');\n }\n\n return traverseEntity(removePassword, ctx, entity);\n};\n\nconst defaultSanitizeOutput = async (ctx: Context, entity: Data) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeOutput');\n }\n\n return traverseEntity(\n (...args) => {\n removePassword(...args);\n removePrivate(...args);\n },\n ctx,\n entity\n );\n};\n\nconst defaultSanitizeFilters = curry((ctx: Context, filters: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeFilters');\n }\n\n return pipeAsync(\n // Remove keys that are not attributes or valid operators\n traverseQueryFilters(({ key, attribute }, { remove }) => {\n const isAttribute = !!attribute;\n\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not checking it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (!isAttribute && !isOperator(key)) {\n remove(key);\n }\n }, ctx),\n // Remove dynamic zones from filters\n traverseQueryFilters(removeDynamicZones, ctx),\n // Remove morpTo relations from filters\n traverseQueryFilters(removeMorphToRelations, ctx),\n // Remove passwords from filters\n traverseQueryFilters(removePassword, ctx),\n // Remove private from filters\n traverseQueryFilters(removePrivate, ctx),\n // Remove empty objects\n traverseQueryFilters(({ key, value }, { remove }) => {\n if (isObject(value) && isEmpty(value)) {\n remove(key);\n }\n }, ctx)\n )(filters);\n});\n\nconst defaultSanitizeSort = curry((ctx: Context, sort: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeSort');\n }\n\n return pipeAsync(\n // Remove non attribute keys\n traverseQuerySort(({ key, attribute }, { remove }) => {\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not checking it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (!attribute) {\n remove(key);\n }\n }, ctx),\n // Remove dynamic zones from sort\n traverseQuerySort(removeDynamicZones, ctx),\n // Remove morpTo relations from sort\n traverseQuerySort(removeMorphToRelations, ctx),\n // Remove private from sort\n traverseQuerySort(removePrivate, ctx),\n // Remove passwords from filters\n traverseQuerySort(removePassword, ctx),\n // Remove keys for empty non-scalar values\n traverseQuerySort(({ key, attribute, value }, { remove }) => {\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not removing it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (!isScalarAttribute(attribute) && isEmpty(value)) {\n remove(key);\n }\n }, ctx)\n )(sort);\n});\n\nconst defaultSanitizeFields = curry((ctx: Context, fields: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeFields');\n }\n\n return pipeAsync(\n // Only keep scalar attributes\n traverseQueryFields(({ key, attribute }, { remove }) => {\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not checking it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (isNil(attribute) || !isScalarAttribute(attribute)) {\n remove(key);\n }\n }, ctx),\n // Remove private fields\n traverseQueryFields(removePrivate, ctx),\n // Remove password fields\n traverseQueryFields(removePassword, ctx),\n // Remove nil values from fields array\n (value) => (isArray(value) ? value.filter((field) => !isNil(field)) : value)\n )(fields);\n});\n\nconst defaultSanitizePopulate = curry((ctx: Context, populate: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizePopulate');\n }\n\n return pipeAsync(\n traverseQueryPopulate(expandWildcardPopulate, ctx),\n traverseQueryPopulate(async ({ key, value, schema, attribute, getModel, path }, { set }) => {\n if (attribute) {\n return;\n }\n\n const parent = { key, path, schema, attribute } satisfies Parent;\n\n if (key === 'sort') {\n set(key, await defaultSanitizeSort({ schema, getModel, parent }, value));\n }\n\n if (key === 'filters') {\n set(key, await defaultSanitizeFilters({ schema, getModel, parent }, value));\n }\n\n if (key === 'fields') {\n set(key, await defaultSanitizeFields({ schema, getModel, parent }, value));\n }\n\n if (key === 'populate') {\n set(key, await defaultSanitizePopulate({ schema, getModel, parent }, value));\n }\n }, ctx),\n // Remove private fields\n traverseQueryPopulate(removePrivate, ctx)\n )(populate);\n});\n\nexport {\n sanitizePasswords,\n defaultSanitizeOutput,\n defaultSanitizeFilters,\n defaultSanitizeSort,\n defaultSanitizeFields,\n defaultSanitizePopulate,\n};\n"],"names":["ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","constants","sanitizePasswords","ctx","entity","schema","Error","traverseEntity","removePassword","defaultSanitizeOutput","args","removePrivate","defaultSanitizeFilters","curry","filters","pipeAsync","traverseQueryFilters","key","attribute","remove","isAttribute","includes","isOperator","removeDynamicZones","removeMorphToRelations","value","isObject","isEmpty","defaultSanitizeSort","sort","traverseQuerySort","isScalarAttribute","defaultSanitizeFields","fields","traverseQueryFields","isNil","isArray","filter","field","defaultSanitizePopulate","populate","traverseQueryPopulate","expandWildcardPopulate","getModel","path","set","parent"],"mappings":";;;;;;;;;;;;;;;;;AA+BA,MAAM,EAAEA,YAAY,EAAEC,gBAAgB,EAAE,GAAGC,sBAAAA;AAErCC,MAAAA,iBAAAA,GAAoB,CAACC,GAAAA,GAAiB,OAAOC,MAAAA,GAAAA;QACjD,IAAI,CAACD,GAAIE,CAAAA,MAAM,EAAE;AACf,YAAA,MAAM,IAAIC,KAAM,CAAA,qCAAA,CAAA;AAClB;QAEA,OAAOC,cAAAA,CAAeC,gBAAgBL,GAAKC,EAAAA,MAAAA,CAAAA;AAC7C;AAEMK,MAAAA,qBAAAA,GAAwB,OAAON,GAAcC,EAAAA,MAAAA,GAAAA;IACjD,IAAI,CAACD,GAAIE,CAAAA,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAM,CAAA,yCAAA,CAAA;AAClB;IAEA,OAAOC,cAAAA,CACL,CAAC,GAAGG,IAAAA,GAAAA;QACFF,cAAkBE,CAAAA,GAAAA,IAAAA,CAAAA;QAClBC,aAAiBD,CAAAA,GAAAA,IAAAA,CAAAA;AACnB,KAAA,EACAP,GACAC,EAAAA,MAAAA,CAAAA;AAEJ;AAEMQ,MAAAA,sBAAAA,GAAyBC,QAAM,CAAA,CAACV,GAAcW,EAAAA,OAAAA,GAAAA;IAClD,IAAI,CAACX,GAAIE,CAAAA,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAM,CAAA,0CAAA,CAAA;AAClB;AAEA,IAAA,OAAOS;IAELC,YAAqB,CAAA,CAAC,EAAEC,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;QAClD,MAAMC,WAAAA,GAAc,CAAC,CAACF,SAAAA;;;QAItB,IAAI;AAACnB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAM,CAAA,EAAA;AAClD,YAAA;AACF;AAEA,QAAA,IAAI,CAACG,WAAAA,IAAe,CAACE,oBAAAA,CAAWL,GAAM,CAAA,EAAA;YACpCE,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA,EAAGd;IAEHa,YAAqBO,CAAAA,kBAAAA,EAAoBpB;IAEzCa,YAAqBQ,CAAAA,sBAAAA,EAAwBrB;IAE7Ca,YAAqBR,CAAAA,cAAAA,EAAgBL;IAErCa,YAAqBL,CAAAA,aAAAA,EAAeR;IAEpCa,YAAqB,CAAA,CAAC,EAAEC,GAAG,EAAEQ,KAAK,EAAE,EAAE,EAAEN,MAAM,EAAE,GAAA;QAC9C,IAAIO,WAAAA,CAASD,KAAUE,CAAAA,IAAAA,UAAAA,CAAQF,KAAQ,CAAA,EAAA;YACrCN,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA,EAAGd,GACHW,CAAAA,CAAAA,CAAAA,OAAAA,CAAAA;AACJ,CAAA;AAEMc,MAAAA,mBAAAA,GAAsBf,QAAM,CAAA,CAACV,GAAc0B,EAAAA,IAAAA,GAAAA;IAC/C,IAAI,CAAC1B,GAAIE,CAAAA,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAM,CAAA,uCAAA,CAAA;AAClB;AAEA,IAAA,OAAOS;IAELe,SAAkB,CAAA,CAAC,EAAEb,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;;;QAG/C,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAM,CAAA,EAAA;AAClD,YAAA;AACF;AAEA,QAAA,IAAI,CAACC,SAAW,EAAA;YACdC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA,EAAGd;IAEH2B,SAAkBP,CAAAA,kBAAAA,EAAoBpB;IAEtC2B,SAAkBN,CAAAA,sBAAAA,EAAwBrB;IAE1C2B,SAAkBnB,CAAAA,aAAAA,EAAeR;IAEjC2B,SAAkBtB,CAAAA,cAAAA,EAAgBL;IAElC2B,SAAkB,CAAA,CAAC,EAAEb,GAAG,EAAEC,SAAS,EAAEO,KAAK,EAAE,EAAE,EAAEN,MAAM,EAAE,GAAA;;;QAGtD,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAM,CAAA,EAAA;AAClD,YAAA;AACF;AAEA,QAAA,IAAI,CAACc,8BAAAA,CAAkBb,SAAcS,CAAAA,IAAAA,UAAAA,CAAQF,KAAQ,CAAA,EAAA;YACnDN,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA,EAAGd,GACH0B,CAAAA,CAAAA,CAAAA,IAAAA,CAAAA;AACJ,CAAA;AAEMG,MAAAA,qBAAAA,GAAwBnB,QAAM,CAAA,CAACV,GAAc8B,EAAAA,MAAAA,GAAAA;IACjD,IAAI,CAAC9B,GAAIE,CAAAA,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAM,CAAA,yCAAA,CAAA;AAClB;AAEA,IAAA,OAAOS;IAELmB,WAAoB,CAAA,CAAC,EAAEjB,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;;;QAGjD,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAM,CAAA,EAAA;AAClD,YAAA;AACF;AAEA,QAAA,IAAIkB,QAAMjB,CAAAA,SAAAA,CAAAA,IAAc,CAACa,8BAAAA,CAAkBb,SAAY,CAAA,EAAA;YACrDC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA,EAAGd;IAEH+B,WAAoBvB,CAAAA,aAAAA,EAAeR;IAEnC+B,WAAoB1B,CAAAA,cAAAA,EAAgBL;IAEpC,CAACsB,KAAAA,GAAWW,UAAQX,CAAAA,KAAAA,CAAAA,GAASA,KAAMY,CAAAA,MAAM,CAAC,CAACC,KAAU,GAAA,CAACH,QAAMG,CAAAA,KAAAA,CAAAA,CAAAA,GAAUb,KACtEQ,CAAAA,CAAAA,MAAAA,CAAAA;AACJ,CAAA;AAEMM,MAAAA,uBAAAA,GAA0B1B,QAAM,CAAA,CAACV,GAAcqC,EAAAA,QAAAA,GAAAA;IACnD,IAAI,CAACrC,GAAIE,CAAAA,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAM,CAAA,2CAAA,CAAA;AAClB;IAEA,OAAOS,UAAAA,CACL0B,cAAsBC,sBAAwBvC,EAAAA,GAAAA,CAAAA,EAC9CsC,cAAsB,OAAO,EAAExB,GAAG,EAAEQ,KAAK,EAAEpB,MAAM,EAAEa,SAAS,EAAEyB,QAAQ,EAAEC,IAAI,EAAE,EAAE,EAAEC,GAAG,EAAE,GAAA;AACrF,QAAA,IAAI3B,SAAW,EAAA;AACb,YAAA;AACF;AAEA,QAAA,MAAM4B,MAAS,GAAA;AAAE7B,YAAAA,GAAAA;AAAK2B,YAAAA,IAAAA;AAAMvC,YAAAA,MAAAA;AAAQa,YAAAA;AAAU,SAAA;AAE9C,QAAA,IAAID,QAAQ,MAAQ,EAAA;YAClB4B,GAAI5B,CAAAA,GAAAA,EAAK,MAAMW,mBAAoB,CAAA;AAAEvB,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAUrB,EAAAA,KAAAA,CAAAA,CAAAA;AACnE;AAEA,QAAA,IAAIR,QAAQ,SAAW,EAAA;YACrB4B,GAAI5B,CAAAA,GAAAA,EAAK,MAAML,sBAAuB,CAAA;AAAEP,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAUrB,EAAAA,KAAAA,CAAAA,CAAAA;AACtE;AAEA,QAAA,IAAIR,QAAQ,QAAU,EAAA;YACpB4B,GAAI5B,CAAAA,GAAAA,EAAK,MAAMe,qBAAsB,CAAA;AAAE3B,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAUrB,EAAAA,KAAAA,CAAAA,CAAAA;AACrE;AAEA,QAAA,IAAIR,QAAQ,UAAY,EAAA;YACtB4B,GAAI5B,CAAAA,GAAAA,EAAK,MAAMsB,uBAAwB,CAAA;AAAElC,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAUrB,EAAAA,KAAAA,CAAAA,CAAAA;AACvE;AACF,KAAA,EAAGtB;AAEHsC,IAAAA,aAAAA,CAAsB9B,eAAeR,GACrCqC,CAAAA,CAAAA,CAAAA,QAAAA,CAAAA;AACJ,CAAA;;;;;;;;;"}
1
+ {"version":3,"file":"sanitizers.js","sources":["../../src/sanitize/sanitizers.ts"],"sourcesContent":["import { curry, isEmpty, isNil, isArray, isObject } from 'lodash/fp';\n\nimport { pipe as pipeAsync } from '../async';\nimport traverseEntity from '../traverse-entity';\nimport { isScalarAttribute, constants } from '../content-types';\n\nimport {\n traverseQueryFilters,\n traverseQuerySort,\n traverseQueryPopulate,\n traverseQueryFields,\n} from '../traverse';\n\nimport {\n removePassword,\n removePrivate,\n removeDynamicZones,\n removeMorphToRelations,\n expandWildcardPopulate,\n} from './visitors';\nimport { isOperator } from '../operators';\n\nimport type { Model, Data } from '../types';\nimport type { Parent } from '../traverse/factory';\n\ninterface Context {\n schema: Model;\n getModel: (model: string) => Model;\n parent?: Parent;\n}\n\nconst { ID_ATTRIBUTE, DOC_ID_ATTRIBUTE } = constants;\n\nconst sanitizePasswords = (ctx: Context) => async (entity: Data) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in sanitizePasswords');\n }\n\n return traverseEntity(removePassword, ctx, entity);\n};\n\nconst defaultSanitizeOutput = async (ctx: Context, entity: Data) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeOutput');\n }\n\n return traverseEntity(\n (...args) => {\n removePassword(...args);\n removePrivate(...args);\n },\n ctx,\n entity\n );\n};\n\nconst defaultSanitizeFilters = curry((ctx: Context, filters: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeFilters');\n }\n\n return pipeAsync(\n // Remove keys that are not attributes or valid operators\n traverseQueryFilters(({ key, attribute }, { remove }) => {\n const isAttribute = !!attribute;\n\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not checking it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (!isAttribute && !isOperator(key)) {\n remove(key);\n }\n }, ctx),\n // Remove dynamic zones from filters\n traverseQueryFilters(removeDynamicZones, ctx),\n // Remove morpTo relations from filters\n traverseQueryFilters(removeMorphToRelations, ctx),\n // Remove passwords from filters\n traverseQueryFilters(removePassword, ctx),\n // Remove private from filters\n traverseQueryFilters(removePrivate, ctx),\n // Remove empty objects\n traverseQueryFilters(({ key, value }, { remove }) => {\n if (isObject(value) && isEmpty(value)) {\n remove(key);\n }\n }, ctx)\n )(filters);\n});\n\nconst defaultSanitizeSort = curry((ctx: Context, sort: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeSort');\n }\n\n return pipeAsync(\n // Remove non attribute keys\n traverseQuerySort(({ key, attribute }, { remove }) => {\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not checking it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (!attribute) {\n remove(key);\n }\n }, ctx),\n // Remove dynamic zones from sort\n traverseQuerySort(removeDynamicZones, ctx),\n // Remove morpTo relations from sort\n traverseQuerySort(removeMorphToRelations, ctx),\n // Remove private from sort\n traverseQuerySort(removePrivate, ctx),\n // Remove passwords from filters\n traverseQuerySort(removePassword, ctx),\n // Remove keys for empty non-scalar values\n traverseQuerySort(({ key, attribute, value }, { remove }) => {\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not removing it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (!isScalarAttribute(attribute) && isEmpty(value)) {\n remove(key);\n }\n }, ctx)\n )(sort);\n});\n\nconst defaultSanitizeFields = curry((ctx: Context, fields: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeFields');\n }\n\n return pipeAsync(\n // Only keep scalar attributes\n traverseQueryFields(({ key, attribute }, { remove }) => {\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not checking it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (isNil(attribute) || !isScalarAttribute(attribute)) {\n remove(key);\n }\n }, ctx),\n // Remove private fields\n traverseQueryFields(removePrivate, ctx),\n // Remove password fields\n traverseQueryFields(removePassword, ctx),\n // Remove nil values from fields array\n (value) => (isArray(value) ? value.filter((field) => !isNil(field)) : value)\n )(fields);\n});\n\nconst defaultSanitizePopulate = curry((ctx: Context, populate: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizePopulate');\n }\n\n return pipeAsync(\n traverseQueryPopulate(expandWildcardPopulate, ctx),\n traverseQueryPopulate(async ({ key, value, schema, attribute, getModel, path }, { set }) => {\n if (attribute) {\n return;\n }\n\n const parent = { key, path, schema, attribute } satisfies Parent;\n\n if (key === 'sort') {\n set(key, await defaultSanitizeSort({ schema, getModel, parent }, value));\n }\n\n if (key === 'filters') {\n set(key, await defaultSanitizeFilters({ schema, getModel, parent }, value));\n }\n\n if (key === 'fields') {\n set(key, await defaultSanitizeFields({ schema, getModel, parent }, value));\n }\n\n if (key === 'populate') {\n set(key, await defaultSanitizePopulate({ schema, getModel, parent }, value));\n }\n }, ctx),\n // Remove private fields\n traverseQueryPopulate(removePrivate, ctx)\n )(populate);\n});\n\nexport {\n sanitizePasswords,\n defaultSanitizeOutput,\n defaultSanitizeFilters,\n defaultSanitizeSort,\n defaultSanitizeFields,\n defaultSanitizePopulate,\n};\n"],"names":["ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","constants","sanitizePasswords","ctx","entity","schema","Error","traverseEntity","removePassword","defaultSanitizeOutput","args","removePrivate","defaultSanitizeFilters","curry","filters","pipeAsync","traverseQueryFilters","key","attribute","remove","isAttribute","includes","isOperator","removeDynamicZones","removeMorphToRelations","value","isObject","isEmpty","defaultSanitizeSort","sort","traverseQuerySort","isScalarAttribute","defaultSanitizeFields","fields","traverseQueryFields","isNil","isArray","filter","field","defaultSanitizePopulate","populate","traverseQueryPopulate","expandWildcardPopulate","getModel","path","set","parent"],"mappings":";;;;;;;;;;;;;;;;;;AA+BA,MAAM,EAAEA,YAAY,EAAEC,gBAAgB,EAAE,GAAGC,sBAAAA;AAE3C,MAAMC,iBAAAA,GAAoB,CAACC,GAAAA,GAAiB,OAAOC,MAAAA,GAAAA;QACjD,IAAI,CAACD,GAAAA,CAAIE,MAAM,EAAE;AACf,YAAA,MAAM,IAAIC,KAAAA,CAAM,qCAAA,CAAA;AAClB,QAAA;QAEA,OAAOC,cAAAA,CAAeC,gBAAgBL,GAAAA,EAAKC,MAAAA,CAAAA;AAC7C,IAAA;AAEA,MAAMK,qBAAAA,GAAwB,OAAON,GAAAA,EAAcC,MAAAA,GAAAA;IACjD,IAAI,CAACD,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,yCAAA,CAAA;AAClB,IAAA;IAEA,OAAOC,cAAAA,CACL,CAAC,GAAGG,IAAAA,GAAAA;QACFF,cAAAA,CAAAA,GAAkBE,IAAAA,CAAAA;QAClBC,aAAAA,CAAAA,GAAiBD,IAAAA,CAAAA;AACnB,IAAA,CAAA,EACAP,GAAAA,EACAC,MAAAA,CAAAA;AAEJ;AAEA,MAAMQ,sBAAAA,GAAyBC,QAAAA,CAAM,CAACV,GAAAA,EAAcW,OAAAA,GAAAA;IAClD,IAAI,CAACX,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,0CAAA,CAAA;AAClB,IAAA;AAEA,IAAA,OAAOS;IAELC,YAAAA,CAAqB,CAAC,EAAEC,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;QAClD,MAAMC,WAAAA,GAAc,CAAC,CAACF,SAAAA;;;QAItB,IAAI;AAACnB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAAA,CAAAA,EAAM;AAClD,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAACG,WAAAA,IAAe,CAACE,oBAAAA,CAAWL,GAAAA,CAAAA,EAAM;YACpCE,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd;IAEHa,YAAAA,CAAqBO,kBAAAA,EAAoBpB;IAEzCa,YAAAA,CAAqBQ,sBAAAA,EAAwBrB;IAE7Ca,YAAAA,CAAqBR,cAAAA,EAAgBL;IAErCa,YAAAA,CAAqBL,aAAAA,EAAeR;IAEpCa,YAAAA,CAAqB,CAAC,EAAEC,GAAG,EAAEQ,KAAK,EAAE,EAAE,EAAEN,MAAM,EAAE,GAAA;QAC9C,IAAIO,WAAAA,CAASD,KAAAA,CAAAA,IAAUE,UAAAA,CAAQF,KAAAA,CAAAA,EAAQ;YACrCN,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd,GAAAA,CAAAA,CAAAA,CACHW,OAAAA,CAAAA;AACJ,CAAA;AAEA,MAAMc,mBAAAA,GAAsBf,QAAAA,CAAM,CAACV,GAAAA,EAAc0B,IAAAA,GAAAA;IAC/C,IAAI,CAAC1B,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,uCAAA,CAAA;AAClB,IAAA;AAEA,IAAA,OAAOS;IAELe,SAAAA,CAAkB,CAAC,EAAEb,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;;;QAG/C,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAAA,CAAAA,EAAM;AAClD,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAACC,SAAAA,EAAW;YACdC,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd;IAEH2B,SAAAA,CAAkBP,kBAAAA,EAAoBpB;IAEtC2B,SAAAA,CAAkBN,sBAAAA,EAAwBrB;IAE1C2B,SAAAA,CAAkBnB,aAAAA,EAAeR;IAEjC2B,SAAAA,CAAkBtB,cAAAA,EAAgBL;IAElC2B,SAAAA,CAAkB,CAAC,EAAEb,GAAG,EAAEC,SAAS,EAAEO,KAAK,EAAE,EAAE,EAAEN,MAAM,EAAE,GAAA;;;QAGtD,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAAA,CAAAA,EAAM;AAClD,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAACc,8BAAAA,CAAkBb,SAAAA,CAAAA,IAAcS,UAAAA,CAAQF,KAAAA,CAAAA,EAAQ;YACnDN,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd,GAAAA,CAAAA,CAAAA,CACH0B,IAAAA,CAAAA;AACJ,CAAA;AAEA,MAAMG,qBAAAA,GAAwBnB,QAAAA,CAAM,CAACV,GAAAA,EAAc8B,MAAAA,GAAAA;IACjD,IAAI,CAAC9B,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,yCAAA,CAAA;AAClB,IAAA;AAEA,IAAA,OAAOS;IAELmB,WAAAA,CAAoB,CAAC,EAAEjB,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;;;QAGjD,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAAA,CAAAA,EAAM;AAClD,YAAA;AACF,QAAA;AAEA,QAAA,IAAIkB,QAAAA,CAAMjB,SAAAA,CAAAA,IAAc,CAACa,8BAAAA,CAAkBb,SAAAA,CAAAA,EAAY;YACrDC,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd;IAEH+B,WAAAA,CAAoBvB,aAAAA,EAAeR;IAEnC+B,WAAAA,CAAoB1B,cAAAA,EAAgBL;IAEpC,CAACsB,KAAAA,GAAWW,UAAAA,CAAQX,KAAAA,CAAAA,GAASA,KAAAA,CAAMY,MAAM,CAAC,CAACC,KAAAA,GAAU,CAACH,QAAAA,CAAMG,KAAAA,CAAAA,CAAAA,GAAUb,KAAAA,CAAAA,CACtEQ,MAAAA,CAAAA;AACJ,CAAA;AAEA,MAAMM,uBAAAA,GAA0B1B,QAAAA,CAAM,CAACV,GAAAA,EAAcqC,QAAAA,GAAAA;IACnD,IAAI,CAACrC,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,2CAAA,CAAA;AAClB,IAAA;IAEA,OAAOS,UAAAA,CACL0B,cAAsBC,sBAAAA,EAAwBvC,GAAAA,CAAAA,EAC9CsC,cAAsB,OAAO,EAAExB,GAAG,EAAEQ,KAAK,EAAEpB,MAAM,EAAEa,SAAS,EAAEyB,QAAQ,EAAEC,IAAI,EAAE,EAAE,EAAEC,GAAG,EAAE,GAAA;AACrF,QAAA,IAAI3B,SAAAA,EAAW;AACb,YAAA;AACF,QAAA;AAEA,QAAA,MAAM4B,MAAAA,GAAS;AAAE7B,YAAAA,GAAAA;AAAK2B,YAAAA,IAAAA;AAAMvC,YAAAA,MAAAA;AAAQa,YAAAA;AAAU,SAAA;AAE9C,QAAA,IAAID,QAAQ,MAAA,EAAQ;YAClB4B,GAAAA,CAAI5B,GAAAA,EAAK,MAAMW,mBAAAA,CAAoB;AAAEvB,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAO,EAAGrB,KAAAA,CAAAA,CAAAA;AACnE,QAAA;AAEA,QAAA,IAAIR,QAAQ,SAAA,EAAW;YACrB4B,GAAAA,CAAI5B,GAAAA,EAAK,MAAML,sBAAAA,CAAuB;AAAEP,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAO,EAAGrB,KAAAA,CAAAA,CAAAA;AACtE,QAAA;AAEA,QAAA,IAAIR,QAAQ,QAAA,EAAU;YACpB4B,GAAAA,CAAI5B,GAAAA,EAAK,MAAMe,qBAAAA,CAAsB;AAAE3B,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAO,EAAGrB,KAAAA,CAAAA,CAAAA;AACrE,QAAA;AAEA,QAAA,IAAIR,QAAQ,UAAA,EAAY;YACtB4B,GAAAA,CAAI5B,GAAAA,EAAK,MAAMsB,uBAAAA,CAAwB;AAAElC,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAO,EAAGrB,KAAAA,CAAAA,CAAAA;AACvE,QAAA;AACF,IAAA,CAAA,EAAGtB;AAEHsC,IAAAA,aAAAA,CAAsB9B,eAAeR,GAAAA,CAAAA,CAAAA,CACrCqC,QAAAA,CAAAA;AACJ,CAAA;;;;;;;;;"}
package/dist/sanitize/sanitizers.mjs CHANGED
@@ -1,13 +1,14 @@
1
1
  import { curry, isObject, isEmpty, isNil, isArray } from 'lodash/fp';
2
2
  import { pipe } from '../async.mjs';
3
3
  import traverseEntity from '../traverse-entity.mjs';
4
- import { isScalarAttribute, constants } from '../content-types.mjs';
4
+ import { constants, isScalarAttribute } from '../content-types.mjs';
5
5
  import traverseQueryFilters from '../traverse/query-filters.mjs';
6
6
  import traverseQuerySort from '../traverse/query-sort.mjs';
7
7
  import traverseQueryPopulate from '../traverse/query-populate.mjs';
8
8
  import traverseQueryFields from '../traverse/query-fields.mjs';
9
9
  import visitor$1 from './visitors/remove-password.mjs';
10
10
  import visitor from './visitors/remove-private.mjs';
11
+ import './visitors/remove-restricted-relations.mjs';
11
12
  import visitor$2 from './visitors/remove-morph-to-relations.mjs';
12
13
  import visitor$3 from './visitors/remove-dynamic-zones.mjs';
13
14
  import visitor$4 from './visitors/expand-wildcard-populate.mjs';
package/dist/sanitize/sanitizers.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sanitizers.mjs","sources":["../../src/sanitize/sanitizers.ts"],"sourcesContent":["import { curry, isEmpty, isNil, isArray, isObject } from 'lodash/fp';\n\nimport { pipe as pipeAsync } from '../async';\nimport traverseEntity from '../traverse-entity';\nimport { isScalarAttribute, constants } from '../content-types';\n\nimport {\n traverseQueryFilters,\n traverseQuerySort,\n traverseQueryPopulate,\n traverseQueryFields,\n} from '../traverse';\n\nimport {\n removePassword,\n removePrivate,\n removeDynamicZones,\n removeMorphToRelations,\n expandWildcardPopulate,\n} from './visitors';\nimport { isOperator } from '../operators';\n\nimport type { Model, Data } from '../types';\nimport type { Parent } from '../traverse/factory';\n\ninterface Context {\n schema: Model;\n getModel: (model: string) => Model;\n parent?: Parent;\n}\n\nconst { ID_ATTRIBUTE, DOC_ID_ATTRIBUTE } = constants;\n\nconst sanitizePasswords = (ctx: Context) => async (entity: Data) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in sanitizePasswords');\n }\n\n return traverseEntity(removePassword, ctx, entity);\n};\n\nconst defaultSanitizeOutput = async (ctx: Context, entity: Data) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeOutput');\n }\n\n return traverseEntity(\n (...args) => {\n removePassword(...args);\n removePrivate(...args);\n },\n ctx,\n entity\n );\n};\n\nconst defaultSanitizeFilters = curry((ctx: Context, filters: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeFilters');\n }\n\n return pipeAsync(\n // Remove keys that are not attributes or valid operators\n traverseQueryFilters(({ key, attribute }, { remove }) => {\n const isAttribute = !!attribute;\n\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not checking it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (!isAttribute && !isOperator(key)) {\n remove(key);\n }\n }, ctx),\n // Remove dynamic zones from filters\n traverseQueryFilters(removeDynamicZones, ctx),\n // Remove morpTo relations from filters\n traverseQueryFilters(removeMorphToRelations, ctx),\n // Remove passwords from filters\n traverseQueryFilters(removePassword, ctx),\n // Remove private from filters\n traverseQueryFilters(removePrivate, ctx),\n // Remove empty objects\n traverseQueryFilters(({ key, value }, { remove }) => {\n if (isObject(value) && isEmpty(value)) {\n remove(key);\n }\n }, ctx)\n )(filters);\n});\n\nconst defaultSanitizeSort = curry((ctx: Context, sort: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeSort');\n }\n\n return pipeAsync(\n // Remove non attribute keys\n traverseQuerySort(({ key, attribute }, { remove }) => {\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not checking it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (!attribute) {\n remove(key);\n }\n }, ctx),\n // Remove dynamic zones from sort\n traverseQuerySort(removeDynamicZones, ctx),\n // Remove morpTo relations from sort\n traverseQuerySort(removeMorphToRelations, ctx),\n // Remove private from sort\n traverseQuerySort(removePrivate, ctx),\n // Remove passwords from filters\n traverseQuerySort(removePassword, ctx),\n // Remove keys for empty non-scalar values\n traverseQuerySort(({ key, attribute, value }, { remove }) => {\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not removing it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (!isScalarAttribute(attribute) && isEmpty(value)) {\n remove(key);\n }\n }, ctx)\n )(sort);\n});\n\nconst defaultSanitizeFields = curry((ctx: Context, fields: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeFields');\n }\n\n return pipeAsync(\n // Only keep scalar attributes\n traverseQueryFields(({ key, attribute }, { remove }) => {\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not checking it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (isNil(attribute) || !isScalarAttribute(attribute)) {\n remove(key);\n }\n }, ctx),\n // Remove private fields\n traverseQueryFields(removePrivate, ctx),\n // Remove password fields\n traverseQueryFields(removePassword, ctx),\n // Remove nil values from fields array\n (value) => (isArray(value) ? value.filter((field) => !isNil(field)) : value)\n )(fields);\n});\n\nconst defaultSanitizePopulate = curry((ctx: Context, populate: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizePopulate');\n }\n\n return pipeAsync(\n traverseQueryPopulate(expandWildcardPopulate, ctx),\n traverseQueryPopulate(async ({ key, value, schema, attribute, getModel, path }, { set }) => {\n if (attribute) {\n return;\n }\n\n const parent = { key, path, schema, attribute } satisfies Parent;\n\n if (key === 'sort') {\n set(key, await defaultSanitizeSort({ schema, getModel, parent }, value));\n }\n\n if (key === 'filters') {\n set(key, await defaultSanitizeFilters({ schema, getModel, parent }, value));\n }\n\n if (key === 'fields') {\n set(key, await defaultSanitizeFields({ schema, getModel, parent }, value));\n }\n\n if (key === 'populate') {\n set(key, await defaultSanitizePopulate({ schema, getModel, parent }, value));\n }\n }, ctx),\n // Remove private fields\n traverseQueryPopulate(removePrivate, ctx)\n )(populate);\n});\n\nexport {\n sanitizePasswords,\n defaultSanitizeOutput,\n defaultSanitizeFilters,\n defaultSanitizeSort,\n defaultSanitizeFields,\n defaultSanitizePopulate,\n};\n"],"names":["ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","constants","sanitizePasswords","ctx","entity","schema","Error","traverseEntity","removePassword","defaultSanitizeOutput","args","removePrivate","defaultSanitizeFilters","curry","filters","pipeAsync","traverseQueryFilters","key","attribute","remove","isAttribute","includes","isOperator","removeDynamicZones","removeMorphToRelations","value","isObject","isEmpty","defaultSanitizeSort","sort","traverseQuerySort","isScalarAttribute","defaultSanitizeFields","fields","traverseQueryFields","isNil","isArray","filter","field","defaultSanitizePopulate","populate","traverseQueryPopulate","expandWildcardPopulate","getModel","path","set","parent"],"mappings":";;;;;;;;;;;;;;;AA+BA,MAAM,EAAEA,YAAY,EAAEC,gBAAgB,EAAE,GAAGC,SAAAA;AAErCC,MAAAA,iBAAAA,GAAoB,CAACC,GAAAA,GAAiB,OAAOC,MAAAA,GAAAA;QACjD,IAAI,CAACD,GAAIE,CAAAA,MAAM,EAAE;AACf,YAAA,MAAM,IAAIC,KAAM,CAAA,qCAAA,CAAA;AAClB;QAEA,OAAOC,cAAAA,CAAeC,WAAgBL,GAAKC,EAAAA,MAAAA,CAAAA;AAC7C;AAEMK,MAAAA,qBAAAA,GAAwB,OAAON,GAAcC,EAAAA,MAAAA,GAAAA;IACjD,IAAI,CAACD,GAAIE,CAAAA,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAM,CAAA,yCAAA,CAAA;AAClB;IAEA,OAAOC,cAAAA,CACL,CAAC,GAAGG,IAAAA,GAAAA;QACFF,SAAkBE,CAAAA,GAAAA,IAAAA,CAAAA;QAClBC,OAAiBD,CAAAA,GAAAA,IAAAA,CAAAA;AACnB,KAAA,EACAP,GACAC,EAAAA,MAAAA,CAAAA;AAEJ;AAEMQ,MAAAA,sBAAAA,GAAyBC,KAAM,CAAA,CAACV,GAAcW,EAAAA,OAAAA,GAAAA;IAClD,IAAI,CAACX,GAAIE,CAAAA,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAM,CAAA,0CAAA,CAAA;AAClB;AAEA,IAAA,OAAOS;IAELC,oBAAqB,CAAA,CAAC,EAAEC,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;QAClD,MAAMC,WAAAA,GAAc,CAAC,CAACF,SAAAA;;;QAItB,IAAI;AAACnB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAM,CAAA,EAAA;AAClD,YAAA;AACF;AAEA,QAAA,IAAI,CAACG,WAAAA,IAAe,CAACE,UAAAA,CAAWL,GAAM,CAAA,EAAA;YACpCE,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA,EAAGd;IAEHa,oBAAqBO,CAAAA,SAAAA,EAAoBpB;IAEzCa,oBAAqBQ,CAAAA,SAAAA,EAAwBrB;IAE7Ca,oBAAqBR,CAAAA,SAAAA,EAAgBL;IAErCa,oBAAqBL,CAAAA,OAAAA,EAAeR;IAEpCa,oBAAqB,CAAA,CAAC,EAAEC,GAAG,EAAEQ,KAAK,EAAE,EAAE,EAAEN,MAAM,EAAE,GAAA;QAC9C,IAAIO,QAAAA,CAASD,KAAUE,CAAAA,IAAAA,OAAAA,CAAQF,KAAQ,CAAA,EAAA;YACrCN,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA,EAAGd,GACHW,CAAAA,CAAAA,CAAAA,OAAAA,CAAAA;AACJ,CAAA;AAEMc,MAAAA,mBAAAA,GAAsBf,KAAM,CAAA,CAACV,GAAc0B,EAAAA,IAAAA,GAAAA;IAC/C,IAAI,CAAC1B,GAAIE,CAAAA,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAM,CAAA,uCAAA,CAAA;AAClB;AAEA,IAAA,OAAOS;IAELe,iBAAkB,CAAA,CAAC,EAAEb,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;;;QAG/C,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAM,CAAA,EAAA;AAClD,YAAA;AACF;AAEA,QAAA,IAAI,CAACC,SAAW,EAAA;YACdC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA,EAAGd;IAEH2B,iBAAkBP,CAAAA,SAAAA,EAAoBpB;IAEtC2B,iBAAkBN,CAAAA,SAAAA,EAAwBrB;IAE1C2B,iBAAkBnB,CAAAA,OAAAA,EAAeR;IAEjC2B,iBAAkBtB,CAAAA,SAAAA,EAAgBL;IAElC2B,iBAAkB,CAAA,CAAC,EAAEb,GAAG,EAAEC,SAAS,EAAEO,KAAK,EAAE,EAAE,EAAEN,MAAM,EAAE,GAAA;;;QAGtD,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAM,CAAA,EAAA;AAClD,YAAA;AACF;AAEA,QAAA,IAAI,CAACc,iBAAAA,CAAkBb,SAAcS,CAAAA,IAAAA,OAAAA,CAAQF,KAAQ,CAAA,EAAA;YACnDN,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA,EAAGd,GACH0B,CAAAA,CAAAA,CAAAA,IAAAA,CAAAA;AACJ,CAAA;AAEMG,MAAAA,qBAAAA,GAAwBnB,KAAM,CAAA,CAACV,GAAc8B,EAAAA,MAAAA,GAAAA;IACjD,IAAI,CAAC9B,GAAIE,CAAAA,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAM,CAAA,yCAAA,CAAA;AAClB;AAEA,IAAA,OAAOS;IAELmB,mBAAoB,CAAA,CAAC,EAAEjB,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;;;QAGjD,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAM,CAAA,EAAA;AAClD,YAAA;AACF;AAEA,QAAA,IAAIkB,KAAMjB,CAAAA,SAAAA,CAAAA,IAAc,CAACa,iBAAAA,CAAkBb,SAAY,CAAA,EAAA;YACrDC,MAAOF,CAAAA,GAAAA,CAAAA;AACT;AACF,KAAA,EAAGd;IAEH+B,mBAAoBvB,CAAAA,OAAAA,EAAeR;IAEnC+B,mBAAoB1B,CAAAA,SAAAA,EAAgBL;IAEpC,CAACsB,KAAAA,GAAWW,OAAQX,CAAAA,KAAAA,CAAAA,GAASA,KAAMY,CAAAA,MAAM,CAAC,CAACC,KAAU,GAAA,CAACH,KAAMG,CAAAA,KAAAA,CAAAA,CAAAA,GAAUb,KACtEQ,CAAAA,CAAAA,MAAAA,CAAAA;AACJ,CAAA;AAEMM,MAAAA,uBAAAA,GAA0B1B,KAAM,CAAA,CAACV,GAAcqC,EAAAA,QAAAA,GAAAA;IACnD,IAAI,CAACrC,GAAIE,CAAAA,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAM,CAAA,2CAAA,CAAA;AAClB;IAEA,OAAOS,IAAAA,CACL0B,sBAAsBC,SAAwBvC,EAAAA,GAAAA,CAAAA,EAC9CsC,sBAAsB,OAAO,EAAExB,GAAG,EAAEQ,KAAK,EAAEpB,MAAM,EAAEa,SAAS,EAAEyB,QAAQ,EAAEC,IAAI,EAAE,EAAE,EAAEC,GAAG,EAAE,GAAA;AACrF,QAAA,IAAI3B,SAAW,EAAA;AACb,YAAA;AACF;AAEA,QAAA,MAAM4B,MAAS,GAAA;AAAE7B,YAAAA,GAAAA;AAAK2B,YAAAA,IAAAA;AAAMvC,YAAAA,MAAAA;AAAQa,YAAAA;AAAU,SAAA;AAE9C,QAAA,IAAID,QAAQ,MAAQ,EAAA;YAClB4B,GAAI5B,CAAAA,GAAAA,EAAK,MAAMW,mBAAoB,CAAA;AAAEvB,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAUrB,EAAAA,KAAAA,CAAAA,CAAAA;AACnE;AAEA,QAAA,IAAIR,QAAQ,SAAW,EAAA;YACrB4B,GAAI5B,CAAAA,GAAAA,EAAK,MAAML,sBAAuB,CAAA;AAAEP,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAUrB,EAAAA,KAAAA,CAAAA,CAAAA;AACtE;AAEA,QAAA,IAAIR,QAAQ,QAAU,EAAA;YACpB4B,GAAI5B,CAAAA,GAAAA,EAAK,MAAMe,qBAAsB,CAAA;AAAE3B,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAUrB,EAAAA,KAAAA,CAAAA,CAAAA;AACrE;AAEA,QAAA,IAAIR,QAAQ,UAAY,EAAA;YACtB4B,GAAI5B,CAAAA,GAAAA,EAAK,MAAMsB,uBAAwB,CAAA;AAAElC,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAUrB,EAAAA,KAAAA,CAAAA,CAAAA;AACvE;AACF,KAAA,EAAGtB;AAEHsC,IAAAA,qBAAAA,CAAsB9B,SAAeR,GACrCqC,CAAAA,CAAAA,CAAAA,QAAAA,CAAAA;AACJ,CAAA;;;;"}
1
+ {"version":3,"file":"sanitizers.mjs","sources":["../../src/sanitize/sanitizers.ts"],"sourcesContent":["import { curry, isEmpty, isNil, isArray, isObject } from 'lodash/fp';\n\nimport { pipe as pipeAsync } from '../async';\nimport traverseEntity from '../traverse-entity';\nimport { isScalarAttribute, constants } from '../content-types';\n\nimport {\n traverseQueryFilters,\n traverseQuerySort,\n traverseQueryPopulate,\n traverseQueryFields,\n} from '../traverse';\n\nimport {\n removePassword,\n removePrivate,\n removeDynamicZones,\n removeMorphToRelations,\n expandWildcardPopulate,\n} from './visitors';\nimport { isOperator } from '../operators';\n\nimport type { Model, Data } from '../types';\nimport type { Parent } from '../traverse/factory';\n\ninterface Context {\n schema: Model;\n getModel: (model: string) => Model;\n parent?: Parent;\n}\n\nconst { ID_ATTRIBUTE, DOC_ID_ATTRIBUTE } = constants;\n\nconst sanitizePasswords = (ctx: Context) => async (entity: Data) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in sanitizePasswords');\n }\n\n return traverseEntity(removePassword, ctx, entity);\n};\n\nconst defaultSanitizeOutput = async (ctx: Context, entity: Data) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeOutput');\n }\n\n return traverseEntity(\n (...args) => {\n removePassword(...args);\n removePrivate(...args);\n },\n ctx,\n entity\n );\n};\n\nconst defaultSanitizeFilters = curry((ctx: Context, filters: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeFilters');\n }\n\n return pipeAsync(\n // Remove keys that are not attributes or valid operators\n traverseQueryFilters(({ key, attribute }, { remove }) => {\n const isAttribute = !!attribute;\n\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not checking it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (!isAttribute && !isOperator(key)) {\n remove(key);\n }\n }, ctx),\n // Remove dynamic zones from filters\n traverseQueryFilters(removeDynamicZones, ctx),\n // Remove morpTo relations from filters\n traverseQueryFilters(removeMorphToRelations, ctx),\n // Remove passwords from filters\n traverseQueryFilters(removePassword, ctx),\n // Remove private from filters\n traverseQueryFilters(removePrivate, ctx),\n // Remove empty objects\n traverseQueryFilters(({ key, value }, { remove }) => {\n if (isObject(value) && isEmpty(value)) {\n remove(key);\n }\n }, ctx)\n )(filters);\n});\n\nconst defaultSanitizeSort = curry((ctx: Context, sort: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeSort');\n }\n\n return pipeAsync(\n // Remove non attribute keys\n traverseQuerySort(({ key, attribute }, { remove }) => {\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not checking it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (!attribute) {\n remove(key);\n }\n }, ctx),\n // Remove dynamic zones from sort\n traverseQuerySort(removeDynamicZones, ctx),\n // Remove morpTo relations from sort\n traverseQuerySort(removeMorphToRelations, ctx),\n // Remove private from sort\n traverseQuerySort(removePrivate, ctx),\n // Remove passwords from filters\n traverseQuerySort(removePassword, ctx),\n // Remove keys for empty non-scalar values\n traverseQuerySort(({ key, attribute, value }, { remove }) => {\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not removing it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (!isScalarAttribute(attribute) && isEmpty(value)) {\n remove(key);\n }\n }, ctx)\n )(sort);\n});\n\nconst defaultSanitizeFields = curry((ctx: Context, fields: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizeFields');\n }\n\n return pipeAsync(\n // Only keep scalar attributes\n traverseQueryFields(({ key, attribute }, { remove }) => {\n // ID is not an attribute per se, so we need to make\n // an extra check to ensure we're not checking it\n if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n return;\n }\n\n if (isNil(attribute) || !isScalarAttribute(attribute)) {\n remove(key);\n }\n }, ctx),\n // Remove private fields\n traverseQueryFields(removePrivate, ctx),\n // Remove password fields\n traverseQueryFields(removePassword, ctx),\n // Remove nil values from fields array\n (value) => (isArray(value) ? value.filter((field) => !isNil(field)) : value)\n )(fields);\n});\n\nconst defaultSanitizePopulate = curry((ctx: Context, populate: unknown) => {\n if (!ctx.schema) {\n throw new Error('Missing schema in defaultSanitizePopulate');\n }\n\n return pipeAsync(\n traverseQueryPopulate(expandWildcardPopulate, ctx),\n traverseQueryPopulate(async ({ key, value, schema, attribute, getModel, path }, { set }) => {\n if (attribute) {\n return;\n }\n\n const parent = { key, path, schema, attribute } satisfies Parent;\n\n if (key === 'sort') {\n set(key, await defaultSanitizeSort({ schema, getModel, parent }, value));\n }\n\n if (key === 'filters') {\n set(key, await defaultSanitizeFilters({ schema, getModel, parent }, value));\n }\n\n if (key === 'fields') {\n set(key, await defaultSanitizeFields({ schema, getModel, parent }, value));\n }\n\n if (key === 'populate') {\n set(key, await defaultSanitizePopulate({ schema, getModel, parent }, value));\n }\n }, ctx),\n // Remove private fields\n traverseQueryPopulate(removePrivate, ctx)\n )(populate);\n});\n\nexport {\n sanitizePasswords,\n defaultSanitizeOutput,\n defaultSanitizeFilters,\n defaultSanitizeSort,\n defaultSanitizeFields,\n defaultSanitizePopulate,\n};\n"],"names":["ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","constants","sanitizePasswords","ctx","entity","schema","Error","traverseEntity","removePassword","defaultSanitizeOutput","args","removePrivate","defaultSanitizeFilters","curry","filters","pipeAsync","traverseQueryFilters","key","attribute","remove","isAttribute","includes","isOperator","removeDynamicZones","removeMorphToRelations","value","isObject","isEmpty","defaultSanitizeSort","sort","traverseQuerySort","isScalarAttribute","defaultSanitizeFields","fields","traverseQueryFields","isNil","isArray","filter","field","defaultSanitizePopulate","populate","traverseQueryPopulate","expandWildcardPopulate","getModel","path","set","parent"],"mappings":";;;;;;;;;;;;;;;;AA+BA,MAAM,EAAEA,YAAY,EAAEC,gBAAgB,EAAE,GAAGC,SAAAA;AAE3C,MAAMC,iBAAAA,GAAoB,CAACC,GAAAA,GAAiB,OAAOC,MAAAA,GAAAA;QACjD,IAAI,CAACD,GAAAA,CAAIE,MAAM,EAAE;AACf,YAAA,MAAM,IAAIC,KAAAA,CAAM,qCAAA,CAAA;AAClB,QAAA;QAEA,OAAOC,cAAAA,CAAeC,WAAgBL,GAAAA,EAAKC,MAAAA,CAAAA;AAC7C,IAAA;AAEA,MAAMK,qBAAAA,GAAwB,OAAON,GAAAA,EAAcC,MAAAA,GAAAA;IACjD,IAAI,CAACD,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,yCAAA,CAAA;AAClB,IAAA;IAEA,OAAOC,cAAAA,CACL,CAAC,GAAGG,IAAAA,GAAAA;QACFF,SAAAA,CAAAA,GAAkBE,IAAAA,CAAAA;QAClBC,OAAAA,CAAAA,GAAiBD,IAAAA,CAAAA;AACnB,IAAA,CAAA,EACAP,GAAAA,EACAC,MAAAA,CAAAA;AAEJ;AAEA,MAAMQ,sBAAAA,GAAyBC,KAAAA,CAAM,CAACV,GAAAA,EAAcW,OAAAA,GAAAA;IAClD,IAAI,CAACX,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,0CAAA,CAAA;AAClB,IAAA;AAEA,IAAA,OAAOS;IAELC,oBAAAA,CAAqB,CAAC,EAAEC,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;QAClD,MAAMC,WAAAA,GAAc,CAAC,CAACF,SAAAA;;;QAItB,IAAI;AAACnB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAAA,CAAAA,EAAM;AAClD,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAACG,WAAAA,IAAe,CAACE,UAAAA,CAAWL,GAAAA,CAAAA,EAAM;YACpCE,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd;IAEHa,oBAAAA,CAAqBO,SAAAA,EAAoBpB;IAEzCa,oBAAAA,CAAqBQ,SAAAA,EAAwBrB;IAE7Ca,oBAAAA,CAAqBR,SAAAA,EAAgBL;IAErCa,oBAAAA,CAAqBL,OAAAA,EAAeR;IAEpCa,oBAAAA,CAAqB,CAAC,EAAEC,GAAG,EAAEQ,KAAK,EAAE,EAAE,EAAEN,MAAM,EAAE,GAAA;QAC9C,IAAIO,QAAAA,CAASD,KAAAA,CAAAA,IAAUE,OAAAA,CAAQF,KAAAA,CAAAA,EAAQ;YACrCN,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd,GAAAA,CAAAA,CAAAA,CACHW,OAAAA,CAAAA;AACJ,CAAA;AAEA,MAAMc,mBAAAA,GAAsBf,KAAAA,CAAM,CAACV,GAAAA,EAAc0B,IAAAA,GAAAA;IAC/C,IAAI,CAAC1B,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,uCAAA,CAAA;AAClB,IAAA;AAEA,IAAA,OAAOS;IAELe,iBAAAA,CAAkB,CAAC,EAAEb,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;;;QAG/C,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAAA,CAAAA,EAAM;AAClD,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAACC,SAAAA,EAAW;YACdC,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd;IAEH2B,iBAAAA,CAAkBP,SAAAA,EAAoBpB;IAEtC2B,iBAAAA,CAAkBN,SAAAA,EAAwBrB;IAE1C2B,iBAAAA,CAAkBnB,OAAAA,EAAeR;IAEjC2B,iBAAAA,CAAkBtB,SAAAA,EAAgBL;IAElC2B,iBAAAA,CAAkB,CAAC,EAAEb,GAAG,EAAEC,SAAS,EAAEO,KAAK,EAAE,EAAE,EAAEN,MAAM,EAAE,GAAA;;;QAGtD,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAAA,CAAAA,EAAM;AAClD,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAACc,iBAAAA,CAAkBb,SAAAA,CAAAA,IAAcS,OAAAA,CAAQF,KAAAA,CAAAA,EAAQ;YACnDN,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd,GAAAA,CAAAA,CAAAA,CACH0B,IAAAA,CAAAA;AACJ,CAAA;AAEA,MAAMG,qBAAAA,GAAwBnB,KAAAA,CAAM,CAACV,GAAAA,EAAc8B,MAAAA,GAAAA;IACjD,IAAI,CAAC9B,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,yCAAA,CAAA;AAClB,IAAA;AAEA,IAAA,OAAOS;IAELmB,mBAAAA,CAAoB,CAAC,EAAEjB,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;;;QAGjD,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAAA,CAAAA,EAAM;AAClD,YAAA;AACF,QAAA;AAEA,QAAA,IAAIkB,KAAAA,CAAMjB,SAAAA,CAAAA,IAAc,CAACa,iBAAAA,CAAkBb,SAAAA,CAAAA,EAAY;YACrDC,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd;IAEH+B,mBAAAA,CAAoBvB,OAAAA,EAAeR;IAEnC+B,mBAAAA,CAAoB1B,SAAAA,EAAgBL;IAEpC,CAACsB,KAAAA,GAAWW,OAAAA,CAAQX,KAAAA,CAAAA,GAASA,KAAAA,CAAMY,MAAM,CAAC,CAACC,KAAAA,GAAU,CAACH,KAAAA,CAAMG,KAAAA,CAAAA,CAAAA,GAAUb,KAAAA,CAAAA,CACtEQ,MAAAA,CAAAA;AACJ,CAAA;AAEA,MAAMM,uBAAAA,GAA0B1B,KAAAA,CAAM,CAACV,GAAAA,EAAcqC,QAAAA,GAAAA;IACnD,IAAI,CAACrC,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,2CAAA,CAAA;AAClB,IAAA;IAEA,OAAOS,IAAAA,CACL0B,sBAAsBC,SAAAA,EAAwBvC,GAAAA,CAAAA,EAC9CsC,sBAAsB,OAAO,EAAExB,GAAG,EAAEQ,KAAK,EAAEpB,MAAM,EAAEa,SAAS,EAAEyB,QAAQ,EAAEC,IAAI,EAAE,EAAE,EAAEC,GAAG,EAAE,GAAA;AACrF,QAAA,IAAI3B,SAAAA,EAAW;AACb,YAAA;AACF,QAAA;AAEA,QAAA,MAAM4B,MAAAA,GAAS;AAAE7B,YAAAA,GAAAA;AAAK2B,YAAAA,IAAAA;AAAMvC,YAAAA,MAAAA;AAAQa,YAAAA;AAAU,SAAA;AAE9C,QAAA,IAAID,QAAQ,MAAA,EAAQ;YAClB4B,GAAAA,CAAI5B,GAAAA,EAAK,MAAMW,mBAAAA,CAAoB;AAAEvB,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAO,EAAGrB,KAAAA,CAAAA,CAAAA;AACnE,QAAA;AAEA,QAAA,IAAIR,QAAQ,SAAA,EAAW;YACrB4B,GAAAA,CAAI5B,GAAAA,EAAK,MAAML,sBAAAA,CAAuB;AAAEP,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAO,EAAGrB,KAAAA,CAAAA,CAAAA;AACtE,QAAA;AAEA,QAAA,IAAIR,QAAQ,QAAA,EAAU;YACpB4B,GAAAA,CAAI5B,GAAAA,EAAK,MAAMe,qBAAAA,CAAsB;AAAE3B,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAO,EAAGrB,KAAAA,CAAAA,CAAAA;AACrE,QAAA;AAEA,QAAA,IAAIR,QAAQ,UAAA,EAAY;YACtB4B,GAAAA,CAAI5B,GAAAA,EAAK,MAAMsB,uBAAAA,CAAwB;AAAElC,gBAAAA,MAAAA;AAAQsC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAO,EAAGrB,KAAAA,CAAAA,CAAAA;AACvE,QAAA;AACF,IAAA,CAAA,EAAGtB;AAEHsC,IAAAA,qBAAAA,CAAsB9B,SAAeR,GAAAA,CAAAA,CAAAA,CACrCqC,QAAAA,CAAAA;AACJ,CAAA;;;;"}
package/dist/sanitize/visitors/expand-wildcard-populate.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"expand-wildcard-populate.js","sources":["../../../src/sanitize/visitors/expand-wildcard-populate.ts"],"sourcesContent":["import type { Visitor } from '../../traverse/factory';\n\nconst visitor: Visitor = ({ schema, key, value }, { set }) => {\n if (key === '' && value === '*') {\n const { attributes } = schema;\n\n const newPopulateQuery = Object.entries(attributes)\n .filter(([, attribute]) =>\n ['relation', 'component', 'media', 'dynamiczone'].includes(attribute.type)\n )\n .reduce<Record<string, true>>((acc, [key]) => ({ ...acc, [key]: true }), {});\n\n set('', newPopulateQuery);\n }\n};\n\nexport default visitor;\n"],"names":["visitor","schema","key","value","set","attributes","newPopulateQuery","Object","entries","filter","attribute","includes","type","reduce","acc"],"mappings":";;AAEA,MAAMA,OAAmB,GAAA,CAAC,EAAEC,MAAM,EAAEC,GAAG,EAAEC,KAAK,EAAE,EAAE,EAAEC,GAAG,EAAE,GAAA;IACvD,IAAIF,GAAAA,KAAQ,EAAMC,IAAAA,KAAAA,KAAU,GAAK,EAAA;QAC/B,MAAM,EAAEE,UAAU,EAAE,GAAGJ,MAAAA;QAEvB,MAAMK,gBAAAA,GAAmBC,MAAOC,CAAAA,OAAO,CAACH,UAAAA,CAAAA,CACrCI,MAAM,CAAC,CAAC,GAAGC,SAAAA,CAAU,GACpB;AAAC,gBAAA,UAAA;AAAY,gBAAA,WAAA;AAAa,gBAAA,OAAA;AAAS,gBAAA;AAAc,aAAA,CAACC,QAAQ,CAACD,SAAUE,CAAAA,IAAI,CAE1EC,CAAAA,CAAAA,MAAM,CAAuB,CAACC,GAAK,EAAA,CAACZ,GAAI,CAAA,IAAM;AAAE,gBAAA,GAAGY,GAAG;AAAE,gBAAA,CAACZ,MAAM;AAAK,aAAA,GAAI,EAAC,CAAA;AAE5EE,QAAAA,GAAAA,CAAI,EAAIE,EAAAA,gBAAAA,CAAAA;AACV;AACF;;;;"}
1
+ {"version":3,"file":"expand-wildcard-populate.js","sources":["../../../src/sanitize/visitors/expand-wildcard-populate.ts"],"sourcesContent":["import type { Visitor } from '../../traverse/factory';\n\nconst visitor: Visitor = ({ schema, key, value }, { set }) => {\n if (key === '' && value === '*') {\n const { attributes } = schema;\n\n const newPopulateQuery = Object.entries(attributes)\n .filter(([, attribute]) =>\n ['relation', 'component', 'media', 'dynamiczone'].includes(attribute.type)\n )\n .reduce<Record<string, true>>((acc, [key]) => ({ ...acc, [key]: true }), {});\n\n set('', newPopulateQuery);\n }\n};\n\nexport default visitor;\n"],"names":["visitor","schema","key","value","set","attributes","newPopulateQuery","Object","entries","filter","attribute","includes","type","reduce","acc"],"mappings":";;AAEA,MAAMA,OAAAA,GAAmB,CAAC,EAAEC,MAAM,EAAEC,GAAG,EAAEC,KAAK,EAAE,EAAE,EAAEC,GAAG,EAAE,GAAA;IACvD,IAAIF,GAAAA,KAAQ,EAAA,IAAMC,KAAAA,KAAU,GAAA,EAAK;QAC/B,MAAM,EAAEE,UAAU,EAAE,GAAGJ,MAAAA;QAEvB,MAAMK,gBAAAA,GAAmBC,MAAAA,CAAOC,OAAO,CAACH,UAAAA,CAAAA,CACrCI,MAAM,CAAC,CAAC,GAAGC,SAAAA,CAAU,GACpB;AAAC,gBAAA,UAAA;AAAY,gBAAA,WAAA;AAAa,gBAAA,OAAA;AAAS,gBAAA;AAAc,aAAA,CAACC,QAAQ,CAACD,SAAAA,CAAUE,IAAI,CAAA,CAAA,CAE1EC,MAAM,CAAuB,CAACC,GAAAA,EAAK,CAACZ,GAAAA,CAAI,IAAM;AAAE,gBAAA,GAAGY,GAAG;AAAE,gBAAA,CAACZ,MAAM;AAAK,aAAA,GAAI,EAAC,CAAA;AAE5EE,QAAAA,GAAAA,CAAI,EAAA,EAAIE,gBAAAA,CAAAA;AACV,IAAA;AACF;;;;"}
package/dist/sanitize/visitors/expand-wildcard-populate.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"expand-wildcard-populate.mjs","sources":["../../../src/sanitize/visitors/expand-wildcard-populate.ts"],"sourcesContent":["import type { Visitor } from '../../traverse/factory';\n\nconst visitor: Visitor = ({ schema, key, value }, { set }) => {\n if (key === '' && value === '*') {\n const { attributes } = schema;\n\n const newPopulateQuery = Object.entries(attributes)\n .filter(([, attribute]) =>\n ['relation', 'component', 'media', 'dynamiczone'].includes(attribute.type)\n )\n .reduce<Record<string, true>>((acc, [key]) => ({ ...acc, [key]: true }), {});\n\n set('', newPopulateQuery);\n }\n};\n\nexport default visitor;\n"],"names":["visitor","schema","key","value","set","attributes","newPopulateQuery","Object","entries","filter","attribute","includes","type","reduce","acc"],"mappings":"AAEA,MAAMA,OAAmB,GAAA,CAAC,EAAEC,MAAM,EAAEC,GAAG,EAAEC,KAAK,EAAE,EAAE,EAAEC,GAAG,EAAE,GAAA;IACvD,IAAIF,GAAAA,KAAQ,EAAMC,IAAAA,KAAAA,KAAU,GAAK,EAAA;QAC/B,MAAM,EAAEE,UAAU,EAAE,GAAGJ,MAAAA;QAEvB,MAAMK,gBAAAA,GAAmBC,MAAOC,CAAAA,OAAO,CAACH,UAAAA,CAAAA,CACrCI,MAAM,CAAC,CAAC,GAAGC,SAAAA,CAAU,GACpB;AAAC,gBAAA,UAAA;AAAY,gBAAA,WAAA;AAAa,gBAAA,OAAA;AAAS,gBAAA;AAAc,aAAA,CAACC,QAAQ,CAACD,SAAUE,CAAAA,IAAI,CAE1EC,CAAAA,CAAAA,MAAM,CAAuB,CAACC,GAAK,EAAA,CAACZ,GAAI,CAAA,IAAM;AAAE,gBAAA,GAAGY,GAAG;AAAE,gBAAA,CAACZ,MAAM;AAAK,aAAA,GAAI,EAAC,CAAA;AAE5EE,QAAAA,GAAAA,CAAI,EAAIE,EAAAA,gBAAAA,CAAAA;AACV;AACF;;;;"}
1
+ {"version":3,"file":"expand-wildcard-populate.mjs","sources":["../../../src/sanitize/visitors/expand-wildcard-populate.ts"],"sourcesContent":["import type { Visitor } from '../../traverse/factory';\n\nconst visitor: Visitor = ({ schema, key, value }, { set }) => {\n if (key === '' && value === '*') {\n const { attributes } = schema;\n\n const newPopulateQuery = Object.entries(attributes)\n .filter(([, attribute]) =>\n ['relation', 'component', 'media', 'dynamiczone'].includes(attribute.type)\n )\n .reduce<Record<string, true>>((acc, [key]) => ({ ...acc, [key]: true }), {});\n\n set('', newPopulateQuery);\n }\n};\n\nexport default visitor;\n"],"names":["visitor","schema","key","value","set","attributes","newPopulateQuery","Object","entries","filter","attribute","includes","type","reduce","acc"],"mappings":"AAEA,MAAMA,OAAAA,GAAmB,CAAC,EAAEC,MAAM,EAAEC,GAAG,EAAEC,KAAK,EAAE,EAAE,EAAEC,GAAG,EAAE,GAAA;IACvD,IAAIF,GAAAA,KAAQ,EAAA,IAAMC,KAAAA,KAAU,GAAA,EAAK;QAC/B,MAAM,EAAEE,UAAU,EAAE,GAAGJ,MAAAA;QAEvB,MAAMK,gBAAAA,GAAmBC,MAAAA,CAAOC,OAAO,CAACH,UAAAA,CAAAA,CACrCI,MAAM,CAAC,CAAC,GAAGC,SAAAA,CAAU,GACpB;AAAC,gBAAA,UAAA;AAAY,gBAAA,WAAA;AAAa,gBAAA,OAAA;AAAS,gBAAA;AAAc,aAAA,CAACC,QAAQ,CAACD,SAAAA,CAAUE,IAAI,CAAA,CAAA,CAE1EC,MAAM,CAAuB,CAACC,GAAAA,EAAK,CAACZ,GAAAA,CAAI,IAAM;AAAE,gBAAA,GAAGY,GAAG;AAAE,gBAAA,CAACZ,MAAM;AAAK,aAAA,GAAI,EAAC,CAAA;AAE5EE,QAAAA,GAAAA,CAAI,EAAA,EAAIE,gBAAAA,CAAAA;AACV,IAAA;AACF;;;;"}
package/dist/sanitize/visitors/remove-disallowed-fields.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"remove-disallowed-fields.js","sources":["../../../src/sanitize/visitors/remove-disallowed-fields.ts"],"sourcesContent":["import { isArray, isNil, isString, toPath } from 'lodash/fp';\nimport type { Visitor } from '../../traverse/factory';\n\nexport default (allowedFields: string[] | null = null): Visitor =>\n ({ key, path: { attribute: path } }, { remove }) => {\n // All fields are allowed\n if (allowedFields === null) {\n return;\n }\n\n // Throw on invalid formats\n if (!(isArray(allowedFields) && allowedFields.every(isString))) {\n throw new TypeError(\n `Expected array of strings for allowedFields but got \"${typeof allowedFields}\"`\n );\n }\n\n if (isNil(path)) {\n return;\n }\n\n const containedPaths = getContainedPaths(path);\n\n /**\n * Tells if the current path should be kept or not based\n * on the success of the check functions for any of the allowed paths.\n *\n * The check functions are defined as follow:\n *\n * `containedPaths.includes(p)`\n * @example\n * ```js\n * const path = 'foo.bar.field';\n * const p = 'foo.bar';\n * // it should match\n *\n * const path = 'foo.bar.field';\n * const p = 'bar.foo';\n * // it shouldn't match\n *\n * const path = 'foo.bar';\n * const p = 'foo.bar.field';\n * // it should match but isn't handled by this check\n * ```\n *\n * `p.startsWith(`${path}.`)`\n * @example\n * ```js\n * const path = 'foo.bar';\n * const p = 'foo.bar.field';\n * // it should match\n *\n * const path = 'foo.bar.field';\n * const p = 'bar.foo';\n * // it shouldn't match\n *\n * const path = 'foo.bar.field';\n * const p = 'foo.bar';\n * // it should match but isn't handled by this check\n * ```\n */\n const isPathAllowed = allowedFields.some(\n (p) => containedPaths.includes(p) || p.startsWith(`${path}.`)\n );\n\n if (isPathAllowed) {\n return;\n }\n\n // Remove otherwise\n remove(key);\n };\n\n/**\n * Retrieve the list of allowed paths based on the given path\n *\n * @example\n * ```js\n * const containedPaths = getContainedPaths('foo');\n * // ['foo']\n *\n * * const containedPaths = getContainedPaths('foo.bar');\n * // ['foo', 'foo.bar']\n *\n * * const containedPaths = getContainedPaths('foo.bar.field');\n * // ['foo', 'foo.bar', 'foo.bar.field']\n * ```\n */\nconst getContainedPaths = (path: string) => {\n const parts = toPath(path);\n\n return parts.reduce((acc, value, index, list) => {\n return [...acc, list.slice(0, index + 1).join('.')];\n }, [] as string[]);\n};\n"],"names":["allowedFields","key","path","attribute","remove","isArray","every","isString","TypeError","isNil","containedPaths","getContainedPaths","isPathAllowed","some","p","includes","startsWith","parts","toPath","reduce","acc","value","index","list","slice","join"],"mappings":";;;;AAGA,6BAAe,CAAA,CAACA,aAAAA,GAAiC,IAAI,GACnD,CAAC,EAAEC,GAAG,EAAEC,IAAM,EAAA,EAAEC,WAAWD,IAAI,EAAE,EAAE,EAAE,EAAEE,MAAM,EAAE,GAAA;;AAE7C,QAAA,IAAIJ,kBAAkB,IAAM,EAAA;AAC1B,YAAA;AACF;;QAGA,IAAI,EAAEK,UAAQL,CAAAA,aAAAA,CAAAA,IAAkBA,cAAcM,KAAK,CAACC,YAAQ,CAAI,EAAA;YAC9D,MAAM,IAAIC,UACR,CAAC,qDAAqD,EAAE,OAAOR,aAAAA,CAAc,CAAC,CAAC,CAAA;AAEnF;AAEA,QAAA,IAAIS,SAAMP,IAAO,CAAA,EAAA;AACf,YAAA;AACF;AAEA,QAAA,MAAMQ,iBAAiBC,iBAAkBT,CAAAA,IAAAA,CAAAA;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCC,QACD,MAAMU,aAAgBZ,GAAAA,aAAAA,CAAca,IAAI,CACtC,CAACC,CAAMJ,GAAAA,cAAAA,CAAeK,QAAQ,CAACD,MAAMA,CAAEE,CAAAA,UAAU,CAAC,CAAGd,EAAAA,IAAAA,CAAK,CAAC,CAAC,CAAA,CAAA;AAG9D,QAAA,IAAIU,aAAe,EAAA;AACjB,YAAA;AACF;;QAGAR,MAAOH,CAAAA,GAAAA,CAAAA;AACT,KAAA;AAEF;;;;;;;;;;;;;;IAeA,MAAMU,oBAAoB,CAACT,IAAAA,GAAAA;AACzB,IAAA,MAAMe,QAAQC,SAAOhB,CAAAA,IAAAA,CAAAA;AAErB,IAAA,OAAOe,MAAME,MAAM,CAAC,CAACC,GAAAA,EAAKC,OAAOC,KAAOC,EAAAA,IAAAA,GAAAA;QACtC,OAAO;AAAIH,YAAAA,GAAAA,GAAAA;AAAKG,YAAAA,IAAAA,CAAKC,KAAK,CAAC,CAAA,EAAGF,KAAQ,GAAA,CAAA,CAAA,CAAGG,IAAI,CAAC,GAAA;AAAK,SAAA;AACrD,KAAA,EAAG,EAAE,CAAA;AACP,CAAA;;;;"}
1
+ {"version":3,"file":"remove-disallowed-fields.js","sources":["../../../src/sanitize/visitors/remove-disallowed-fields.ts"],"sourcesContent":["import { isArray, isNil, isString, toPath } from 'lodash/fp';\nimport type { Visitor } from '../../traverse/factory';\n\nexport default (allowedFields: string[] | null = null): Visitor =>\n ({ key, path: { attribute: path } }, { remove }) => {\n // All fields are allowed\n if (allowedFields === null) {\n return;\n }\n\n // Throw on invalid formats\n if (!(isArray(allowedFields) && allowedFields.every(isString))) {\n throw new TypeError(\n `Expected array of strings for allowedFields but got \"${typeof allowedFields}\"`\n );\n }\n\n if (isNil(path)) {\n return;\n }\n\n const containedPaths = getContainedPaths(path);\n\n /**\n * Tells if the current path should be kept or not based\n * on the success of the check functions for any of the allowed paths.\n *\n * The check functions are defined as follow:\n *\n * `containedPaths.includes(p)`\n * @example\n * ```js\n * const path = 'foo.bar.field';\n * const p = 'foo.bar';\n * // it should match\n *\n * const path = 'foo.bar.field';\n * const p = 'bar.foo';\n * // it shouldn't match\n *\n * const path = 'foo.bar';\n * const p = 'foo.bar.field';\n * // it should match but isn't handled by this check\n * ```\n *\n * `p.startsWith(`${path}.`)`\n * @example\n * ```js\n * const path = 'foo.bar';\n * const p = 'foo.bar.field';\n * // it should match\n *\n * const path = 'foo.bar.field';\n * const p = 'bar.foo';\n * // it shouldn't match\n *\n * const path = 'foo.bar.field';\n * const p = 'foo.bar';\n * // it should match but isn't handled by this check\n * ```\n */\n const isPathAllowed = allowedFields.some(\n (p) => containedPaths.includes(p) || p.startsWith(`${path}.`)\n );\n\n if (isPathAllowed) {\n return;\n }\n\n // Remove otherwise\n remove(key);\n };\n\n/**\n * Retrieve the list of allowed paths based on the given path\n *\n * @example\n * ```js\n * const containedPaths = getContainedPaths('foo');\n * // ['foo']\n *\n * * const containedPaths = getContainedPaths('foo.bar');\n * // ['foo', 'foo.bar']\n *\n * * const containedPaths = getContainedPaths('foo.bar.field');\n * // ['foo', 'foo.bar', 'foo.bar.field']\n * ```\n */\nconst getContainedPaths = (path: string) => {\n const parts = toPath(path);\n\n return parts.reduce((acc, value, index, list) => {\n return [...acc, list.slice(0, index + 1).join('.')];\n }, [] as string[]);\n};\n"],"names":["allowedFields","key","path","attribute","remove","isArray","every","isString","TypeError","isNil","containedPaths","getContainedPaths","isPathAllowed","some","p","includes","startsWith","parts","toPath","reduce","acc","value","index","list","slice","join"],"mappings":";;;;AAGA,6BAAe,CAAA,CAACA,aAAAA,GAAiC,IAAI,GACnD,CAAC,EAAEC,GAAG,EAAEC,IAAAA,EAAM,EAAEC,WAAWD,IAAI,EAAE,EAAE,EAAE,EAAEE,MAAM,EAAE,GAAA;;AAE7C,QAAA,IAAIJ,kBAAkB,IAAA,EAAM;AAC1B,YAAA;AACF,QAAA;;QAGA,IAAI,EAAEK,UAAAA,CAAQL,aAAAA,CAAAA,IAAkBA,cAAcM,KAAK,CAACC,YAAQ,CAAA,EAAI;YAC9D,MAAM,IAAIC,UACR,CAAC,qDAAqD,EAAE,OAAOR,aAAAA,CAAc,CAAC,CAAC,CAAA;AAEnF,QAAA;AAEA,QAAA,IAAIS,SAAMP,IAAAA,CAAAA,EAAO;AACf,YAAA;AACF,QAAA;AAEA,QAAA,MAAMQ,iBAAiBC,iBAAAA,CAAkBT,IAAAA,CAAAA;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCC,QACD,MAAMU,aAAAA,GAAgBZ,aAAAA,CAAca,IAAI,CACtC,CAACC,CAAAA,GAAMJ,cAAAA,CAAeK,QAAQ,CAACD,MAAMA,CAAAA,CAAEE,UAAU,CAAC,CAAA,EAAGd,IAAAA,CAAK,CAAC,CAAC,CAAA,CAAA;AAG9D,QAAA,IAAIU,aAAAA,EAAe;AACjB,YAAA;AACF,QAAA;;QAGAR,MAAAA,CAAOH,GAAAA,CAAAA;AACT,IAAA,CAAA;AAEF;;;;;;;;;;;;;;IAeA,MAAMU,oBAAoB,CAACT,IAAAA,GAAAA;AACzB,IAAA,MAAMe,QAAQC,SAAAA,CAAOhB,IAAAA,CAAAA;AAErB,IAAA,OAAOe,MAAME,MAAM,CAAC,CAACC,GAAAA,EAAKC,OAAOC,KAAAA,EAAOC,IAAAA,GAAAA;QACtC,OAAO;AAAIH,YAAAA,GAAAA,GAAAA;AAAKG,YAAAA,IAAAA,CAAKC,KAAK,CAAC,CAAA,EAAGF,KAAAA,GAAQ,CAAA,CAAA,CAAGG,IAAI,CAAC,GAAA;AAAK,SAAA;AACrD,IAAA,CAAA,EAAG,EAAE,CAAA;AACP,CAAA;;;;"}