itlab-internal-services 2.16.5 → 2.16.6

package/dist/interceptors/attribute-sanitizer.interceptor.js

@@ -1,154 +0,0 @@
-"use strict";
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-var __metadata = (this && this.__metadata) || function (k, v) {
-    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AttributeSanitizerInterceptor = void 0;
-exports.UseAttributeSanitizer = UseAttributeSanitizer;
-const common_1 = require("@nestjs/common");
-const operators_1 = require("rxjs/operators");
-/**
- * AttributeSanitizerInterceptor
- *
- * This interceptor removes specified attributes from response objects.
- * It works with plain objects, arrays, sets, maps and also with Mongoose
- * documents by normalizing them to plain objects before sanitization.
- *
- * This is especially useful for removing sensitive fields (e.g., passwords,
- * tokens, SSNs) consistently across deeply nested response structures.
- */
-let AttributeSanitizerInterceptor = class AttributeSanitizerInterceptor {
-    /**
-     * @param keys - One or more property names to remove from every object.
-     * @param mongooseToObjectOptions - Options forwarded to Mongoose `.toObject()`
-     *                                  when normalizing documents.
-     */
-    constructor(keys, mongooseToObjectOptions = {
-        virtuals: true,
-        getters: true,
-        versionKey: false,
-    }) {
-        this.keys = keys;
-        this.mongooseToObjectOptions = mongooseToObjectOptions;
-    }
-    /**
-     * Intercepts the response and removes the targeted attributes.
-     *
-     * @param _context - Execution context (unused here).
-     * @param next - Next handler in the pipeline.
-     * @returns Sanitized response data.
-     */
-    intercept(_context, next) {
-        return next.handle().pipe((0, operators_1.map)((data) => this.sanitizeRecursively(data)));
-    }
-    /**
-     * Recursively removes targeted keys from objects, arrays, and nested structures.
-     *
-     * @param value - Any response value.
-     * @returns A sanitized value without the targeted attributes.
-     */
-    sanitizeRecursively(value) {
-        const normalized = this.normalizeIfMongooseDocument(value);
-        if (normalized === null || typeof normalized !== 'object') {
-            return normalized;
-        }
-        // Handle arrays
-        if (Array.isArray(normalized)) {
-            return normalized.map((item) => this.sanitizeRecursively(item));
-        }
-        // Handle Set → array
-        if (normalized instanceof Set) {
-            return Array.from(normalized).map((item) => this.sanitizeRecursively(item));
-        }
-        // Handle Map → plain object
-        if (normalized instanceof Map) {
-            const obj = {};
-            for (const [k, v] of normalized.entries()) {
-                obj[String(k)] = this.sanitizeRecursively(v);
-            }
-            return obj;
-        }
-        // Handle plain objects
-        if (this.isPlainObject(normalized)) {
-            const forbidden = this.ensureKeySet(this.keys);
-            const result = {};
-            for (const [prop, nested] of Object.entries(normalized)) {
-                if (forbidden.has(prop))
-                    continue;
-                result[prop] = this.sanitizeRecursively(nested);
-            }
-            return result;
-        }
-        // Other complex types (Date, Buffer, etc.) → leave unchanged
-        return normalized;
-    }
-    /**
-     * Converts a Mongoose document to a plain object if needed.
-     *
-     * @param value - Possible Mongoose document.
-     * @returns A plain object if conversion is possible, otherwise the value itself.
-     */
-    normalizeIfMongooseDocument(value) {
-        // Heuristic: Mongoose documents expose `.toObject()` and an internal `$__`.
-        // We avoid importing `mongoose` to keep this interceptor framework-agnostic.
-        const maybeDoc = value;
-        if (maybeDoc &&
-            typeof maybeDoc === 'object' &&
-            (typeof maybeDoc.toObject === 'function' || typeof maybeDoc.toJSON === 'function') &&
-            '$__' in maybeDoc) {
-            try {
-                if (typeof maybeDoc.toObject === 'function')
-                    return maybeDoc.toObject(this.mongooseToObjectOptions);
-                if (typeof maybeDoc.toJSON === 'function')
-                    return maybeDoc.toJSON(this.mongooseToObjectOptions);
-            }
-            catch (_a) {
-                // If normalization fails, fall back to the original value—better to
-                // return data than to throw at the last step.
-                return value;
-            }
-        }
-        return value;
-    }
-    /**
-     * Checks whether a value is a plain object (and not a class instance, Date, etc.).
-     *
-     * @param value - Any value.
-     * @returns True if the value is a plain object.
-     */
-    isPlainObject(value) {
-        return Object.prototype.toString.call(value) === '[object Object]';
-    }
-    /**
-     * Converts the user-provided keys into a Set for O(1) lookup.
-     *
-     * @param keys - String or array of strings.
-     * @returns A Set of keys.
-     */
-    ensureKeySet(keys) {
-        return Array.isArray(keys) ? new Set(keys) : new Set([keys]);
-    }
-};
-exports.AttributeSanitizerInterceptor = AttributeSanitizerInterceptor;
-exports.AttributeSanitizerInterceptor = AttributeSanitizerInterceptor = __decorate([
-    (0, common_1.Injectable)(),
-    __metadata("design:paramtypes", [Object, Object])
-], AttributeSanitizerInterceptor);
-/**
- * @UseAttributeSanitizer
- *
- * Convenience decorator that applies the AttributeSanitizerInterceptor
- * to a route or controller.
- *
- * @param keys - One or more keys to remove from all response objects.
- * @param mongooseToObjectOptions - Options for Mongoose `.toObject()` normalization.
- */
-function UseAttributeSanitizer(keys, mongooseToObjectOptions) {
-    return (0, common_1.UseInterceptors)(new AttributeSanitizerInterceptor(keys, mongooseToObjectOptions));
-}

package/dist/interceptors/index.d.ts

@@ -1 +0,0 @@
-export * from './attribute-sanitizer.interceptor';

package/dist/interceptors/index.js

@@ -1,17 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./attribute-sanitizer.interceptor"), exports);