quantum-flow 1.3.10 → 1.5.0

package/dist/utils/controller.js

@@ -1,20 +1,22 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getControllerMethods = exports.executeControllerMethod = void 0;
+exports.applyMiddlewaresVsSanitizers = exports.getResponse = exports.NextFN = exports.findRouteInController = exports.getAllMethods = exports.getControllerMethods = exports.executeControllerMethod = void 0;
+const _constants_1 = require("../constants.js");
 const _types_1 = require("../types/index.js");
-const _utils_1 = require("./index.js");
 const WebsocketService_1 = require("../app/http/websocket/WebsocketService");
+const helper_1 = require("./helper");
+const multipart_1 = require("./multipart");
+const sanitize_1 = require("./sanitize");
 const validate_1 = require("./validate");
-const _constants_1 = require("../constants.js");
-const getBodyAndMultipart = (payload) => {
-    let body = payload.body;
+const getBodyAndMultipart = (request) => {
+    let body = request.body;
     let multipart;
-    if (_utils_1.MultipartProcessor.isMultipart({ headers: payload.headers })) {
+    if (multipart_1.MultipartProcessor.isMultipart({ headers: request.headers })) {
         try {
-            const { fields, files } = _utils_1.MultipartProcessor.parse({
-                body: payload.rawBody || payload.body,
-                headers: payload.headers,
-                isBase64Encoded: payload.isBase64Encoded,
+            const { fields, files } = multipart_1.MultipartProcessor.parse({
+                body: request.rawBody || request.body,
+                headers: request.headers,
+                isBase64Encoded: request.isBase64Encoded,
             });
             multipart = files;
             body = fields;
@@ -26,7 +28,7 @@ const getBodyAndMultipart = (payload) => {
     }
     return { multipart, body };
 };
-const executeControllerMethod = async (controller, propertyName, payload, request, response) => {
+const executeControllerMethod = async (controller, propertyName, request, response) => {
     const fn = controller[propertyName];
     if (typeof fn !== 'function')
         return null;
@@ -34,19 +36,15 @@ const executeControllerMethod = async (controller, propertyName, payload, reques
     if (!endpointMeta)
         return null;
     const methodMiddlewares = Reflect.getMetadata(_constants_1.MIDDLEWARES, controller, propertyName) || [];
-    for (let i = 0; i < methodMiddlewares.length; i++) {
-        const middleware = methodMiddlewares[i];
-        const result = await middleware(payload);
-        if (result) {
-            payload = { ...payload, ...result };
-        }
+    for (let middleware of methodMiddlewares) {
+        await middleware(request, response, exports.NextFN);
     }
     const prototype = Object.getPrototypeOf(controller);
     const paramMetadata = Reflect.getMetadata(_constants_1.PARAM_METADATA_KEY, prototype, propertyName) || [];
     if (paramMetadata.length === 0) {
-        return fn.call(controller, payload);
+        return fn.call(controller, request, response);
     }
-    const { body, multipart } = getBodyAndMultipart(payload);
+    const { body, multipart } = getBodyAndMultipart(request);
     const args = [];
     const wsParams = Reflect.getMetadata(_constants_1.WS_SERVICE_KEY, controller, propertyName) || [];
     const totalParams = Math.max(paramMetadata.length ? Math.max(...paramMetadata.map((p) => p.index)) + 1 : 0, wsParams.length ? Math.max(...wsParams.map((p) => p.index)) + 1 : 0);
@@ -61,13 +59,12 @@ const executeControllerMethod = async (controller, propertyName, payload, reques
             args[i] = undefined;
             continue;
         }
-        let value = param.name ? payload[param.type]?.[param.name] : payload[param.type];
+        let value = param.name
+            ? request[param.type]?.[param.name]
+            : request[param.type];
         if (param.type === 'multipart') {
             value = multipart;
         }
-        if (param.type === 'request') {
-            value = payload;
-        }
         if (param.type === 'request') {
             value = request;
         }
@@ -110,3 +107,105 @@ const getControllerMethods = (controller) => {
     return methods.sort((a, b) => (a.httpMethod === _types_1.HTTP_METHODS.USE ? 1 : -1));
 };
 exports.getControllerMethods = getControllerMethods;
+const getAllMethods = (obj) => {
+    let methods = new Set();
+    let current = Object.getPrototypeOf(obj);
+    while (current && current !== Object.prototype) {
+        Object.getOwnPropertyNames(current).forEach((name) => {
+            if (name !== 'constructor' && typeof current[name] === 'function') {
+                methods.add(name);
+            }
+        });
+        current = Object.getPrototypeOf(current);
+    }
+    return Array.from(methods);
+};
+exports.getAllMethods = getAllMethods;
+const findRouteInController = (instance, path, route, method) => {
+    const prototype = Object.getPrototypeOf(instance);
+    const propertyNames = (0, exports.getAllMethods)(instance);
+    const matches = [];
+    for (const name of propertyNames) {
+        if ([
+            'constructor',
+            'getResponse',
+            'routeWalker',
+            'getAllMethods',
+            'findRouteInController',
+        ].includes(name))
+            continue;
+        const endpointMeta = Reflect.getMetadata(_constants_1.ENDPOINT, prototype, name) || [];
+        const sanitizers = Reflect.getMetadata(_constants_1.SANITIZE, prototype, name) ?? [];
+        if (endpointMeta.length === 0)
+            continue;
+        const [httpMethod, routePattern, middlewares] = endpointMeta;
+        if (httpMethod !== method && httpMethod !== 'USE') {
+            continue;
+        }
+        if (httpMethod === 'USE') {
+            let useRoute = route.split('/');
+            useRoute.pop();
+            route = useRoute.join('/');
+        }
+        const current = [path, routePattern].join('/').replace(/\/+/g, '/');
+        const pathParams = (0, helper_1.matchRoute)(current, route);
+        if (pathParams) {
+            const priority = httpMethod === 'USE' ? 0 : Object.keys(pathParams).length > 0 ? 1 : 2;
+            matches.push({
+                name,
+                pathParams,
+                priority,
+                cors: Reflect.getMetadata(_constants_1.CORS_METADATA, prototype, name),
+                middlewares,
+                sanitizers,
+            });
+        }
+    }
+    matches.sort((a, b) => b.priority - a.priority);
+    return matches[0] || null;
+};
+exports.findRouteInController = findRouteInController;
+const NextFN = (error) => {
+    if (error)
+        throw { status: error.status ?? 500, message: error.message ?? error };
+};
+exports.NextFN = NextFN;
+const getResponse = async (data) => {
+    try {
+        let appResponse = await (0, exports.executeControllerMethod)(data.controllerInstance, data.name, data.request, data.response);
+        data.response.statusCode = appResponse.status ?? 200;
+        const isError = !_constants_1.OK_STATUSES.includes(data.response.statusCode);
+        const interceptors = data.interceptors.reverse();
+        for (let index = 0; index < interceptors?.length && !isError; index++) {
+            const interceptor = interceptors[index];
+            appResponse = await interceptor(appResponse, data.request, data.response);
+        }
+        const propertyName = data.name;
+        const prototype = Object.getPrototypeOf(data.controllerInstance);
+        const methodOkStatus = Reflect.getMetadata(_constants_1.OK_METADATA_KEY, data.controllerInstance, propertyName);
+        if (methodOkStatus) {
+            !isError && (data.response.statusCode = methodOkStatus);
+        }
+        else {
+            const classOkStatus = Reflect.getMetadata(_constants_1.OK_METADATA_KEY, prototype);
+            !isError && classOkStatus && (data.response.statusCode = classOkStatus);
+        }
+        return { status: data.response.statusCode, data: appResponse };
+    }
+    catch (err) {
+        throw err;
+    }
+};
+exports.getResponse = getResponse;
+const applyMiddlewaresVsSanitizers = async (request, response, functions) => {
+    const length = Math.max(functions.sanitizers.length, functions.middlewares.length);
+    for (let i = 0; i < length; i++) {
+        const mws = functions.middlewares[i] ?? [];
+        const sntzs = functions.sanitizers[i] ?? [];
+        (0, sanitize_1.sanitizeRequest)(request, sntzs);
+        for (let middleware of mws) {
+            await middleware(request, response, exports.NextFN);
+        }
+    }
+};
+exports.applyMiddlewaresVsSanitizers = applyMiddlewaresVsSanitizers;

package/dist/utils/cors.d.ts

@@ -0,0 +1,8 @@
+import { AppRequest, CORSConfig } from '../types/index.js';
+export declare function handleCORS(req: AppRequest, res: any, config: CORSConfig): {
+    permitted: boolean;
+    continue: boolean;
+};
+export declare function isPreflightRequest(req: any): boolean;
+export declare const getCORSConfig: (controller: any, methodName?: string) => CORSConfig | null;
+export declare const getCORSHeaders: (req: any, config: CORSConfig) => Record<string, string>;

package/dist/utils/cors.js

@@ -0,0 +1,127 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCORSHeaders = exports.getCORSConfig = void 0;
+exports.handleCORS = handleCORS;
+exports.isPreflightRequest = isPreflightRequest;
+const _constants_1 = require("../constants.js");
+const headers_1 = require("./headers");
+function handleCORS(req, res, config) {
+    const origin = (0, headers_1.getOrigin)(req);
+    function isOriginAllowed() {
+        if (!origin)
+            return false;
+        if (config.origin === '*')
+            return true;
+        if (typeof config.origin === 'string')
+            return config.origin === origin;
+        if (Array.isArray(config.origin))
+            return config.origin.includes(origin);
+        if (typeof config.origin === 'function')
+            return config.origin(origin);
+        return false;
+    }
+    if (origin && !isOriginAllowed()) {
+        res.statusCode = 403;
+        res.setHeader('Content-Type', 'application/json');
+        return { permitted: false, continue: false };
+    }
+    if (req.method === 'OPTIONS') {
+        if (origin) {
+            res.setHeader('Access-Control-Allow-Origin', origin);
+        }
+        else if (config.origin === '*') {
+            res.setHeader('Access-Control-Allow-Origin', '*');
+        }
+        if (config.methods) {
+            res.setHeader('Access-Control-Allow-Methods', config.methods.join(', '));
+        }
+        if (config.allowedHeaders) {
+            res.setHeader('Access-Control-Allow-Headers', config.allowedHeaders.join(', '));
+        }
+        if (config.credentials) {
+            res.setHeader('Access-Control-Allow-Credentials', 'true');
+        }
+        if (config.maxAge) {
+            res.setHeader('Access-Control-Max-Age', config.maxAge.toString());
+        }
+        res.statusCode = config.optionsSuccessStatus || 204;
+        return { permitted: true, continue: false };
+    }
+    if (origin) {
+        res.setHeader('Access-Control-Allow-Origin', origin);
+        if (config.credentials) {
+            res.setHeader('Access-Control-Allow-Credentials', 'true');
+        }
+        if (config.exposedHeaders) {
+            res.setHeader('Access-Control-Expose-Headers', config.exposedHeaders.join(', '));
+        }
+    }
+    return { permitted: true, continue: true };
+}
+function isPreflightRequest(req) {
+    return (req.method === 'OPTIONS' && req.headers['access-control-request-method'] && req.headers.origin);
+}
+const getCORSConfig = (controller, methodName) => {
+    if (methodName) {
+        const methodConfig = Reflect.getMetadata(_constants_1.CORS_METADATA, controller, methodName);
+        if (methodConfig) {
+            return methodConfig;
+        }
+    }
+    if (controller && controller.constructor) {
+        const classConfig = Reflect.getMetadata(_constants_1.CORS_METADATA, controller.constructor.prototype);
+        if (classConfig) {
+            return classConfig;
+        }
+    }
+    return null;
+};
+exports.getCORSConfig = getCORSConfig;
+const getCORSHeaders = (req, config) => {
+    const headers = {};
+    const origin = req?.headers?.origin || req?.headers?.Origin;
+    if (!origin)
+        return headers;
+    let allowedOrigin = null;
+    if (config.origin === '*') {
+        allowedOrigin = '*';
+    }
+    else if (typeof config.origin === 'string') {
+        allowedOrigin = config.origin;
+    }
+    else if (Array.isArray(config.origin)) {
+        if (config.origin.includes(origin)) {
+            allowedOrigin = origin;
+        }
+    }
+    else if (typeof config.origin === 'function') {
+        if (config.origin(origin)) {
+            allowedOrigin = origin;
+        }
+    }
+    else if (config.origin === true) {
+        allowedOrigin = origin;
+    }
+    if (allowedOrigin) {
+        headers['Access-Control-Allow-Origin'] = allowedOrigin;
+        if (config.credentials) {
+            headers['Access-Control-Allow-Credentials'] = 'true';
+        }
+        if (config.exposedHeaders?.length) {
+            headers['Access-Control-Expose-Headers'] = config.exposedHeaders.join(', ');
+        }
+        if (req.method === 'OPTIONS') {
+            if (config.methods?.length) {
+                headers['Access-Control-Allow-Methods'] = config.methods.join(', ');
+            }
+            if (config.allowedHeaders?.length) {
+                headers['Access-Control-Allow-Headers'] = config.allowedHeaders.join(', ');
+            }
+            if (config.maxAge) {
+                headers['Access-Control-Max-Age'] = config.maxAge.toString();
+            }
+        }
+    }
+    return headers;
+};
+exports.getCORSHeaders = getCORSHeaders;

package/dist/utils/headers.d.ts

@@ -0,0 +1,2 @@
+import { AppRequest } from '../types/index.js';
+export declare const getOrigin: (req: AppRequest) => string;

package/dist/utils/headers.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getOrigin = void 0;
+const getOrigin = (req) => {
+    let originHeader = req.headers.origin || req.headers.Origin || req.requestUrl.origin;
+    const origin = (Array.isArray(originHeader) ? originHeader[0] : originHeader);
+    return origin;
+};
+exports.getOrigin = getOrigin;

package/dist/utils/index.d.ts

@@ -1,9 +1,12 @@
 export * from './controller';
+export * from './cors';
 export * from './endpoint';
+export * from './headers';
 export * from './helper';
 export * from './lambda';
 export * from './multipart';
 export * from './parsers';
+export * from './sanitize';
 export * from './server';
 export * from './transform';
 export * from './validate';

package/dist/utils/index.js

@@ -15,11 +15,14 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./controller"), exports);
+__exportStar(require("./cors"), exports);
 __exportStar(require("./endpoint"), exports);
+__exportStar(require("./headers"), exports);
 __exportStar(require("./helper"), exports);
 __exportStar(require("./lambda"), exports);
 __exportStar(require("./multipart"), exports);
 __exportStar(require("./parsers"), exports);
+__exportStar(require("./sanitize"), exports);
 __exportStar(require("./server"), exports);
 __exportStar(require("./transform"), exports);
 __exportStar(require("./validate"), exports);

package/dist/utils/multipart.d.ts

@@ -1,15 +1,9 @@
-export interface MultipartFile {
-    fieldname: string;
-    filename: string;
-    contentType: string;
-    data: Buffer;
-    size: number;
-    encoding?: string;
-}
+import { MultipartFile } from '../types/index.js';
 export declare class MultipartProcessor {
     static parse(request: any): {
         fields: Record<string, any>;
         files: Record<string, MultipartFile | MultipartFile[]>;
     };
     static isMultipart(request: any): boolean;
+    private static getContentType;
 }

package/dist/utils/multipart.js

@@ -34,7 +34,6 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.MultipartProcessor = void 0;
-// utils/MultipartProcessor.ts
 const multipart = __importStar(require("parse-multipart-data"));
 class MultipartProcessor {
     static parse(request) {
@@ -69,10 +68,11 @@ class MultipartProcessor {
         parts.forEach((part) => {
             if (part.filename) {
                 const fieldName = part.name || 'file';
+                const contentType = this.getContentType(part);
                 const fileData = {
                     fieldname: fieldName,
                     filename: part.filename,
-                    contentType: part.type,
+                    contentType: contentType ?? part.type,
                     data: part.data,
                     size: part.data.length,
                     encoding: part.encoding,
@@ -105,5 +105,101 @@ class MultipartProcessor {
         const contentType = request.headers?.['content-type'] || request.headers?.['Content-Type'] || '';
         return contentType.startsWith('multipart/form-data');
     }
+    static getContentType(part) {
+        const filename = part.filename || '';
+        const extension = filename.split('.').pop()?.toLowerCase() ?? '';
+        const mimeMap = {
+            txt: 'text/plain',
+            text: 'text/plain',
+            log: 'text/plain',
+            md: 'text/markdown',
+            csv: 'text/csv',
+            ts: 'application/typescript',
+            tsx: 'application/typescript',
+            js: 'application/javascript',
+            jsx: 'application/javascript',
+            mjs: 'application/javascript',
+            cjs: 'application/javascript',
+            json: 'application/json',
+            xml: 'application/xml',
+            yaml: 'application/yaml',
+            yml: 'application/yaml',
+            toml: 'application/toml',
+            php: 'application/x-httpd-php',
+            py: 'text/x-python',
+            rb: 'text/x-ruby',
+            java: 'text/x-java',
+            c: 'text/x-c',
+            cpp: 'text/x-c++',
+            h: 'text/x-c',
+            hpp: 'text/x-c++',
+            go: 'text/x-go',
+            rs: 'text/x-rust',
+            swift: 'text/x-swift',
+            kt: 'text/x-kotlin',
+            kts: 'text/x-kotlin',
+            html: 'text/html',
+            htm: 'text/html',
+            css: 'text/css',
+            scss: 'text/x-scss',
+            sass: 'text/x-sass',
+            less: 'text/x-less',
+            jpg: 'image/jpeg',
+            jpeg: 'image/jpeg',
+            png: 'image/png',
+            gif: 'image/gif',
+            webp: 'image/webp',
+            svg: 'image/svg+xml',
+            ico: 'image/x-icon',
+            bmp: 'image/bmp',
+            tiff: 'image/tiff',
+            tif: 'image/tiff',
+            avif: 'image/avif',
+            heic: 'image/heic',
+            heif: 'image/heif',
+            pdf: 'application/pdf',
+            doc: 'application/msword',
+            docx: 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+            xls: 'application/vnd.ms-excel',
+            xlsx: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+            ppt: 'application/vnd.ms-powerpoint',
+            pptx: 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+            odt: 'application/vnd.oasis.opendocument.text',
+            ods: 'application/vnd.oasis.opendocument.spreadsheet',
+            odp: 'application/vnd.oasis.opendocument.presentation',
+            zip: 'application/zip',
+            rar: 'application/vnd.rar',
+            '7z': 'application/x-7z-compressed',
+            tar: 'application/x-tar',
+            gz: 'application/gzip',
+            bz2: 'application/x-bzip2',
+            mp3: 'audio/mpeg',
+            wav: 'audio/wav',
+            ogg: 'audio/ogg',
+            m4a: 'audio/mp4',
+            flac: 'audio/flac',
+            aac: 'audio/aac',
+            mp4: 'video/mp4',
+            mpg: 'video/mpeg',
+            mpeg: 'video/mpeg',
+            mov: 'video/quicktime',
+            avi: 'video/x-msvideo',
+            wmv: 'video/x-ms-wmv',
+            flv: 'video/x-flv',
+            webm: 'video/webm',
+            mkv: 'video/x-matroska',
+            m4v: 'video/x-m4v',
+            bin: 'application/octet-stream',
+            exe: 'application/vnd.microsoft.portable-executable',
+            dll: 'application/vnd.microsoft.portable-executable',
+            deb: 'application/vnd.debian.binary-package',
+            rpm: 'application/x-rpm',
+            iso: 'application/x-iso9660-image',
+            sh: 'application/x-sh',
+            bat: 'application/x-msdos-program',
+            ps1: 'application/x-powershell',
+        };
+        return mimeMap[extension];
+    }
 }
 exports.MultipartProcessor = MultipartProcessor;

package/dist/utils/sanitize.d.ts

@@ -0,0 +1,30 @@
+import { AppRequest, SanitizerConfig } from '../types/index.js';
+import * as Joi from 'joi';
+export declare const SanitizeSchemas: {
+    string: {
+        trim: () => Joi.StringSchema<string>;
+        email: () => Joi.StringSchema<string>;
+        name: () => Joi.StringSchema<string>;
+        slug: () => Joi.StringSchema<string>;
+        phone: () => Joi.StringSchema<string>;
+    };
+    number: {
+        integer: () => Joi.NumberSchema<number>;
+        positive: () => Joi.NumberSchema<number>;
+        range: (min: number, max: number) => Joi.NumberSchema<number>;
+    };
+    object: {
+        stripUnknown: (schema: Joi.Schema) => Joi.ObjectSchema<any>;
+        withDefaults: (schema: Joi.Schema) => Joi.ObjectSchema<any>;
+    };
+    date: {
+        iso: () => Joi.DateSchema<Date>;
+        timestamp: () => Joi.DateSchema<Date>;
+    };
+    xss: () => Joi.StringSchema<string>;
+};
+export declare function applyJoiSanitization(value: any, config: SanitizerConfig): {
+    value: any;
+    error?: Joi.ValidationError;
+};
+export declare const sanitizeRequest: (request: AppRequest, config: SanitizerConfig[]) => void;

package/dist/utils/sanitize.js

@@ -0,0 +1,134 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sanitizeRequest = exports.SanitizeSchemas = void 0;
+exports.applyJoiSanitization = applyJoiSanitization;
+const Joi = __importStar(require("joi"));
+exports.SanitizeSchemas = {
+    string: {
+        trim: () => Joi.string().trim(),
+        email: () => Joi.string().email().trim().lowercase(),
+        name: () => Joi.string()
+            .trim()
+            .min(2)
+            .max(50)
+            .pattern(/^[a-zA-Z\s-]+$/),
+        slug: () => Joi.string()
+            .trim()
+            .lowercase()
+            .pattern(/^[a-z0-9-]+$/),
+        phone: () => Joi.string()
+            .trim()
+            .pattern(/^[\d\s\+\-\(\)]+$/),
+    },
+    number: {
+        integer: () => Joi.number().integer(),
+        positive: () => Joi.number().positive(),
+        range: (min, max) => Joi.number().min(min).max(max),
+    },
+    object: {
+        stripUnknown: (schema) => Joi.object(schema).unknown(false),
+        withDefaults: (schema) => Joi.object(schema).options({ stripUnknown: true }),
+    },
+    date: {
+        iso: () => Joi.date().iso(),
+        timestamp: () => Joi.date().timestamp(),
+    },
+    xss: () => Joi.string().custom((value, helpers) => {
+        if (typeof value !== 'string')
+            return value;
+        const sanitized = value
+            .replace(/javascript:/gi, '')
+            .replace(/on\w+=/gi, '')
+            .replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '')
+            .replace(/data:/gi, '');
+        return sanitized;
+    }, 'XSS sanitization'),
+};
+function applyJoiSanitization(value, config) {
+    if (!['headers', 'body', 'params', 'query'].includes(config.type)) {
+        return { value };
+    }
+    if (value === null || value === undefined) {
+        return { value };
+    }
+    const action = config.action || 'both';
+    const options = {
+        convert: true,
+        stripUnknown: config.stripUnknown ?? true,
+        abortEarly: false,
+        ...config.options,
+    };
+    try {
+        let result;
+        switch (action) {
+            case 'validate':
+                result = config.schema.validate(value, { ...options, convert: false, noDefaults: true });
+                break;
+            case 'sanitize':
+                result = config.schema.validate(value, {
+                    ...options,
+                    convert: true,
+                    presence: 'optional',
+                    noDefaults: false,
+                });
+                break;
+            case 'both':
+            default:
+                result = config.schema.validate(value, options);
+                break;
+        }
+        return {
+            value: result.value,
+            error: result.error,
+        };
+    }
+    catch (error) {
+        return {
+            value,
+            error: error,
+        };
+    }
+}
+const sanitizeRequest = (request, config) => {
+    config.forEach((conf) => {
+        const { value, error } = applyJoiSanitization(request[conf.type], conf);
+        if (error) {
+            throw { error, status: 400 };
+        }
+        request[conf.type] = value;
+    });
+};
+exports.sanitizeRequest = sanitizeRequest;