vanta-api 1.4.2 → 1.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/api-features.js +34 -27
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "vanta-api",
3
- "version": "1.4.2",
3
+ "version": "1.4.3",
4
4
  "description": "Advanced API features and security configuration for Node.js/MongoDB.",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/src/api-features.js CHANGED
@@ -704,43 +704,50 @@ export class ApiFeatures {
704
704
  return out;
705
705
  }
706
706
 
707
- _sanitizeFilters(filters = {}) {
708
- const sanitizeNode = (node, key = "") => {
709
- if (node === null || node === "null") return null;
710
- if (node === "true") return true;
711
- if (node === "false") return false;
707
+ _sanitizeFilters(filters = {}) {
708
+ const sanitizeNode = (node, key = "") => {
709
+ if (
710
+ node instanceof mongoose.Types.ObjectId ||
711
+ node instanceof ObjectId
712
+ ) {
713
+ return node;
714
+ }
712
715
 
713
- if (Array.isArray(node)) {
714
- return node.map((item) => sanitizeNode(item, key));
715
- }
716
+ if (node === null || node === "null") return null;
717
+ if (node === "true") return true;
718
+ if (node === "false") return false;
716
719
 
717
- if (node && typeof node === "object") {
718
- const result = {};
720
+ if (Array.isArray(node)) {
721
+ return node.map((item) => sanitizeNode(item, key));
722
+ }
719
723
 
720
- for (const [childKey, childVal] of Object.entries(node)) {
721
- result[childKey] = sanitizeNode(childVal, childKey);
722
- }
724
+ if (node && typeof node === "object") {
725
+ const result = {};
723
726
 
724
- return result;
727
+ for (const [childKey, childVal] of Object.entries(node)) {
728
+ result[childKey] = sanitizeNode(childVal, childKey);
725
729
  }
726
730
 
727
- if (typeof node === "string") {
728
- if (this.#isStrictObjectId(node) && this._shouldConvertToObjectId(key)) {
729
- return new ObjectId(node);
730
- }
731
+ return result;
732
+ }
731
733
 
732
- if (/^[0-9]+$/.test(node)) {
733
- return node.length > 1 && node.startsWith("0")
734
- ? node
735
- : parseInt(node, 10);
736
- }
734
+ if (typeof node === "string") {
735
+ if (this.#isStrictObjectId(node) && this._shouldConvertToObjectId(key)) {
736
+ return new ObjectId(node);
737
737
  }
738
738
 
739
- return node;
740
- };
739
+ if (/^[0-9]+$/.test(node)) {
740
+ return node.length > 1 && node.startsWith("0")
741
+ ? node
742
+ : parseInt(node, 10);
743
+ }
744
+ }
741
745
 
742
- return sanitizeNode(filters);
743
- }
746
+ return node;
747
+ };
748
+
749
+ return sanitizeNode(filters);
750
+ }
744
751
 
745
752
  _shouldConvertToObjectId(key = "") {
746
753
  const cleanKey = String(key).replace(/^\$/, "").toLowerCase();