@aikidosec/firewall/helpers/matchEndpoints.js

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.matchEndpoints = matchEndpoints;
const tryParseURLPath_1 = require("./tryParseURLPath");
function matchEndpoints(context, endpoints) {
    const matches = [];
    if (!context.method) {
        return matches;
    }
    const possible = endpoints.filter((endpoint) => {
        if (endpoint.method === "*") {
            return true;
        }
        return endpoint.method === context.method;
    });
    // Sort so that exact method matches come first before wildcard matches
    possible.sort((a, b) => {
        if (a.method === b.method) {
            return 0;
        }
        if (a.method === "*") {
            return 1;
        }
        return -1;
    });
    const exact = possible.find((endpoint) => endpoint.route === context.route);
    if (exact) {
        matches.push(exact);
    }
    if (context.url) {
        // Find matching wildcard routes
        // We use the path from the URL, since the route can already include params like :id
        const path = (0, tryParseURLPath_1.tryParseURLPath)(context.url);
        const wildcards = possible
            .filter((endpoint) => endpoint.route.includes("*"))
            .sort((a, b) => {
            // Sort endpoints based on the amount of * in the route
            return b.route.split("*").length - a.route.split("*").length;
        });
        if (path) {
            for (const wildcard of wildcards) {
                const regex = new RegExp(`^${wildcard.route.replace(/\*/g, "(.*)")}\/?$`, "i");
                if (regex.test(path)) {
                    matches.push(wildcard);
                }
            }
        }
    }
    return matches;
}