@aikidosec/firewall/agent/context/withoutIdorProtection.js

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.withoutIdorProtection = withoutIdorProtection;
exports.isIdorProtectionIgnored = isIdorProtectionIgnored;
const async_hooks_1 = require("async_hooks");
const idorIgnoredStorage = new async_hooks_1.AsyncLocalStorage();
function withoutIdorProtection(fn) {
    if (typeof fn !== "function") {
        // eslint-disable-next-line no-console
        console.warn("Zen.withoutIdorProtection: Expected a function, but received a value. Wrap your code in a closure: () => yourCode");
        return fn;
    }
    return idorIgnoredStorage.run(true, () => {
        const result = fn();
        // If a sync callback returns a Promise, the await happens outside the
        // AsyncLocalStorage context and IDOR protection won't be disabled.
        // Use an async callback with await to ensure the query runs inside the context.
        if (result instanceof Promise && fn.constructor.name !== "AsyncFunction") {
            // eslint-disable-next-line no-console
            console.warn("Zen.withoutIdorProtection: The callback returned a Promise without awaiting it. Use an async callback: async () => { return await db.query... }");
        }
        return result;
    });
}
function isIdorProtectionIgnored() {
    return idorIgnoredStorage.getStore() === true;
}