UNPKG

@exortek/express-mongo-sanitize

Version:

A comprehensive Express middleware designed to protect your No(n)SQL queries from injection attacks by sanitizing request data. This middleware provides flexible sanitization options for request bodies, parameters, and query strings.

github.com/ExorTek/express-mongo-sanitize

ExorTek/express-mongo-sanitize

81 lines (73 loc) 2.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
import { RequestHandler, RequestParamHandler } from 'express'; /** * String-specific sanitizer options. */ export interface StringOptions { /** Trim whitespace from strings */ trim?: boolean; /** Convert strings to lowercase */ lowercase?: boolean; /** Truncate strings to a maximum length (null = unlimited) */ maxLength?: number | null; } /** * Array-specific sanitizer options. */ export interface ArrayOptions { /** Remove null values from arrays */ filterNull?: boolean; /** Remove duplicate values from arrays */ distinct?: boolean; } export interface DebugOptions { /** Enable debug logging */ enabled?: boolean; /** Log level (e.g., 'silent' | 'error' | 'warn' | 'info' | 'debug' | 'trace') */ level?: string; } /** * Main options for expressMongoSanitize middleware. */ export interface ExpressMongoSanitizeOptions { /** String to replace matched patterns with */ replaceWith?: string; /** Remove values matching patterns */ removeMatches?: boolean; /** Request objects to sanitize (default: ['body', 'query']) */ sanitizeObjects?: Array<'body' | 'query'>; /** Automatic or manual mode */ mode?: 'auto' | 'manual'; /** Paths to skip sanitizing */ skipRoutes?: string[]; /** Completely custom sanitizer function */ customSanitizer?: (data: any, options: ExpressMongoSanitizeOptions) => any; /** Recursively sanitize nested objects */ recursive?: boolean; /** Remove empty values after sanitizing */ removeEmpty?: boolean; /** Patterns to match for sanitization */ patterns?: RegExp[]; /** Only allow these keys in sanitized objects */ allowedKeys?: string[]; /** Remove these keys from sanitized objects */ deniedKeys?: string[]; /** String sanitizer options */ stringOptions?: StringOptions; /** Array sanitizer options */ arrayOptions?: ArrayOptions; /** Debugging options */ debug?: DebugOptions; } /** * Middleware for automatic sanitization of request objects. */ declare function expressMongoSanitize(options?: ExpressMongoSanitizeOptions): RequestHandler; /** * Middleware for sanitizing individual route parameters. */ declare function paramSanitizeHandler(options?: ExpressMongoSanitizeOptions): RequestParamHandler; /** * Main export for express-mongo-sanitize middleware. */ export default expressMongoSanitize; export { expressMongoSanitize, paramSanitizeHandler };