@strapi/utils/dist/sanitize/index.mjs.map

Shared utilities for the Strapi packages

{"version":3,"file":"index.mjs","sources":["../../src/sanitize/index.ts"],"sourcesContent":["import { CurriedFunction1 } from 'lodash';\nimport { isArray, cloneDeep, omit } from 'lodash/fp';\n\nimport { constants, getNonWritableAttributes } from '../content-types';\nimport { pipe as pipeAsync } from '../async';\n\nimport * as visitors from './visitors';\nimport * as sanitizers from './sanitizers';\nimport traverseEntity from '../traverse-entity';\n\nimport { traverseQueryFilters, traverseQuerySort, traverseQueryPopulate } from '../traverse';\nimport type { Model, Data } from '../types';\n\nexport interface Options {\n  auth?: unknown;\n}\n\nexport interface Sanitizer {\n  (schema: Model): CurriedFunction1<Data, Promise<Data>>;\n}\nexport interface SanitizeFunc {\n  (data: unknown, schema: Model, options?: Options): Promise<unknown>;\n}\n\nexport interface APIOptions {\n  sanitizers?: Sanitizers;\n  getModel: (model: string) => Model;\n}\n\nexport interface Sanitizers {\n  input?: Sanitizer[];\n  output?: Sanitizer[];\n}\n\nconst createAPISanitizers = (opts: APIOptions) => {\n  const { getModel } = opts;\n\n  const sanitizeInput: SanitizeFunc = (data: unknown, schema: Model, { auth } = {}) => {\n    if (!schema) {\n      throw new Error('Missing schema in sanitizeInput');\n    }\n    if (isArray(data)) {\n      return Promise.all(data.map((entry) => sanitizeInput(entry, schema, { auth })));\n    }\n\n    const nonWritableAttributes = getNonWritableAttributes(schema);\n\n    const transforms = [\n      // Remove first level ID in inputs\n      omit(constants.ID_ATTRIBUTE),\n      omit(constants.DOC_ID_ATTRIBUTE),\n      // Remove non-writable attributes\n      traverseEntity(visitors.removeRestrictedFields(nonWritableAttributes), { schema, getModel }),\n    ];\n\n    if (auth) {\n      // Remove restricted relations\n      transforms.push(\n        traverseEntity(visitors.removeRestrictedRelations(auth), { schema, getModel })\n      );\n    }\n\n    // Apply sanitizers from registry if exists\n    opts?.sanitizers?.input?.forEach((sanitizer: Sanitizer) => transforms.push(sanitizer(schema)));\n\n    return pipeAsync(...transforms)(data as Data);\n  };\n\n  const sanitizeOutput: SanitizeFunc = async (data, schema: Model, { auth } = {}) => {\n    if (!schema) {\n      throw new Error('Missing schema in sanitizeOutput');\n    }\n    if (isArray(data)) {\n      const res = new Array(data.length);\n      for (let i = 0; i < data.length; i += 1) {\n        res[i] = await sanitizeOutput(data[i], schema, { auth });\n      }\n      return res;\n    }\n\n    const transforms = [\n      (data: Data) => sanitizers.defaultSanitizeOutput({ schema, getModel }, data),\n    ];\n\n    if (auth) {\n      transforms.push(\n        traverseEntity(visitors.removeRestrictedRelations(auth), { schema, getModel })\n      );\n    }\n\n    // Apply sanitizers from registry if exists\n    opts?.sanitizers?.output?.forEach((sanitizer: Sanitizer) => transforms.push(sanitizer(schema)));\n\n    return pipeAsync(...transforms)(data as Data);\n  };\n\n  const sanitizeQuery = async (\n    query: Record<string, unknown>,\n    schema: Model,\n    { auth }: Options = {}\n  ) => {\n    if (!schema) {\n      throw new Error('Missing schema in sanitizeQuery');\n    }\n    const { filters, sort, fields, populate } = query;\n\n    const sanitizedQuery = cloneDeep(query);\n\n    if (filters) {\n      Object.assign(sanitizedQuery, { filters: await sanitizeFilters(filters, schema, { auth }) });\n    }\n\n    if (sort) {\n      Object.assign(sanitizedQuery, { sort: await sanitizeSort(sort, schema, { auth }) });\n    }\n\n    if (fields) {\n      Object.assign(sanitizedQuery, { fields: await sanitizeFields(fields, schema) });\n    }\n\n    if (populate) {\n      Object.assign(sanitizedQuery, { populate: await sanitizePopulate(populate, schema) });\n    }\n\n    return sanitizedQuery;\n  };\n\n  const sanitizeFilters: SanitizeFunc = (filters, schema: Model, { auth } = {}) => {\n    if (!schema) {\n      throw new Error('Missing schema in sanitizeFilters');\n    }\n    if (isArray(filters)) {\n      return Promise.all(filters.map((filter) => sanitizeFilters(filter, schema, { auth })));\n    }\n\n    const transforms = [sanitizers.defaultSanitizeFilters({ schema, getModel })];\n\n    if (auth) {\n      transforms.push(\n        traverseQueryFilters(visitors.removeRestrictedRelations(auth), { schema, getModel })\n      );\n    }\n\n    return pipeAsync(...transforms)(filters);\n  };\n\n  const sanitizeSort: SanitizeFunc = (sort, schema: Model, { auth } = {}) => {\n    if (!schema) {\n      throw new Error('Missing schema in sanitizeSort');\n    }\n    const transforms = [sanitizers.defaultSanitizeSort({ schema, getModel })];\n\n    if (auth) {\n      transforms.push(\n        traverseQuerySort(visitors.removeRestrictedRelations(auth), { schema, getModel })\n      );\n    }\n\n    return pipeAsync(...transforms)(sort);\n  };\n\n  const sanitizeFields: SanitizeFunc = (fields, schema: Model) => {\n    if (!schema) {\n      throw new Error('Missing schema in sanitizeFields');\n    }\n    const transforms = [sanitizers.defaultSanitizeFields({ schema, getModel })];\n\n    return pipeAsync(...transforms)(fields);\n  };\n\n  const sanitizePopulate: SanitizeFunc = (populate, schema: Model, { auth } = {}) => {\n    if (!schema) {\n      throw new Error('Missing schema in sanitizePopulate');\n    }\n    const transforms = [sanitizers.defaultSanitizePopulate({ schema, getModel })];\n\n    if (auth) {\n      transforms.push(\n        traverseQueryPopulate(visitors.removeRestrictedRelations(auth), { schema, getModel })\n      );\n    }\n\n    return pipeAsync(...transforms)(populate);\n  };\n\n  return {\n    input: sanitizeInput,\n    output: sanitizeOutput,\n    query: sanitizeQuery,\n    filters: sanitizeFilters,\n    sort: sanitizeSort,\n    fields: sanitizeFields,\n    populate: sanitizePopulate,\n  };\n};\n\nexport { createAPISanitizers, sanitizers, visitors };\n\nexport type APISanitiers = ReturnType<typeof createAPISanitizers>;\n"],"names":["createAPISanitizers","opts","getModel","sanitizeInput","data","schema","auth","Error","isArray","Promise","all","map","entry","nonWritableAttributes","getNonWritableAttributes","transforms","omit","constants","ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","traverseEntity","visitors","push","sanitizers","input","forEach","sanitizer","pipeAsync","sanitizeOutput","res","Array","length","i","output","sanitizeQuery","query","filters","sort","fields","populate","sanitizedQuery","cloneDeep","Object","assign","sanitizeFilters","sanitizeSort","sanitizeFields","sanitizePopulate","filter","traverseQueryFilters","traverseQuerySort","traverseQueryPopulate"],"mappings":";;;;;;;;;;;;;;;;AAkCA,MAAMA,sBAAsB,CAACC,IAAAA,GAAAA;IAC3B,MAAM,EAAEC,QAAQ,EAAE,GAAGD,IAAAA;IAErB,MAAME,aAAAA,GAA8B,CAACC,IAAeC,EAAAA,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC9E,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAIE,KAAM,CAAA,iCAAA,CAAA;AAClB;AACA,QAAA,IAAIC,QAAQJ,IAAO,CAAA,EAAA;YACjB,OAAOK,OAAAA,CAAQC,GAAG,CAACN,IAAKO,CAAAA,GAAG,CAAC,CAACC,KAAAA,GAAUT,aAAcS,CAAAA,KAAAA,EAAOP,MAAQ,EAAA;AAAEC,oBAAAA;AAAK,iBAAA,CAAA,CAAA,CAAA;AAC7E;AAEA,QAAA,MAAMO,wBAAwBC,wBAAyBT,CAAAA,MAAAA,CAAAA;AAEvD,QAAA,MAAMU,UAAa,GAAA;;AAEjBC,YAAAA,IAAAA,CAAKC,UAAUC,YAAY,CAAA;AAC3BF,YAAAA,IAAAA,CAAKC,UAAUE,gBAAgB,CAAA;;YAE/BC,cAAeC,CAAAA,sBAA+B,CAACR,qBAAwB,CAAA,EAAA;AAAER,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAC3F,SAAA;AAED,QAAA,IAAII,IAAM,EAAA;;AAERS,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAAA,CAAeC,yBAAkC,CAACf,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEhF;;QAGAD,IAAMsB,EAAAA,UAAAA,EAAYC,OAAOC,OAAQ,CAAA,CAACC,YAAyBX,UAAWO,CAAAA,IAAI,CAACI,SAAUrB,CAAAA,MAAAA,CAAAA,CAAAA,CAAAA;AAErF,QAAA,OAAOsB,QAAaZ,UAAYX,CAAAA,CAAAA,IAAAA,CAAAA;AAClC,KAAA;IAEA,MAAMwB,cAAAA,GAA+B,OAAOxB,IAAMC,EAAAA,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC5E,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAIE,KAAM,CAAA,kCAAA,CAAA;AAClB;AACA,QAAA,IAAIC,QAAQJ,IAAO,CAAA,EAAA;AACjB,YAAA,MAAMyB,GAAM,GAAA,IAAIC,KAAM1B,CAAAA,IAAAA,CAAK2B,MAAM,CAAA;YACjC,IAAK,IAAIC,IAAI,CAAGA,EAAAA,CAAAA,GAAI5B,KAAK2B,MAAM,EAAEC,KAAK,CAAG,CAAA;gBACvCH,GAAG,CAACG,EAAE,GAAG,MAAMJ,eAAexB,IAAI,CAAC4B,CAAE,CAAA,EAAE3B,MAAQ,EAAA;AAAEC,oBAAAA;AAAK,iBAAA,CAAA;AACxD;YACA,OAAOuB,GAAAA;AACT;AAEA,QAAA,MAAMd,UAAa,GAAA;YACjB,CAACX,IAAAA,GAAemB,qBAAgC,CAAC;AAAElB,oBAAAA,MAAAA;AAAQH,oBAAAA;iBAAYE,EAAAA,IAAAA;AACxE,SAAA;AAED,QAAA,IAAIE,IAAM,EAAA;AACRS,YAAAA,UAAAA,CAAWO,IAAI,CACbF,cAAAA,CAAeC,yBAAkC,CAACf,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEhF;;QAGAD,IAAMsB,EAAAA,UAAAA,EAAYU,QAAQR,OAAQ,CAAA,CAACC,YAAyBX,UAAWO,CAAAA,IAAI,CAACI,SAAUrB,CAAAA,MAAAA,CAAAA,CAAAA,CAAAA;AAEtF,QAAA,OAAOsB,QAAaZ,UAAYX,CAAAA,CAAAA,IAAAA,CAAAA;AAClC,KAAA;IAEA,MAAM8B,aAAAA,GAAgB,OACpBC,KACA9B,EAAAA,MAAAA,EACA,EAAEC,IAAI,EAAW,GAAG,EAAE,GAAA;AAEtB,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAIE,KAAM,CAAA,iCAAA,CAAA;AAClB;QACA,MAAM,EAAE6B,OAAO,EAAEC,IAAI,EAAEC,MAAM,EAAEC,QAAQ,EAAE,GAAGJ,KAAAA;AAE5C,QAAA,MAAMK,iBAAiBC,SAAUN,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,IAAIC,OAAS,EAAA;YACXM,MAAOC,CAAAA,MAAM,CAACH,cAAgB,EAAA;gBAAEJ,OAAS,EAAA,MAAMQ,eAAgBR,CAAAA,OAAAA,EAAS/B,MAAQ,EAAA;AAAEC,oBAAAA;AAAK,iBAAA;AAAG,aAAA,CAAA;AAC5F;AAEA,QAAA,IAAI+B,IAAM,EAAA;YACRK,MAAOC,CAAAA,MAAM,CAACH,cAAgB,EAAA;gBAAEH,IAAM,EAAA,MAAMQ,YAAaR,CAAAA,IAAAA,EAAMhC,MAAQ,EAAA;AAAEC,oBAAAA;AAAK,iBAAA;AAAG,aAAA,CAAA;AACnF;AAEA,QAAA,IAAIgC,MAAQ,EAAA;YACVI,MAAOC,CAAAA,MAAM,CAACH,cAAgB,EAAA;gBAAEF,MAAQ,EAAA,MAAMQ,eAAeR,MAAQjC,EAAAA,MAAAA;AAAQ,aAAA,CAAA;AAC/E;AAEA,QAAA,IAAIkC,QAAU,EAAA;YACZG,MAAOC,CAAAA,MAAM,CAACH,cAAgB,EAAA;gBAAED,QAAU,EAAA,MAAMQ,iBAAiBR,QAAUlC,EAAAA,MAAAA;AAAQ,aAAA,CAAA;AACrF;QAEA,OAAOmC,cAAAA;AACT,KAAA;IAEA,MAAMI,eAAAA,GAAgC,CAACR,OAAS/B,EAAAA,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC1E,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAIE,KAAM,CAAA,mCAAA,CAAA;AAClB;AACA,QAAA,IAAIC,QAAQ4B,OAAU,CAAA,EAAA;YACpB,OAAO3B,OAAAA,CAAQC,GAAG,CAAC0B,OAAQzB,CAAAA,GAAG,CAAC,CAACqC,MAAAA,GAAWJ,eAAgBI,CAAAA,MAAAA,EAAQ3C,MAAQ,EAAA;AAAEC,oBAAAA;AAAK,iBAAA,CAAA,CAAA,CAAA;AACpF;AAEA,QAAA,MAAMS,UAAa,GAAA;AAACQ,YAAAA,sBAAiC,CAAC;AAAElB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE5E,QAAA,IAAII,IAAM,EAAA;AACRS,YAAAA,UAAAA,CAAWO,IAAI,CACb2B,oBAAAA,CAAqB5B,yBAAkC,CAACf,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEtF;AAEA,QAAA,OAAOyB,QAAaZ,UAAYqB,CAAAA,CAAAA,OAAAA,CAAAA;AAClC,KAAA;IAEA,MAAMS,YAAAA,GAA6B,CAACR,IAAMhC,EAAAA,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AACpE,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAIE,KAAM,CAAA,gCAAA,CAAA;AAClB;AACA,QAAA,MAAMQ,UAAa,GAAA;AAACQ,YAAAA,mBAA8B,CAAC;AAAElB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAEzE,QAAA,IAAII,IAAM,EAAA;AACRS,YAAAA,UAAAA,CAAWO,IAAI,CACb4B,iBAAAA,CAAkB7B,yBAAkC,CAACf,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEnF;AAEA,QAAA,OAAOyB,QAAaZ,UAAYsB,CAAAA,CAAAA,IAAAA,CAAAA;AAClC,KAAA;IAEA,MAAMS,cAAAA,GAA+B,CAACR,MAAQjC,EAAAA,MAAAA,GAAAA;AAC5C,QAAA,IAAI,CAACA,MAAQ,EAAA;AACX,YAAA,MAAM,IAAIE,KAAM,CAAA,kCAAA,CAAA;AAClB;AACA,QAAA,MAAMQ,UAAa,GAAA;AAACQ,YAAAA,qBAAgC,CAAC;AAAElB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE3E,QAAA,OAAOyB,QAAaZ,UAAYuB,CAAAA,CAAAA,MAAAA,CAAAA;AAClC,KAAA;IAEA,MAAMS,gBAAAA,GAAiC,CAACR,QAAUlC,EAAAA,MAAAA,EAAe,EAAEC,IAAI,EAAE,GAAG,EAAE,GAAA;AAC5E,QAAA,IAAI,CAACD,MAAQ,EAAA;AACX,YAAA,MAAM,IAAIE,KAAM,CAAA,oCAAA,CAAA;AAClB;AACA,QAAA,MAAMQ,UAAa,GAAA;AAACQ,YAAAA,uBAAkC,CAAC;AAAElB,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA;AAAG,SAAA;AAE7E,QAAA,IAAII,IAAM,EAAA;AACRS,YAAAA,UAAAA,CAAWO,IAAI,CACb6B,qBAAAA,CAAsB9B,yBAAkC,CAACf,IAAO,CAAA,EAAA;AAAED,gBAAAA,MAAAA;AAAQH,gBAAAA;AAAS,aAAA,CAAA,CAAA;AAEvF;AAEA,QAAA,OAAOyB,QAAaZ,UAAYwB,CAAAA,CAAAA,QAAAA,CAAAA;AAClC,KAAA;IAEA,OAAO;QACLf,KAAOrB,EAAAA,aAAAA;QACP8B,MAAQL,EAAAA,cAAAA;QACRO,KAAOD,EAAAA,aAAAA;QACPE,OAASQ,EAAAA,eAAAA;QACTP,IAAMQ,EAAAA,YAAAA;QACNP,MAAQQ,EAAAA,cAAAA;QACRP,QAAUQ,EAAAA;AACZ,KAAA;AACF;;;;"}