@strapi/utils/dist/sanitize/sanitizers.mjs.map

Shared utilities for the Strapi packages

{"version":3,"file":"sanitizers.mjs","sources":["../../src/sanitize/sanitizers.ts"],"sourcesContent":["import { curry, isEmpty, isNil, isArray, isPlainObject } from 'lodash/fp';\n\nimport { pipe as pipeAsync } from '../async';\nimport traverseEntity from '../traverse-entity';\nimport { isScalarAttribute, constants } from '../content-types';\n\nimport {\n  traverseQueryFilters,\n  traverseQuerySort,\n  traverseQueryPopulate,\n  traverseQueryFields,\n} from '../traverse';\n\nimport {\n  removePassword,\n  removePrivate,\n  removeDynamicZones,\n  removeMorphToRelations,\n  expandWildcardPopulate,\n} from './visitors';\nimport { isOperator } from '../operators';\n\nimport type { Model, Data } from '../types';\nimport type { Parent } from '../traverse/factory';\n\ninterface Context {\n  schema: Model;\n  getModel: (model: string) => Model;\n  parent?: Parent;\n}\n\nconst { ID_ATTRIBUTE, DOC_ID_ATTRIBUTE } = constants;\n\nconst sanitizePasswords = (ctx: Context) => async (entity: Data) => {\n  if (!ctx.schema) {\n    throw new Error('Missing schema in sanitizePasswords');\n  }\n\n  return traverseEntity(removePassword, ctx, entity);\n};\n\nconst defaultSanitizeOutput = async (ctx: Context, entity: Data) => {\n  if (!ctx.schema) {\n    throw new Error('Missing schema in defaultSanitizeOutput');\n  }\n\n  return traverseEntity(\n    (...args) => {\n      removePassword(...args);\n      removePrivate(...args);\n    },\n    ctx,\n    entity\n  );\n};\n\nconst defaultSanitizeFilters = curry((ctx: Context, filters: unknown) => {\n  if (!ctx.schema) {\n    throw new Error('Missing schema in defaultSanitizeFilters');\n  }\n\n  return pipeAsync(\n    // Remove keys that are not attributes or valid operators\n    traverseQueryFilters(({ key, attribute }, { remove }) => {\n      const isAttribute = !!attribute;\n\n      // ID is not an attribute per se, so we need to make\n      // an extra check to ensure we're not checking it\n      if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n        return;\n      }\n\n      if (!isAttribute && !isOperator(key)) {\n        remove(key);\n      }\n    }, ctx),\n    // Remove dynamic zones from filters\n    traverseQueryFilters(removeDynamicZones, ctx),\n    // Remove morpTo relations from filters\n    traverseQueryFilters(removeMorphToRelations, ctx),\n    // Remove passwords from filters\n    traverseQueryFilters(removePassword, ctx),\n    // Remove private from filters\n    traverseQueryFilters(removePrivate, ctx),\n    // Remove empty plain objects and empty arrays. Do not use lodash isObject+isEmpty: built-ins with no\n    // enumerable keys (Date, RegExp, boxed primitives, etc.) are \"empty\" and would wrongly drop valid operands.\n    traverseQueryFilters(({ key, value }, { remove }) => {\n      const isEmptyPlainObject = isPlainObject(value) && isEmpty(value);\n      const isEmptyArrayOperand = isArray(value) && isEmpty(value);\n      if (isEmptyPlainObject || isEmptyArrayOperand) {\n        remove(key);\n      }\n    }, ctx)\n  )(filters);\n});\n\nconst defaultSanitizeSort = curry((ctx: Context, sort: unknown) => {\n  if (!ctx.schema) {\n    throw new Error('Missing schema in defaultSanitizeSort');\n  }\n\n  return pipeAsync(\n    // Remove non attribute keys\n    traverseQuerySort(({ key, attribute }, { remove }) => {\n      // ID is not an attribute per se, so we need to make\n      // an extra check to ensure we're not checking it\n      if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n        return;\n      }\n\n      if (!attribute) {\n        remove(key);\n      }\n    }, ctx),\n    // Remove dynamic zones from sort\n    traverseQuerySort(removeDynamicZones, ctx),\n    // Remove morpTo relations from sort\n    traverseQuerySort(removeMorphToRelations, ctx),\n    // Remove private from sort\n    traverseQuerySort(removePrivate, ctx),\n    // Remove passwords from filters\n    traverseQuerySort(removePassword, ctx),\n    // Remove keys for empty non-scalar values\n    traverseQuerySort(({ key, attribute, value }, { remove }) => {\n      // ID is not an attribute per se, so we need to make\n      // an extra check to ensure we're not removing it\n      if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n        return;\n      }\n\n      if (!isScalarAttribute(attribute) && isEmpty(value)) {\n        remove(key);\n      }\n    }, ctx)\n  )(sort);\n});\n\nconst defaultSanitizeFields = curry((ctx: Context, fields: unknown) => {\n  if (!ctx.schema) {\n    throw new Error('Missing schema in defaultSanitizeFields');\n  }\n\n  return pipeAsync(\n    // Only keep scalar attributes\n    traverseQueryFields(({ key, attribute }, { remove }) => {\n      // ID is not an attribute per se, so we need to make\n      // an extra check to ensure we're not checking it\n      if ([ID_ATTRIBUTE, DOC_ID_ATTRIBUTE].includes(key)) {\n        return;\n      }\n\n      if (isNil(attribute) || !isScalarAttribute(attribute)) {\n        remove(key);\n      }\n    }, ctx),\n    // Remove private fields\n    traverseQueryFields(removePrivate, ctx),\n    // Remove password fields\n    traverseQueryFields(removePassword, ctx),\n    // Remove nil values from fields array\n    (value) => (isArray(value) ? value.filter((field) => !isNil(field)) : value)\n  )(fields);\n});\n\nconst defaultSanitizePopulate = curry((ctx: Context, populate: unknown) => {\n  if (!ctx.schema) {\n    throw new Error('Missing schema in defaultSanitizePopulate');\n  }\n\n  return pipeAsync(\n    traverseQueryPopulate(expandWildcardPopulate, ctx),\n    traverseQueryPopulate(async ({ key, value, schema, attribute, getModel, path }, { set }) => {\n      if (attribute) {\n        return;\n      }\n\n      const parent = { key, path, schema, attribute } satisfies Parent;\n\n      if (key === 'sort') {\n        set(key, await defaultSanitizeSort({ schema, getModel, parent }, value));\n      }\n\n      if (key === 'filters') {\n        set(key, await defaultSanitizeFilters({ schema, getModel, parent }, value));\n      }\n\n      if (key === 'fields') {\n        set(key, await defaultSanitizeFields({ schema, getModel, parent }, value));\n      }\n\n      if (key === 'populate') {\n        set(key, await defaultSanitizePopulate({ schema, getModel, parent }, value));\n      }\n    }, ctx),\n    // Remove private fields\n    traverseQueryPopulate(removePrivate, ctx)\n  )(populate);\n});\n\nexport {\n  sanitizePasswords,\n  defaultSanitizeOutput,\n  defaultSanitizeFilters,\n  defaultSanitizeSort,\n  defaultSanitizeFields,\n  defaultSanitizePopulate,\n};\n"],"names":["ID_ATTRIBUTE","DOC_ID_ATTRIBUTE","constants","sanitizePasswords","ctx","entity","schema","Error","traverseEntity","removePassword","defaultSanitizeOutput","args","removePrivate","defaultSanitizeFilters","curry","filters","pipeAsync","traverseQueryFilters","key","attribute","remove","isAttribute","includes","isOperator","removeDynamicZones","removeMorphToRelations","value","isEmptyPlainObject","isPlainObject","isEmpty","isEmptyArrayOperand","isArray","defaultSanitizeSort","sort","traverseQuerySort","isScalarAttribute","defaultSanitizeFields","fields","traverseQueryFields","isNil","filter","field","defaultSanitizePopulate","populate","traverseQueryPopulate","expandWildcardPopulate","getModel","path","set","parent"],"mappings":";;;;;;;;;;;;;;;;AA+BA,MAAM,EAAEA,YAAY,EAAEC,gBAAgB,EAAE,GAAGC,SAAAA;AAE3C,MAAMC,iBAAAA,GAAoB,CAACC,GAAAA,GAAiB,OAAOC,MAAAA,GAAAA;QACjD,IAAI,CAACD,GAAAA,CAAIE,MAAM,EAAE;AACf,YAAA,MAAM,IAAIC,KAAAA,CAAM,qCAAA,CAAA;AAClB,QAAA;QAEA,OAAOC,cAAAA,CAAeC,WAAgBL,GAAAA,EAAKC,MAAAA,CAAAA;AAC7C,IAAA;AAEA,MAAMK,qBAAAA,GAAwB,OAAON,GAAAA,EAAcC,MAAAA,GAAAA;IACjD,IAAI,CAACD,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,yCAAA,CAAA;AAClB,IAAA;IAEA,OAAOC,cAAAA,CACL,CAAC,GAAGG,IAAAA,GAAAA;QACFF,SAAAA,CAAAA,GAAkBE,IAAAA,CAAAA;QAClBC,OAAAA,CAAAA,GAAiBD,IAAAA,CAAAA;AACnB,IAAA,CAAA,EACAP,GAAAA,EACAC,MAAAA,CAAAA;AAEJ;AAEA,MAAMQ,sBAAAA,GAAyBC,KAAAA,CAAM,CAACV,GAAAA,EAAcW,OAAAA,GAAAA;IAClD,IAAI,CAACX,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,0CAAA,CAAA;AAClB,IAAA;AAEA,IAAA,OAAOS;IAELC,oBAAAA,CAAqB,CAAC,EAAEC,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;QAClD,MAAMC,WAAAA,GAAc,CAAC,CAACF,SAAAA;;;QAItB,IAAI;AAACnB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAAA,CAAAA,EAAM;AAClD,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAACG,WAAAA,IAAe,CAACE,UAAAA,CAAWL,GAAAA,CAAAA,EAAM;YACpCE,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd;IAEHa,oBAAAA,CAAqBO,SAAAA,EAAoBpB;IAEzCa,oBAAAA,CAAqBQ,SAAAA,EAAwBrB;IAE7Ca,oBAAAA,CAAqBR,SAAAA,EAAgBL;IAErCa,oBAAAA,CAAqBL,OAAAA,EAAeR;;IAGpCa,oBAAAA,CAAqB,CAAC,EAAEC,GAAG,EAAEQ,KAAK,EAAE,EAAE,EAAEN,MAAM,EAAE,GAAA;QAC9C,MAAMO,kBAAAA,GAAqBC,aAAAA,CAAcF,KAAAA,CAAAA,IAAUG,OAAAA,CAAQH,KAAAA,CAAAA;QAC3D,MAAMI,mBAAAA,GAAsBC,OAAAA,CAAQL,KAAAA,CAAAA,IAAUG,OAAAA,CAAQH,KAAAA,CAAAA;AACtD,QAAA,IAAIC,sBAAsBG,mBAAAA,EAAqB;YAC7CV,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd,GAAAA,CAAAA,CAAAA,CACHW,OAAAA,CAAAA;AACJ,CAAA;AAEA,MAAMiB,mBAAAA,GAAsBlB,KAAAA,CAAM,CAACV,GAAAA,EAAc6B,IAAAA,GAAAA;IAC/C,IAAI,CAAC7B,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,uCAAA,CAAA;AAClB,IAAA;AAEA,IAAA,OAAOS;IAELkB,iBAAAA,CAAkB,CAAC,EAAEhB,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;;;QAG/C,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAAA,CAAAA,EAAM;AAClD,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAACC,SAAAA,EAAW;YACdC,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd;IAEH8B,iBAAAA,CAAkBV,SAAAA,EAAoBpB;IAEtC8B,iBAAAA,CAAkBT,SAAAA,EAAwBrB;IAE1C8B,iBAAAA,CAAkBtB,OAAAA,EAAeR;IAEjC8B,iBAAAA,CAAkBzB,SAAAA,EAAgBL;IAElC8B,iBAAAA,CAAkB,CAAC,EAAEhB,GAAG,EAAEC,SAAS,EAAEO,KAAK,EAAE,EAAE,EAAEN,MAAM,EAAE,GAAA;;;QAGtD,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAAA,CAAAA,EAAM;AAClD,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAACiB,iBAAAA,CAAkBhB,SAAAA,CAAAA,IAAcU,OAAAA,CAAQH,KAAAA,CAAAA,EAAQ;YACnDN,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd,GAAAA,CAAAA,CAAAA,CACH6B,IAAAA,CAAAA;AACJ,CAAA;AAEA,MAAMG,qBAAAA,GAAwBtB,KAAAA,CAAM,CAACV,GAAAA,EAAciC,MAAAA,GAAAA;IACjD,IAAI,CAACjC,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,yCAAA,CAAA;AAClB,IAAA;AAEA,IAAA,OAAOS;IAELsB,mBAAAA,CAAoB,CAAC,EAAEpB,GAAG,EAAEC,SAAS,EAAE,EAAE,EAAEC,MAAM,EAAE,GAAA;;;QAGjD,IAAI;AAACpB,YAAAA,YAAAA;AAAcC,YAAAA;SAAiB,CAACqB,QAAQ,CAACJ,GAAAA,CAAAA,EAAM;AAClD,YAAA;AACF,QAAA;AAEA,QAAA,IAAIqB,KAAAA,CAAMpB,SAAAA,CAAAA,IAAc,CAACgB,iBAAAA,CAAkBhB,SAAAA,CAAAA,EAAY;YACrDC,MAAAA,CAAOF,GAAAA,CAAAA;AACT,QAAA;AACF,IAAA,CAAA,EAAGd;IAEHkC,mBAAAA,CAAoB1B,OAAAA,EAAeR;IAEnCkC,mBAAAA,CAAoB7B,SAAAA,EAAgBL;IAEpC,CAACsB,KAAAA,GAAWK,OAAAA,CAAQL,KAAAA,CAAAA,GAASA,KAAAA,CAAMc,MAAM,CAAC,CAACC,KAAAA,GAAU,CAACF,KAAAA,CAAME,KAAAA,CAAAA,CAAAA,GAAUf,KAAAA,CAAAA,CACtEW,MAAAA,CAAAA;AACJ,CAAA;AAEA,MAAMK,uBAAAA,GAA0B5B,KAAAA,CAAM,CAACV,GAAAA,EAAcuC,QAAAA,GAAAA;IACnD,IAAI,CAACvC,GAAAA,CAAIE,MAAM,EAAE;AACf,QAAA,MAAM,IAAIC,KAAAA,CAAM,2CAAA,CAAA;AAClB,IAAA;IAEA,OAAOS,IAAAA,CACL4B,sBAAsBC,SAAAA,EAAwBzC,GAAAA,CAAAA,EAC9CwC,sBAAsB,OAAO,EAAE1B,GAAG,EAAEQ,KAAK,EAAEpB,MAAM,EAAEa,SAAS,EAAE2B,QAAQ,EAAEC,IAAI,EAAE,EAAE,EAAEC,GAAG,EAAE,GAAA;AACrF,QAAA,IAAI7B,SAAAA,EAAW;AACb,YAAA;AACF,QAAA;AAEA,QAAA,MAAM8B,MAAAA,GAAS;AAAE/B,YAAAA,GAAAA;AAAK6B,YAAAA,IAAAA;AAAMzC,YAAAA,MAAAA;AAAQa,YAAAA;AAAU,SAAA;AAE9C,QAAA,IAAID,QAAQ,MAAA,EAAQ;YAClB8B,GAAAA,CAAI9B,GAAAA,EAAK,MAAMc,mBAAAA,CAAoB;AAAE1B,gBAAAA,MAAAA;AAAQwC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAO,EAAGvB,KAAAA,CAAAA,CAAAA;AACnE,QAAA;AAEA,QAAA,IAAIR,QAAQ,SAAA,EAAW;YACrB8B,GAAAA,CAAI9B,GAAAA,EAAK,MAAML,sBAAAA,CAAuB;AAAEP,gBAAAA,MAAAA;AAAQwC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAO,EAAGvB,KAAAA,CAAAA,CAAAA;AACtE,QAAA;AAEA,QAAA,IAAIR,QAAQ,QAAA,EAAU;YACpB8B,GAAAA,CAAI9B,GAAAA,EAAK,MAAMkB,qBAAAA,CAAsB;AAAE9B,gBAAAA,MAAAA;AAAQwC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAO,EAAGvB,KAAAA,CAAAA,CAAAA;AACrE,QAAA;AAEA,QAAA,IAAIR,QAAQ,UAAA,EAAY;YACtB8B,GAAAA,CAAI9B,GAAAA,EAAK,MAAMwB,uBAAAA,CAAwB;AAAEpC,gBAAAA,MAAAA;AAAQwC,gBAAAA,QAAAA;AAAUG,gBAAAA;aAAO,EAAGvB,KAAAA,CAAAA,CAAAA;AACvE,QAAA;AACF,IAAA,CAAA,EAAGtB;AAEHwC,IAAAA,qBAAAA,CAAsBhC,SAAeR,GAAAA,CAAAA,CAAAA,CACrCuC,QAAAA,CAAAA;AACJ,CAAA;;;;"}