UNPKG

@tsed/schema

Version:

JsonSchema module for Ts.ED Framework

github.com/tsedio/tsed/tree/production/packages/specs/schema

tsedio/tsed

129 lines (128 loc) 3.36 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
import { JsonEntityFn } from "./jsonEntityFn.js"; /** * Marks a property as write-only, indicating it should not be included in responses. * * The `@WriteOnly()` decorator sets the `writeOnly` flag in the JSON Schema, which signals * that this property should only appear in request payloads and be excluded from response * data. This is commonly used for sensitive data like passwords that should be accepted * as input but never returned to clients. * * ### Basic Usage - Passwords * * ```typescript * class UserModel { * @Property() * username: string; * // Readable and writable * * @WriteOnly() * password: string; * // Can be sent in requests but never returned in responses * } * ``` * * ### Registration/Update Models * * ```typescript * class UserRegistration { * @Property() * email: string; * * @WriteOnly() * @MinLength(8) * password: string; * * @WriteOnly() * passwordConfirmation: string; * // Only needed for validation, never stored or returned * } * ``` * * ### Sensitive Configuration * * ```typescript * class ApiKeyConfig { * @Property() * name: string; * * @WriteOnly() * apiKey: string; * // Accept key in requests, but don't expose it in responses * * @ReadOnly() * createdAt: Date; * // Only in responses * } * ``` * * ### Toggle Write-Only * * ```typescript * class SecureModel { * @WriteOnly(true) * secret: string; * // Write-only * * @WriteOnly(false) * publicField: string; * // Explicitly not write-only (default behavior) * } * ``` * * ### OpenAPI Behavior * * In OpenAPI/Swagger documentation: * - Write-only properties appear in **request** schemas * - Write-only properties are **excluded** from **response** schemas * - Helps document sensitive fields that shouldn't be returned * * ### vs ReadOnly * * - `@WriteOnly()`: Property can be written but not read (requests only) * - `@ReadOnly()`: Property can be read but not written (responses only) * - Neither: Property can be both read and written * * ### Common Use Cases * * - **Passwords**: Authentication credentials that should never be exposed * - **Secret Keys**: API keys, tokens, or other sensitive credentials * - **Confirmation Fields**: Password confirmation, email confirmation * - **Temporary Inputs**: Fields used only for processing, not storage * - **Security Tokens**: CSRF tokens or one-time codes * * ### Security Best Practices * * ```typescript * class ChangePassword { * @WriteOnly() * @MinLength(8) * currentPassword: string; * * @WriteOnly() * @MinLength(8) * newPassword: string; * * @WriteOnly() * newPasswordConfirmation: string; * // All password fields are write-only * } * ``` * * ### Important Notes * * - `@WriteOnly()` is a schema hint for documentation and client validation * - Server-side code must still explicitly exclude these fields from responses * - Use serialization groups or DTOs to ensure write-only fields aren't leaked * - Always hash/encrypt sensitive data before storage * * @param writeOnly - Whether the property is write-only (default: true) * * @decorator * @validation * @public */ export function WriteOnly(writeOnly = true) { return JsonEntityFn((store) => { store.itemSchema.writeOnly(writeOnly); }); }