UNPKG

express-elastic-sanitize

Version:

Elasticsearch input sanitizer for Express

github.com/riipen/express-elastic-sanitize

riipen/express-elastic-sanitize

71 lines (62 loc) 1.66 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
/** * Sanitizes a single given value. * * @param {String} value The value to sanitize. * * @return {String} The sanitized version of the value. */ const sanitizeValue = (value) => { // Non string types don't need to be sanitized if (typeof value !== 'string') return value; return value // Replace single character special characters .replace(/[*+\-=~><"?^${}():!/[\]\\\s]/g, '\\$&') // replace || .replace(/\|\|/g, '\\||') // replace && .replace(/&&/g, '\\&&') // replace AND .replace(/AND/g, '\\A\\N\\D') // replace OR .replace(/OR/g, '\\O\\R') // replace NOT .replace(/NOT/g, '\\N\\O\\T'); }; /** * Sanitizes a whole object of key value pairs. * * @param {Object} object The object of key value pairs to sanitize. * * @return {Boolean} Always returns true. */ const sanitizeObject = (object) => { if (!object) return null; // Sanitize all key value pairs of the object Object.keys(object).map((key) => { // eslint-disable-next-line no-param-reassign object[key] = sanitizeValue(object[key]); return null; }); return object; }; /** * An Express middleware which sanitizes all parameter types for elasticsearch. * * @param {Object} req The Express request object. * @param {Object} res The Express response object. * @param {Function} next The Express next function. */ const sanitize = (req, res, next) => { const PARAM_TYPES = [ 'body', 'params', 'query', ]; // Sanitize all param types PARAM_TYPES.map((type) => { sanitizeObject(req[type]); return null; }); return next(); }; export default sanitize;