UNPKG

qapinterface

Version:

Comprehensive API utilities for Node.js applications including authentication, security, request processing, and response handling with zero external dependencies

github.com/api-utilities/api-utilities

api-utilities/api-utilities

73 lines (69 loc) 3.07 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/** * Secure URL Query Parameter Builder * * SINGLE RESPONSIBILITY: Safe query parameter appending to URLs ONLY * * SECURITY AND RELIABILITY FOCUS: * URL construction is a common source of security vulnerabilities and bugs in web applications. * This utility addresses several critical concerns: * - URL encoding to prevent injection attacks * - Proper handling of special characters and Unicode * - Prevention of duplicate parameter names * - Null/undefined value filtering to avoid malformed URLs * - Standards-compliant URL construction using native URL API * * WHY USE URL API: * The native URL API provides robust parsing and encoding that handles edge cases * better than manual string concatenation. It automatically handles: * - URL encoding of parameter names and values * - Proper separator characters (& vs ?) * - Unicode normalization * - Protocol and hostname preservation * * DESIGN DECISIONS: * - Null/undefined filtering prevents empty parameters in URLs * - String coercion ensures consistent parameter value types * - Immutable approach: doesn't modify the input baseUrl * - Returns complete URL string for direct use in requests */ /** * Safely appends query parameters to a base URL with proper encoding. * * PARAMETER HANDLING: * - Filters out null/undefined values to prevent malformed URLs * - Converts all values to strings for consistent URL encoding * - Uses URLSearchParams for standards-compliant parameter encoding * - Preserves existing query parameters in the base URL * * SECURITY FEATURES: * - Automatic URL encoding prevents injection attacks * - Unicode-safe parameter handling * - No manual string concatenation to avoid parsing errors * * @param {string} baseUrl - The base URL (must be valid URL format) * @param {Object<string, string|number>} [queryParams={}] - Key-value pairs for query parameters * @returns {string} Complete URL with appended query parameters * @throws {TypeError} If baseUrl is not a valid URL format */ function appendQueryParams(baseUrl, queryParams = {}) { // URL parsing: Create URL object for safe parameter manipulation // This validates the baseUrl format and provides secure parameter handling // Will throw TypeError if baseUrl is malformed const url = new URL(baseUrl); // Parameter processing: Iterate through provided query parameters Object.entries(queryParams).forEach(([key, value]) => { // Value filtering: Skip null/undefined to prevent empty parameters // This prevents URLs like "example.com/path?key=" which can cause issues if (value !== null && value !== undefined) { // Parameter appending: Use append() to handle multiple values for same key // String() coercion ensures consistent type handling (numbers, booleans, etc.) // URL.searchParams automatically handles URL encoding url.searchParams.append(key, String(value)); } }); // URL reconstruction: Return complete URL string with encoded parameters return url.toString(); } module.exports = { appendQueryParams };