Comparing version 1.0.3 to 1.0.4
@@ -12,7 +12,8 @@ 'use strict'; | ||
plugin.whiteRegex = new RegExp(/^[\s\f\n\r\t\u1680\u180e\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u2028\u2029\u202f\u205f\u3000\ufeff\x09\x0a\x0b\x0c\x0d\x20\xa0]+$/); | ||
plugin.whiteRegex = new RegExp( | ||
/^[\s\f\n\r\t\u1680\u180e\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u2028\u2029\u202f\u205f\u3000\ufeff\x09\x0a\x0b\x0c\x0d\x20\xa0]+$/ | ||
); | ||
// Sanitize using the Caja sanitizer | ||
plugin.sanitize = (obj) => { | ||
const keys = Object.keys(obj); | ||
@@ -29,3 +30,2 @@ | ||
plugin.removeWhitespace = (obj) => { | ||
const keys = Object.keys(obj); | ||
@@ -44,3 +44,2 @@ | ||
plugin.removeNonExistent = (obj) => { | ||
const keys = Object.keys(obj); | ||
@@ -59,3 +58,2 @@ | ||
plugin.escapeDollarSign = (obj) => { | ||
const keys = Object.keys(obj); | ||
@@ -74,3 +72,2 @@ | ||
plugin.removeDollarSign = (obj) => { | ||
const keys = Object.keys(obj); | ||
@@ -89,3 +86,2 @@ | ||
plugin.escapeCurlyBracket = (obj) => { | ||
const keys = Object.keys(obj); | ||
@@ -104,3 +100,2 @@ | ||
plugin.removeCurlyBracket = (obj) => { | ||
const keys = Object.keys(obj); | ||
@@ -119,3 +114,2 @@ | ||
plugin.original = (obj) => { | ||
return obj; | ||
@@ -125,3 +119,2 @@ }; | ||
plugin.avert = (obj, options, firstPass, secondPass) => { | ||
let cleansed = obj; | ||
@@ -132,2 +125,3 @@ if (cleansed && Object.keys(cleansed).length) { | ||
} | ||
cleansed = options.genericCustomSanitizer(cleansed); | ||
@@ -138,18 +132,20 @@ cleansed = options[secondPass](cleansed); | ||
} | ||
if (options.removeNonExistent) { | ||
cleansed = plugin.removeNonExistent(cleansed); | ||
} | ||
if (options.removeDollarSign) { | ||
cleansed = plugin.removeDollarSign(cleansed); | ||
} | ||
else if (options.escapeDollarSign) { | ||
} else if (options.escapeDollarSign) { | ||
cleansed = plugin.escapeDollarSign(cleansed); | ||
} | ||
if (options.removeCurlyBracket) { | ||
cleansed = plugin.removeCurlyBracket(cleansed); | ||
} | ||
else if (options.escapeCurlyBracket) { | ||
} else if (options.escapeCurlyBracket) { | ||
cleansed = plugin.escapeCurlyBracket(cleansed); | ||
} | ||
} | ||
return cleansed; | ||
@@ -159,3 +155,2 @@ }; | ||
plugin.schema = Joi.object().keys({ | ||
// boolean parameters | ||
@@ -181,3 +176,2 @@ removeWhitespace: Joi.boolean().optional(), | ||
plugin.defaults = { | ||
// boolean parameters | ||
@@ -204,7 +198,5 @@ removeWhitespace: false, | ||
plugin.register = async (server, options) => { | ||
try { | ||
await plugin.schema.validate(options); | ||
} | ||
catch (err) { | ||
} catch (err) { | ||
return err; | ||
@@ -216,3 +208,2 @@ } | ||
server.ext('onPostAuth', (request, h) => { | ||
if (request.route.settings.plugins.avert === false) { | ||
@@ -222,9 +213,30 @@ return h.continue; | ||
if (request.payload || Object.keys(request.params).length || Object.keys(request.query).length) { | ||
if ( | ||
request.payload || | ||
Object.keys(request.params).length || | ||
Object.keys(request.query).length | ||
) { | ||
request.route.settings.plugins._avert = Hoek.applyToDefaults( | ||
serverSettings, | ||
request.route.settings.plugins.avert || {} | ||
); | ||
request.route.settings.plugins._avert = Hoek.applyToDefaults(serverSettings, request.route.settings.plugins.avert || {}); | ||
request.query = plugin.avert(request.query, request.route.settings.plugins._avert, 'avertQuery', 'queryCustomSanitizer'); | ||
request.params = plugin.avert(request.params, request.route.settings.plugins._avert, 'avertParams', 'paramCustomSanitizer'); | ||
request.payload = plugin.avert(request.payload, request.route.settings.plugins._avert, 'avertPayload', 'payloadCustomSanitizer'); | ||
request.query = plugin.avert( | ||
request.query, | ||
request.route.settings.plugins._avert, | ||
'avertQuery', | ||
'queryCustomSanitizer' | ||
); | ||
request.params = plugin.avert( | ||
request.params, | ||
request.route.settings.plugins._avert, | ||
'avertParams', | ||
'paramCustomSanitizer' | ||
); | ||
request.payload = plugin.avert( | ||
request.payload, | ||
request.route.settings.plugins._avert, | ||
'avertPayload', | ||
'payloadCustomSanitizer' | ||
); | ||
} | ||
@@ -239,4 +251,4 @@ | ||
name: 'avert', | ||
version: '1.0.0', | ||
pkg : plugin.package | ||
version: '1.0.4', | ||
pkg: plugin.package | ||
}; |
100
package.json
{ | ||
"name": "avert", | ||
"version": "1.0.3", | ||
"description": "HapiJS request sanitizer.", | ||
"main": "lib/index.js", | ||
"directories": { | ||
"lib": "lib" | ||
}, | ||
"engines": { | ||
"node": "8.9.3" | ||
}, | ||
"scripts": { | ||
"test": "lab -c -v -L -a code", | ||
"cover": "lab -c -v -L -a code", | ||
"start": "node lib/index.js" | ||
}, | ||
"dependencies": { | ||
"hoek": "^6.1.2", | ||
"joi": "^14.3.1", | ||
"lodash": "^4.17.11", | ||
"sanitizer": "^0.1.3" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "git+https://github.com/asabzposh/avert.git" | ||
}, | ||
"keywords": [ | ||
"hapi", | ||
"request", | ||
"sanitizer" | ||
], | ||
"author": "Areeb Sabzposh", | ||
"license": "MIT", | ||
"bugs": { | ||
"url": "https://github.com/asabzposh/avert/issues" | ||
}, | ||
"homepage": "https://github.com/asabzposh/avert#readme", | ||
"devDependencies": { | ||
"blipp": "^3.1.2", | ||
"boom": "^7.3.0", | ||
"code": "^5.2.4", | ||
"coveralls": "^3.0.2", | ||
"hapi": "^18.0.0", | ||
"istanbul": "^0.4.5", | ||
"lab": "^18.0.1" | ||
} | ||
"name": "avert", | ||
"version": "1.0.4", | ||
"description": "HapiJS request sanitizer.", | ||
"main": "lib/index.js", | ||
"directories": { | ||
"lib": "lib" | ||
}, | ||
"engines": { | ||
"node": "8.9.3" | ||
}, | ||
"scripts": { | ||
"cover": "lab -c -v -L -a code", | ||
"prettier": "prettier --single-quote --write 'lib/*.js'", | ||
"precommit": "lint-staged", | ||
"start": "node lib/index.js", | ||
"test": "lab -c -v -L -a code" | ||
}, | ||
"lint-staged": { | ||
"*.{js,json,css,md}": [ | ||
"prettier --single-quote --write", | ||
"git add" | ||
] | ||
}, | ||
"dependencies": { | ||
"hoek": "^6.1.2", | ||
"joi": "^14.3.1", | ||
"lodash": "^4.17.11", | ||
"sanitizer": "^0.1.3" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "git+https://github.com/asabzposh/avert.git" | ||
}, | ||
"keywords": [ | ||
"hapi", | ||
"request", | ||
"sanitizer" | ||
], | ||
"author": "Areeb Sabzposh", | ||
"license": "MIT", | ||
"bugs": { | ||
"url": "https://github.com/asabzposh/avert/issues" | ||
}, | ||
"homepage": "https://github.com/asabzposh/avert#readme", | ||
"devDependencies": { | ||
"blipp": "^3.1.2", | ||
"boom": "^7.3.0", | ||
"code": "^5.2.4", | ||
"coveralls": "^3.0.2", | ||
"eslint-config-prettier": "^4.0.0", | ||
"eslint-plugin-prettier": "^3.0.1", | ||
"hapi": "^18.0.0", | ||
"lab": "^18.0.1", | ||
"prettier": "^1.16.4" | ||
} | ||
} |
193
117718
9
4