参数过滤器。
我们希望传入的参数是可预测的。
举个例子,修改用户资料时,只限定修改 nickname 和 gender,但请求方可能把用户所有字段都加上了,比如 password,这样是不是会产生一些潜在的漏洞,导致不可改的数据也被修改了。
egg-filter 通过一个过滤规则对象,把传入的参数筛选出来,确保只有你想要的参数。
我们希望传入的参数是符合预期的。
举个例子,gender 参数通常会用数字类型表示,如 1 表示男,0 表示女。
但是 GET 请求的参数全是 string 类型,而 POST 请求则可以传递 JSON 数据,保证类型符合要求。
在服务器端,我们需要保证所有类型的请求都能被正确的处理,因此,参数过滤是非常必要的。
egg-filter 内置了 7 个过滤器:
如果内置过滤器不满足要求,可按如下方式添加:
app.filter.add('json', function (value) {
if (typeof value === 'string') {
try {
return JSON.parse(value)
}
catch (err) {
}
}
// 失败返回空字符串
return ''
})
let data = ctx.filter(
{
username: 'hahaha',
password: 'hahaha',
custom: 'haha'
},
{
username: 'trim',
password: ['trim', 'lower'],
custom: function (value) {
return value
}
}
)
FAQs
filter params
The npm package egg-filter receives a total of 0 weekly downloads. As such, egg-filter popularity was classified as not popular.
We found that egg-filter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.