raml-sanitize

RAML Sanitize

Strict sanitization of RAML 0.8 named parameters and RAML 1.0 built-in types.

Why?

This module sanitizes values using webapi-parser Parameters and PropertyShapes. You should use this if you need to convert any request parameters (usually strings) into the corresponding JavaScript types. For example, form request bodies, query parameters and headers all have no concept of types. After running sanitization, you can use raml-validate to validate the strict values.

Installation

npm install raml-sanitize --save

Usage

The module exports a function that needs to be invoked to get a sanitization instance.

const wap = require('webapi-parser').WebApiParser
const sanitize = require('raml-sanitize')()

// returns Array<webapi-parser.PropertyShape>
async function getProperties () {
  const ramlStr = `
    #%RAML 1.0
    title: API with Types
    types:
      User:
        type: object
        properties:
          username: string
          password:  string
          birthday:
            type: date
            default: Mon, 23 Jun 2014 01:19:34 GMT
  `
  const model = await wap.raml10.parse(ramlStr)
  return model.declares[0].properties
}

async function main () {
  // These could also be Array<webapi-parser.Parameter>
  const properties = await getProperties()
  const user = sanitize(properties)
  const requestData = {
    username: 'blakeembrey',
    password: 'hunter2'
  }
  user(requestData)
  // => { username: 'blakeembrey', password: 'hunter2', birthday: new Date('Mon, 23 Jun 2014 01:19:34 GMT') }
}

main()

Module does not currently support wild-card parameters (RAML 0.8) and regular expression patterns in property declaration (RAML 1.0)

Type sanitization

The module comes with built-in type sanitization of string, number, integer, array, object, date and boolean as well as nested data. To add a new type sanitization, add a new property with the corresponding name to the sanitize.TYPES object.

Rule sanitization

The module can be extended with rule sanitization by adding properties to the sanitize.RULES object. A few core rules are implemented by default and can not be overriden - default and type.

Empty values

Empty values are automatically allowed to pass through sanitization. The only values considered to be empty are undefined and null.

Default values

When the value is empty and a default value has been provided, it will return the default value instead.

Caveats

Limitations with types (RAML 1.0)

The module does not support some Type Expressions (bi-dimensional array A[][] and array of union (A|B)[]).

Invalid Sanitization

If a sanitization is invalid, the original value will be returned instead.

Booleans

Only false, 0, "false", "0" and "" will return false. Everything else is considered true.

License

Apache 2.0