sanitize - npm Package Compare versions

Comparing version 0.0.6 to 0.0.7

lib/middleware.js

@@ -6,2 +6,3 @@ /**
 
+var _ = require('lodash');
 var sanitizer = require('./sanitize')();
@@ -19,75 +20,80 @@
   // functions to retrieve and filter headers
-  req.headerInt = function(name) {
-    return req.sanitizer.value(req.headers[name], 'int');
-  };
-  req.headerFloat = function(name) {
-    return req.sanitizer.value(req.headers[name], 'flo');
-  };
-  req.headerEmail = function(name) {
-    return req.sanitizer.value(req.headers[name], 'email');
-  };
-  req.headerString = function(name) {
-    return req.sanitizer.value(req.headers[name], 'str');
-  };
-  req.headerPattern = function(name, pattern) {
-    return req.sanitizer.value(req.headers[name], pattern);
-  };
+  req.headerInt = createSanitizeFunc.call(req, 'headers', 'int');
+  req.headerFloat = createSanitizeFloat.call(req, 'headers');
+  req.headerEmail = createSanitizeFunc.call(req, 'headers', 'email');
+  req.headerString = createSanitizeFunc.call(req, 'headers', 'str');
+  req.headerPattern = createSanitizePattern.call(req, 'headers');
 
   // functions to retrieve and filter body parameters
-  req.bodyInt = function(name) {
-    return req.sanitizer.value(req.body[name], 'int');
+  req.bodyInt = createSanitizeFunc.call(req, 'body', 'int');
+  req.bodyFloat = createSanitizeFloat.call(req, 'body');
+  req.bodyEmail = createSanitizeFunc.call(req, 'body', 'email');
+  req.bodyString = createSanitizeFunc.call(req, 'body', 'str');
+  req.bodyPattern = createSanitizePattern.call(req, 'body');
+  req.bodyArray = createSanitizeArray.call(req, 'body');
+  req.bodyJson = function() {
+    return req.sanitizer.value(req.body, 'json');
   };
-  req.bodyFloat = function(name) {
-    return req.sanitizer.value(req.body[name], 'flo');
-  };
-  req.bodyEmail = function(name) {
-    return req.sanitizer.value(req.body[name], 'email');
-  };
-  req.bodyString = function(name) {
-    return req.sanitizer.value(req.body[name], 'str');
-  };
-  req.bodyPattern = function(name, pattern) {
-    return req.sanitizer.value(req.body[name], pattern);
-  };
 
   // functions to retrieve and filter query params
-  req.queryInt = function(name) {
-    return req.sanitizer.value(req.query[name], 'int');
-  };
-  req.queryFloat = function(name) {
-    return req.sanitizer.value(req.query[name], 'flo');
-  };
-  req.queryEmail = function(name) {
-    return req.sanitizer.value(req.query[name], 'email');
-  };
-  req.queryString = function(name) {
-    return req.sanitizer.value(req.query[name], 'str');
-  };
-  req.queryPattern = function(name, pattern) {
-    return req.sanitizer.value(req.query[name], pattern);
-  };
-  req.queryArray = function(name, type) {
-    return req.sanitizer.array(req.query[name], type || 'str');
-  };
+  req.queryInt = createSanitizeFunc.call(req, 'query', 'int');
+  req.queryFloat = createSanitizeFloat.call(req, 'query');
+  req.queryEmail = createSanitizeFunc.call(req, 'query', 'email');
+  req.queryString = createSanitizeFunc.call(req, 'query', 'str');
+  req.queryPattern = createSanitizePattern.call(req, 'query');
+  req.queryArray = createSanitizeArray.call(req, 'query');
 
   // functions to retrieve and filter param middleware
-  req.paramInt = function(name) {
-    return req.sanitizer.value(req.params[name], 'int');
-  };
-  req.paramFloat = function(name) {
-    return req.sanitizer.value(req.params[name], 'flo');
-  };
-  req.paramEmail = function(name) {
-    return req.sanitizer.value(req.params[name], 'email');
-  };
-  req.paramString = function(name) {
-    return req.sanitizer.value(req.params[name], 'str');
-  };
-  req.paramPattern = function(name, pattern) {
-    return req.sanitizer.value(req.params[name], pattern);
-  };
+  req.paramInt = createSanitizeFunc.call(req, 'params', 'int');
+  req.paramFloat = createSanitizeFloat.call(req, 'params');
+  req.paramEmail = createSanitizeFunc.call(req, 'params', 'email');
+  req.paramString = createSanitizeFunc.call(req, 'params', 'str');
+  req.paramPattern = createSanitizePattern.call(req, 'params');
+};
 
-  req.bodyJson = function() {
-    return req.sanitizer.value(req.body, 'json');
-  };
-};
+exports.createSanitizeFunc = createSanitizeFunc;
+exports.createSanitizeFloat = createSanitizeFloat;
+exports.createSanitizePattern = createSanitizePattern;
+exports.createSanitizeArray = createSanitizeArray;
+
+function createSanitizeFunc(input, type) {
+  return function(name) {
+    return this.sanitizer.value(this[input][name], type);
+  }.bind(this);
+}
+
+function createSanitizeFloat(input) {
+  return function(name, precision) {
+    var value = _.isUndefined(precision) ? this[input][name] : [this[input][name], parseInt(precision)];
+    return this.sanitizer.value(value, 'float');
+  }.bind(this);
+}
+
+function createSanitizePattern(input) {
+  return function(name, pattern) {
+    return this.sanitizer.value(this[input][name], pattern);
+  }.bind(this);
+}
+
+function createSanitizeArray(input) {
+  var req = this;
+  return function(name, arg, type) {
+    // we must have a type, so if no type, then use arg
+    if (_.isUndefined(type)) {
+      type = arg;
+      arg = undefined;
+    }
+
+    // get raw value
+    var value = req[input][name];
+
+    // if an arg is specified, add the specified arg to all values
+    value = !_.isUndefined(arg) ? _.map(value, function(val) {
+      return [val, arg]
+    }) : value;
+
+    // do sanitize!
+    return req.sanitizer.array(value, type)
+  }.bind(this);
+}
+

lib/Sanitizer.js

@@ -44,3 +44,3 @@ /**
     if (_.isArray(value)) {
-      arg = value[1];
+      arg = parseInt(value[1]);
       value = value[0];
@@ -47,0 +47,0 @@ }

package.json

 {
   "name": "sanitize",
-  "version": "0.0.6",
+  "version": "0.0.7",
   "description": "Input sanitizing library for node.js",
@@ -5,0 +5,0 @@ "main": "lib/sanitize.js",

test/sanitize.test.js

@@ -435,2 +435,53 @@ /**
 
+  describe('sanitize.middleware', function() {
+
+    var req = {
+      query: {
+        name1: '2.1234',
+        name2: [
+          '2.1234',
+          '3.1234'
+        ],
+        name3: '123',
+        name4: 'asdf@asdf.com',
+        name5: 'abc1def2ghi3'
+      }
+    };
+
+    sanitize.middleware.mixinFilters(req);
+
+    it('should sanitize float numbers', function() {
+      (2.1234).should.be.eql(req.queryFloat('name1'));
+    });
+
+    it ('should sanitize float numbers with precision', function() {
+      (2.12).should.be.eql(req.queryFloat('name1', 2));
+    });
+
+    it ('should sanitize arrays of items', function() {
+      [2.1234, 3.1234].should.be.eql(req.queryArray('name2', 'float'));
+    });
+
+    it ('should sanitize arrays of items with an arg applied to each item', function() {
+      [2.12, 3.12].should.be.eql(req.queryArray('name2', 2, 'float'))
+    });
+
+    it ('should sanitize integer numbers', function() {
+      (123).should.be.eql(req.queryInt('name3'));
+    });
+
+    it ('should sanitize emails', function() {
+      ('asdf@asdf.com').should.be.eql(req.queryEmail('name4'));
+    });
+
+    it ('should sanitize strings', function() {
+      ('asdf@asdf.com').should.be.eql(req.queryString('name4'));
+    });
+
+    it('should sanitize patterns', function() {
+      ('abc1def2ghi3').should.be.eql(req.queryPattern('name5', /(\w{3}\d)+/))
+    });
+
+  });
+
   describe('sanitize.Sanitizer', function() {
@@ -437,0 +488,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

24818

increased by8.68%

Lines of code

773

increased by5.17%

No dependency changes