github/directus
1
1
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-04-25 03:00:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

Validate the used query before running it

Browse Source
This commit is contained in:
rijkvanzanten
2020-10-14 15:31:47 -04:00
parent a18cd0ec1d
commit 1e628d8915
4 changed files with 125 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/src/middleware/sanitize-query.ts
View File

@@ -5,6 +5,7 @@
import { RequestHandler } from 'express';
import { sanitizeQuery } from '../utils/sanitize-query';
import { validateQuery } from '../utils/validate-query';
const sanitizeQueryMiddleware: RequestHandler = (req, res, next) => {
req.sanitizedQuery = {};
@@ -13,15 +14,16 @@ const sanitizeQueryMiddleware: RequestHandler = (req, res, next) => {
req.sanitizedQuery = sanitizeQuery(
{
fields: req.query.fields || '*',
...req.query
...req.query,
},
req.accountability || null
);
Object.freeze(req.sanitizedQuery);
validateQuery(req.sanitizedQuery);
return next();
};
export default sanitizeQueryMiddleware;