github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-01-29 12:08:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into feature-rate-limiting

Browse Source
This commit is contained in:
rijkvanzanten
2020-09-08 12:31:57 -04:00
parent 6b0b96591c 8811d2a3b4
commit 7f1f105349
248 changed files with 3387 additions and 34724 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
api/src/middleware/sanitize-query.ts
View File

@@ -4,9 +4,9 @@
*/
import { RequestHandler } from 'express';
import { Query, Sort, Filter } from '../types/query';
import { Meta } from '../types/meta';
import { Accountability, Query, Sort, Filter, Meta } from '../types';
import logger from '../logger';
import { parseFilter } from '../utils/parse-filter';
const sanitizeQuery: RequestHandler = (req, res, next) => {
req.sanitizedQuery = {};
@@ -16,10 +16,10 @@ const sanitizeQuery: RequestHandler = (req, res, next) => {
fields: sanitizeFields(req.query.fields) || ['*'],
};
if (req.query.limit) {
if (req.query.limit !== undefined) {
const limit = sanitizeLimit(req.query.limit);
if (limit) {
if (typeof limit === 'number') {
query.limit = limit;
}
}
@@ -29,7 +29,7 @@ const sanitizeQuery: RequestHandler = (req, res, next) => {
}
if (req.query.filter) {
query.filter = sanitizeFilter(req.query.filter);
query.filter = sanitizeFilter(req.query.filter, req.accountability || null);
}
if (req.query.limit == '-1') {
@@ -56,13 +56,6 @@ const sanitizeQuery: RequestHandler = (req, res, next) => {
query.search = req.query.search;
}
if (req.permissions) {
query.filter = {
...(query.filter || {}),
...(req.permissions.permissions || {}),
};
}
req.sanitizedQuery = query;
return next();
};
@@ -93,7 +86,7 @@ function sanitizeSort(rawSort: any) {
});
}
function sanitizeFilter(rawFilter: any) {
function sanitizeFilter(rawFilter: any, accountability: Accountability | null) {
let filters: Filter = rawFilter;
if (typeof rawFilter === 'string') {
@@ -104,16 +97,13 @@ function sanitizeFilter(rawFilter: any) {
}
}
/**
* @todo
* validate filter syntax?
*/
filters = parseFilter(filters, accountability);
return filters;
}
function sanitizeLimit(rawLimit: any) {
if (!rawLimit) return null;
if (rawLimit === undefined || rawLimit === null) return null;
return Number(rawLimit);
}
@@ -141,4 +131,6 @@ function sanitizeMeta(rawMeta: any) {
if (Array.isArray(rawMeta)) {
return rawMeta;
}
return [rawMeta];
}