Define white listed and black listed database fields and check whether given field is allowed.


Keywords
db fields, whitelist, blacklist
License
MIT
Install
npm install allowed-fields@0.3.8

Documentation

allowed-fields

Description

This module lets developer define white listed and black listed database fields and provides a function to check whether given field is allowed.

Synopsis

TypeScript

import AllowedFields, { Fields } from "allowed-fields";

JavaScript

const AllowedFields = require("allowed-fields");
const fields = new AllowedFields({
  whiteList: { "": "color", member: "*", company: "*", manager: ["name"] },
  blackList: { member: ["salary"] },
});

// Field may be provided with single string as ('table.field').
fields.isAllowed("color"); // true  (color is allowed without relation name)
fields.isAllowed("member.name"); // true  (All fields (*) of member except 'salary' is allowed)
fields.isAllowed("manager.name"); // true  (It is in white list)
fields.isAllowed("member.salary"); // false (It is in black list)
fields.isAllowed("zoo.name"); // false (It is not in white list)
fields.isAllowed("member.*"); // false (Member salary is black listed. All fields (*) except salary are allowed)
fields.isAllowed("company.*"); // true  (All fields (*) of company is in white list)

// Field may be provided with two parameters as ('field', 'table')
fields.isAllowed("name", "member"); // true;
fields.isAllowed("salary", "member"); // false;

Details

This module is a utility for checking whether given fields are allowed according to simple blacklist and whitelist rules.

Blacklist and whitelist are provided using object. Keys are relation (table) names, values are field names. To allow every field in a table *

API

Classes

AllowedFields

Class which validates database fields using white list and black list.

Typedefs

Fields : Object.<string, (string|Array.<string>)>

Relation fields. Keys are relation (table) names, values are fields. Fields can be provided as string or array of strings. ie. field, entity.field or entity.. entity. covers all fields in that relation.

Interfaces

AllowedFieldsConfig

Aloowed fields sonfiguration.

AllowedFieldsConfig

Aloowed fields sonfiguration.

Kind: global interface
Properties

Name Type Description
[whiteList] Fields

List of allowed identifiers (entities and fields) to be used in query.

[blackList] Fields

List of identifiers which are prohibited to use in query.

AllowedFields

Class which validates database fields using white list and black list.

Kind: global class

new AllowedFields([config])

Creates object.

Param Type Description
[config] Object

Configuration

[config.whiteList] Fields

List of allowed identifiers (entities and fields) to be used in query.

[config.blackList] Fields

List of identifiers which are prohibited to use in query.

allowedFields.isAllowed(fieldName, [relationName]) ⇒ boolean

Returns whether given field/relation combination is an allowed field according to given rules. Field name can be provided in single parameter or two parameters: i.e ('name', 'member') or ('member.name').

Kind: instance method of AllowedFields
Returns: boolean -

  • Whether field is valid.
Param Type Default Description
fieldName string

Field name to test. i.e 'name'. Also it may contain field name such as 'member.name'

[relationName] string "''"

Relation name which field belongs to.

Example

allowedFields.isAllowed("member.name"); // Table and field as a single string.
allowedFields.isAllowed("name", "member"); // Field, Table.

Fields : Object.<string, (string|Array.<string>)>

Relation fields. Keys are relation (table) names, values are fields. Fields can be provided as string or array of strings. ie. field, entity.field or entity.*. entity.* covers all fields in that relation.

Kind: global typedef
Example

const fields = {
  "": "name", // Field name without table.
  person: "name", // Single field from `person` table.
  cart: ["name", "color"], // Some fields from `cart` table.
  report: "*", // All fields from `report` table.
};