allowed-fields
Description
This module lets developer define white listed and black listed database fields and provides a function to check whether given field is allowed.
Synopsis
TypeScript
import AllowedFields, { Fields } from "allowed-fields";
JavaScript
const AllowedFields = require("allowed-fields");
const fields = new AllowedFields({
whiteList: { "": "color", member: "*", company: "*", manager: ["name"] },
blackList: { member: ["salary"] },
});
// Field may be provided with single string as ('table.field').
fields.isAllowed("color"); // true (color is allowed without relation name)
fields.isAllowed("member.name"); // true (All fields (*) of member except 'salary' is allowed)
fields.isAllowed("manager.name"); // true (It is in white list)
fields.isAllowed("member.salary"); // false (It is in black list)
fields.isAllowed("zoo.name"); // false (It is not in white list)
fields.isAllowed("member.*"); // false (Member salary is black listed. All fields (*) except salary are allowed)
fields.isAllowed("company.*"); // true (All fields (*) of company is in white list)
// Field may be provided with two parameters as ('field', 'table')
fields.isAllowed("name", "member"); // true;
fields.isAllowed("salary", "member"); // false;
Details
This module is a utility for checking whether given fields are allowed according to simple blacklist and whitelist rules.
Blacklist and whitelist are provided using object. Keys are relation (table) names, values are field names. To allow
every field in a table *
API
Classes
- AllowedFields
Class which validates database fields using white list and black list.
Typedefs
-
Fields :
Object.<string, (string|Array.<string>)>
Relation fields. Keys are relation (table) names, values are fields. Fields can be provided as string or array of strings. ie.
field
,entity.field
orentity.
.entity.
covers all fields in that relation.
Interfaces
- AllowedFieldsConfig
Aloowed fields sonfiguration.
AllowedFieldsConfig
Aloowed fields sonfiguration.
Kind: global interface
Properties
Name | Type | Description |
---|---|---|
[whiteList] | Fields |
List of allowed identifiers (entities and fields) to be used in query. |
[blackList] | Fields |
List of identifiers which are prohibited to use in query. |
AllowedFields
Class which validates database fields using white list and black list.
Kind: global class
new AllowedFields([config])
Creates object.
Param | Type | Description |
---|---|---|
[config] | Object |
Configuration |
[config.whiteList] | Fields |
List of allowed identifiers (entities and fields) to be used in query. |
[config.blackList] | Fields |
List of identifiers which are prohibited to use in query. |
boolean
allowedFields.isAllowed(fieldName, [relationName]) ⇒ Returns whether given field/relation combination is an allowed field according to given rules. Field name can be provided in single parameter or two parameters: i.e ('name', 'member') or ('member.name').
Kind: instance method of AllowedFields
Returns: boolean
-
- Whether field is valid.
Param | Type | Default | Description |
---|---|---|---|
fieldName | string |
Field name to test. i.e |
|
[relationName] | string |
"''" |
Relation name which field belongs to. |
Example
allowedFields.isAllowed("member.name"); // Table and field as a single string.
allowedFields.isAllowed("name", "member"); // Field, Table.
Object.<string, (string|Array.<string>)>
Fields : Relation fields. Keys are relation (table) names, values are fields.
Fields can be provided as string or array of strings. ie. field
, entity.field
or entity.*
.
entity.*
covers all fields in that relation.
Kind: global typedef
Example
const fields = {
"": "name", // Field name without table.
person: "name", // Single field from `person` table.
cart: ["name", "color"], // Some fields from `cart` table.
report: "*", // All fields from `report` table.
};