(...paramNames: string[])
| 36 | * - 'paramName[]' - Array parameter (validates each element) |
| 37 | */ |
| 38 | export function validatePathParams(...paramNames: string[]) { |
| 39 | return (req: Request, res: Response, next: NextFunction): void => { |
| 40 | try { |
| 41 | for (const paramName of paramNames) { |
| 42 | // Handle optional parameters (paramName?) |
| 43 | if (paramName.endsWith('?')) { |
| 44 | const actualName = paramName.slice(0, -1); |
| 45 | const value = getParamValue(req, actualName); |
| 46 | if (value && typeof value === 'string') { |
| 47 | validatePath(value); |
| 48 | } |
| 49 | continue; |
| 50 | } |
| 51 | |
| 52 | // Handle array parameters (paramName[]) |
| 53 | if (paramName.endsWith('[]')) { |
| 54 | const actualName = paramName.slice(0, -2); |
| 55 | const values = getParamValue(req, actualName); |
| 56 | if (Array.isArray(values) && values.length > 0) { |
| 57 | for (const value of values) { |
| 58 | if (typeof value === 'string') { |
| 59 | validatePath(value); |
| 60 | } |
| 61 | } |
| 62 | } |
| 63 | continue; |
| 64 | } |
| 65 | |
| 66 | // Handle regular parameters |
| 67 | const value = getParamValue(req, paramName); |
| 68 | if (value && typeof value === 'string') { |
| 69 | validatePath(value); |
| 70 | } |
| 71 | } |
| 72 | |
| 73 | next(); |
| 74 | } catch (error) { |
| 75 | if (error instanceof PathNotAllowedError) { |
| 76 | res.status(403).json({ |
| 77 | success: false, |
| 78 | error: error.message, |
| 79 | }); |
| 80 | return; |
| 81 | } |
| 82 | |
| 83 | // Re-throw unexpected errors |
| 84 | throw error; |
| 85 | } |
| 86 | }; |
| 87 | } |
no test coverage detected