(req, _res, next)
| 8 | import { validateQuery } from '../utils/validate-query.js'; |
| 9 | |
| 10 | const sanitizeQueryMiddleware: RequestHandler = async (req, _res, next) => { |
| 11 | req.sanitizedQuery = {}; |
| 12 | if (!req.query) return; |
| 13 | |
| 14 | // Skip sanitization and validation if query is empty |
| 15 | if (Object.keys(req.query).length === 0) { |
| 16 | Object.freeze(req.sanitizedQuery); |
| 17 | return next(); |
| 18 | } |
| 19 | |
| 20 | try { |
| 21 | req.sanitizedQuery = await sanitizeQuery( |
| 22 | { |
| 23 | fields: req.query['fields'] || '*', |
| 24 | ...req.query, |
| 25 | }, |
| 26 | req.schema, |
| 27 | req.accountability || null, |
| 28 | ); |
| 29 | |
| 30 | Object.freeze(req.sanitizedQuery); |
| 31 | |
| 32 | validateQuery(req.sanitizedQuery); |
| 33 | } catch (error) { |
| 34 | return next(error); |
| 35 | } |
| 36 | |
| 37 | return next(); |
| 38 | }; |
| 39 | |
| 40 | export default sanitizeQueryMiddleware; |
nothing calls this directly
no test coverage detected