Allowed-fields NPM

allowed-fields

Description

This module lets developer define white listed and black listed database fields and provides a function to check whether given field is allowed.

Synopsis

TypeScript

import AllowedFields, { Fields } from "allowed-fields";

JavaScript

const AllowedFields = require("allowed-fields");

const fields = new AllowedFields({
  whiteList: { "": "color", member: "*", company: "*", manager: ["name"] },
  blackList: { member: ["salary"] },
});

// Field may be provided with single string as ('table.field').
fields.isAllowed("color"); // true  (color is allowed without relation name)
fields.isAllowed("member.name"); // true  (All fields (*) of member except 'salary' is allowed)
fields.isAllowed("manager.name"); // true  (It is in white list)
fields.isAllowed("member.salary"); // false (It is in black list)
fields.isAllowed("zoo.name"); // false (It is not in white list)
fields.isAllowed("member.*"); // false (Member salary is black listed. All fields (*) except salary are allowed)
fields.isAllowed("company.*"); // true  (All fields (*) of company is in white list)

// Field may be provided with two parameters as ('field', 'table')
fields.isAllowed("name", "member"); // true;
fields.isAllowed("salary", "member"); // false;

Details

This module is a utility for checking whether given fields are allowed according to simple blacklist and whitelist rules.

Blacklist and whitelist are provided using object. Keys are relation (table) names, values are field names. To allow every field in a table *

API

Classes

Typedefs

Interfaces

AllowedFieldsConfig

Kind: global interface
Properties

Name	Type	Description
whiteList	Fields	List of allowed identifiers (entities and fields) to be used in query.
blackList	Fields	List of identifiers which are prohibited to use in query.

AllowedFields

Kind: global class

AllowedFields
- new AllowedFields([config])
- .isAllowed(fieldName, [relationName]) ⇒ boolean

new AllowedFields(config)

Param	Type	Description
config	Object	Configuration
config.whiteList	Fields	List of allowed identifiers (entities and fields) to be used in query.
config.blackList	Fields	List of identifiers which are prohibited to use in query.

allowedFields.isAllowed(fieldName, relationName) ⇒ boolean

Kind: instance method of AllowedFields
Returns: boolean -

Param	Type	Default	Description
fieldName	string		Field name to test. i.e 'name'. Also it may contain field name such as 'member.name'
relationName	string	"''"	Relation name which field belongs to.

Example

allowedFields.isAllowed("member.name"); // Table and field as a single string.
allowedFields.isAllowed("name", "member"); // Field, Table.

Fields : Object.<string, (string|Array.<string>)>

Kind: global typedef
Example

const fields = {
  "": "name", // Field name without table.
  person: "name", // Single field from `person` table.
  cart: ["name", "color"], // Some fields from `cart` table.
  report: "*", // All fields from `report` table.
};

db fields whitelist blacklist

@types/joi joi

@everything-registry/sub-chunk-1121 @zalastax/nolb-allo

6 years ago

6 years ago

6 years ago

6 years ago