Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

ac-sanitizer

admiralcloud513MIT5.0.0

Sanitites payloads based on given field definitions

readme

AC Sanitizer

Sanitizes payloads with given field definitions

Node.js CI

Version 4 - Breaking changes

Version 4 requires Node 16.

Usage

const sanitizer = require('ac-sanitizer')

let fieldsToCheck = {
  params: {
    stringVar: 'This is a string'
  },
  fields: [
    { field: 'stringVar', type: 'string', required: true },
    { field: 'forceJob', type: 'boolean', adminLevel: 64 }
  ],
  adminLevel: 32 // optional adminLevel of the user - must be at least the one defined in fields
}
let test = sanitizer.checkAndSanitizeValues(fieldsToCheck)
// COMPLEX EXAMPLE WITH NESTED PROPERTIES AND CONDITIONAL REQUIREMENTS

const sanitizer = require('ac-sanitizer')

let fieldsToCheck = {
  params: {
    obj: {
      f1: true
  },
  fields: [
    { field: 'obj', type: 'object', properties: [
      { field: 'f1', type: 'boolean' },
      { field: 'f2', type: 'boolean', required: 'f1' } // if f1 is true, then f2 is required
    ]}
  ]
}
let test = sanitizer.checkAndSanitizeValues(fieldsToCheck)

Field definition

Parameter Type Remarks
field string Name of the field
type string Type of the field to sanitize, see below for available values
required [boolean OR string] Set to true if required or set a path[^1] to a param (if that param is set, this value is required)
enum [array OR string] Optional list of allowed values. You can a string placeholder for certain standard lists (see below)
adminLevel [integer] Optional adminLevel required for this field
omitFields [boolean] If adminLevel is set and you do not have the proper adminLevel the sanitizer will just omit the field (and not return an error) if omitFields is true
convert [boolean OR string] Some types can be automatically converted (e.g. base64 to string)
valueType [string] Use it to sanitize values of an array by defining the allowed type here
strict [boolean] For objects only - if true and payload contains a property not defined, an error will be returned.
nullAllowed [boolean] If true, sending NULL is allowed.

[^1]: The path must be set with the parent propery as root, e.g. the actual field is settings.video.width, in property video the condition is then just "width" not the full path.

ENUM lists

The following enum lists are available using a string placeholder

Placeholder Items Remarks
iso-639-1 ISO 639-1 entries e.g. de, en, fr, es...
iso-639-2 ISO 639-2 entries e.g. deu, eng, fra ...
countrylist list of country names e.g. Laos, Brazil, Norway...

Convert

Some types allow automatic conversion: Type | Example | Remarks --- | --- | --- | integer | 60.1 -> 60 | Convert incoming number to integer - this way you can make your check more lenient string | Hello Developer -> Hello (with maxLength = 5) | Reduce string to max length base64 | SGVsbG8= -> Hello | Convert base64 encoded string to UTF-8 string iso-639 | { iso-639-2: 'tlh', translations: [] } -> tlh (with convert=iso-639-2) | Returns only the select property for the ISO-639 object

Available types

Type Options Remarks
any | Any can be string, integer, boolean, object or array - it will be automatically detected.
base64 | Checks if a string is base64 encoded, optional with field option "convert" (to string)
boolean |
cidr | Check CIDR, see example
integer | boolean | Value can be an integer OR a boolean
date dateFormat Date or date time, support various date formats (e.g. DD.MM.YYYY, DD/MM/YYYY, YYYY-MM-DD, etc) as well as a custom format defined in dateFormat.
fqdn wildcardAllowed (bool) Fully qualified domain names, optional with wildcard subdomain (e.g. *.admiralcloud.com)
email | a@b.c
float | 0 - 2^31
fileExtension |
gps | Can be a string of "LAT,LNG" or one including a distance as 3rd parameter like "LAT,LNG,DISTANCE".
hashids | HashIds - https://hashids.org
hexColor | Check valid hexadecimal color like #ff99cc
integer | 0 - 2^31
integer | string | Value can be an integer OR a string
iso-639-1 convert With convert = nativeName you can retrieve the native name of the given ISO string
iso-639-2 convert With convert = nativeName you can retrieve the native name of the given ISO string
ip version, anonymize, replacement version can be "4" or "6", defaults to "4", anonymize can be the number of octets/segments to anonymize, replacement (optional) defines the replacement character for IPv4 (defaults to 0)
long | 0 - 2^63
object properties Use properties to define object structure, properties is equal to fields array
number | Should no be used - use integer, long, short, floag
ratio | x:y
rgb | Check for valid RGB value (r,g,b) or (r%,g%, b%)
short | 0 - 2^15
string minLength (int), maxLength (int), ignoreCase With ignoreCase=true enum checks are case insensitive (e.g. abc in ['ABC'] is valid)
url protocols, require_tld, require_protocol Default values: protocols ['http', 'https'], required_tld true, require_protocol true

Examples

CIDR

// CIDR Example

const sanitizer = require('ac-sanitizer')

let fieldsToCheck = {
  params: {
    cidr: [{ cidr: '8.8.8.8/32' }]
  },
  fields: [
    { field: 'cidr', type: 'cidr' }
  ]
}
let test = sanitizer.checkAndSanitizeValues(fieldsToCheck)


// multiple mixed CIDR
let fieldsToCheck = {
  params: {
    cidr: [
      { cidr: '8.8.8.8/32' },
      { cidr: '::ffff:127.0.0.1', type: 'ipv6' }
    ]
  },
  fields: [
    { field: 'cidr', type: 'cidr' }
  ]
}
let test = sanitizer.checkAndSanitizeValues(fieldsToCheck)

IP

// CIDR Example

const sanitizer = require('ac-sanitizer')

let fieldsToCheck = {
  params: {
    ip: '8.8.8.8/32
  },
  fields: [
    { field: 'ip, type: 'ip', anonymize: 4 }
  ]
}
let test = sanitizer.checkAndSanitizeValues(fieldsToCheck)
// ip -> 8.8.0.0

Objects

By default properties which are not defined will be ignored and removed from payload.

Objects with strict mode activate

In strict mode, only defined properties are allowed.

let fieldsToCheck = {
  params: {
    settings: {
      allowed: true,
      notAllowed: true
    }
  },
  fields: [
    { field: 'settings', type: 'object', strict: true, properties: [
      { field: 'allowed', type: 'boolean' }
    ] }
  ]
}
let test = sanitizer.checkAndSanitizeValues(fieldsToCheck)
// error: object_settings_containsInvalidProperties

License

MIT License Copyright © 2009-present, AdmiralCloud AG, Mark Poepping

changelog

5.0.0 (2025-05-21 15:57:54)

Bug Fix

4.2.1 (2025-05-19 06:12:14)

Bug Fix

4.2.0 (2025-05-09 07:40:18)

Feature

4.1.4 (2025-04-19 18:34:41)

Bug Fix

4.1.3 (2025-03-18 08:54:37)

Bug Fix

4.1.2 (2025-01-25 13:17:56)

Bug Fix

4.1.1 (2025-01-25 10:27:26)

Bug Fix

4.1.0 (2025-01-25 10:01:18)

Feature

4.0.16 (2024-09-20 12:35:35)

Bug Fix

4.0.15 (2024-07-06 19:12:15)

Bug Fix

4.0.14 (2024-07-06 18:49:27)

Bug Fix

4.0.13 (2024-07-06 12:27:30)

Bug Fix

4.0.12 (2024-06-11 10:48:11)

Bug Fix

4.0.11 (2024-06-05 14:21:46)

Bug Fix

4.0.10 (2024-06-05 14:05:35)

Bug Fix

4.0.9 (2024-02-26 07:33:14)

Bug Fix

4.0.8 (2024-01-27 18:18:31)

Bug Fix

4.0.7 (2024-01-27 18:11:53)

Bug Fix

4.0.6 (2024-01-27 16:26:02)

Bug Fix

4.0.5 (2023-12-10 14:34:04)

Bug Fix

4.0.4 (2023-09-29 09:27:21)

Bug Fix

4.0.3 (2023-07-21 19:16:42)

Bug Fix

4.0.2 (2023-06-18 11:35:24)

Bug Fix

4.0.1 (2023-04-18 18:38:15)

Bug Fix

4.0.0 (2023-03-30 16:00:08)

Bug Fix

BREAKING CHANGES

At least Node 16 is required!

3.10.7 (2023-01-28 19:37:40)

Bug Fix

3.10.6 (2022-07-23 06:54:26)

Bug Fix

  • App: Allow convert with number | MP | 3e3d951a275b4c3e90654071cc2dcafb303742f2
    In order to be more lenient you can add property convert to numbers (e.g. integer). This way incoming float value will be converted to integer instead of returning an error.
    Related issues: /issues#undefined

3.10.5 (2022-06-25 09:02:28)

Bug Fix

3.10.4 (2022-06-08 18:30:35)

Bug Fix

3.10.3 (2022-05-15 15:04:15)

Bug Fix

3.10.2 (2022-04-28 11:21:08)

Bug Fix

3.10.1 (2022-04-24 19:38:16)

Bug Fix

3.10.0 (2022-04-24 18:45:04)

Feature

3.9.18 (2022-04-24 18:09:53)

Bug Fix

3.9.17 (2022-04-24 14:58:01)

Bug Fix

3.9.16 (2022-04-24 14:23:01)

Bug Fix

3.9.15 (2022-04-22 16:53:45)

Bug Fix

3.9.14 (2022-04-20 11:41:13)

Bug Fix

3.9.13 (2022-04-20 11:35:54)

Bug Fix

3.9.12 (2022-04-20 11:32:20)

Bug Fix

3.9.8 (2021-11-27 13:26:51)

Bug Fix

3.9.7 (2021-10-09 17:33:05)

Bug Fix

3.9.6 (2021-10-09 10:15:18)

Bug Fix

3.9.5 (2021-06-18 10:52:58)

Bug Fix

3.9.4 (2021-06-18 07:22:21)

Bug Fix

3.9.3 (2021-05-11 07:16:13)

Bug Fix

3.9.2 (2021-05-11 04:25:41)

Bug Fix

3.9.1 (2021-05-05 15:15:50)

Bug Fix

3.9.0 (2021-05-05 14:28:16)

Feature

3.8.1 (2021-05-05 09:50:07)

Bug Fix

3.8.0 (2021-05-05 08:54:21)

Feature

  • App: Requirements can now depend on other field | MP | 2047fefcf22f88233f4b15dd0b472182a433deb9
    If field is required can now also be set by a path (instead of simple bool value).

    Bug Fix

  • App: Base64: now automatic padding if base64 string is not dividable by 4 | MP | cf8adbaa4fff131c93b1bd02a6ad25a383784cb2
    base64 string must have a length that can be divided by 4. If not, add = as padding to end.

3.7.4 (2021-05-02 10:54:53)

Bug Fix

3.7.3 (2021-05-02 08:55:00)

Bug Fix

3.7.2 (2021-04-13 15:41:00)

Bug Fix

3.7.1 (2021-03-17 13:13:27)

Bug Fix

3.7.0 (2021-02-06 05:59:05)

Feature

3.6.0 (2021-01-27 09:18:40)

Feature

3.5.2 (2021-01-09 20:45:22)

Bug Fix

3.5.1 (2021-01-07 11:55:04)

Bug Fix

3.5.0 (2020-12-06 11:07:24)

Feature

3.4.3 (2020-11-17 12:38:26)

Bug Fix

3.4.2 (2020-11-15 12:59:32)

Bug Fix

3.4.1 (2020-11-15 12:37:23)

Bug Fix

3.4.0 (2020-11-09 20:56:47)

Feature

3.3.1 (2020-11-09 15:44:07)

Bug Fix

3.3.0 (2020-10-17 15:10:43)

Feature

3.2.0 (2020-10-17 14:12:45)

Feature

3.1.0 (2020-10-17 13:23:03)

Feature

3.0.0 (2020-09-25 11:52:27)

Bug Fix

  • App: Long integer range is now determined by MAX_SAFE_INTEGER | MP | 07b539229727ff88a12aa0d958205ae3bbd9c87e
    Long integer no longer allows values up to pow(2,63) as the are not safe in Javascript. Instead we now use MAX_SAFE_INTEGER. So values must be between -(Math.pow(2,53) - 1) and Math.pow(2, 53)-1. Additionally subtype signed is allowed.

    Chores

  • App: Updated packages | MP | bc31eb57e3852729751d91b6c1678e13062d7ed9
    Updated packages

  • App: Updated packages | MP | dd01a1aaabb036b2a8e5f689ca5d5ff1e2e5189a
    Updated packages

    BREAKING CHANGES

  • App: Long integer range has changed from POW 63 to POW 53 (MAX_SAFE_INTEGER)

2.3.6 (2020-08-22 18:15:39)

Bug Fix

2.3.5 (2020-08-22 17:41:10)

Bug Fix

2.3.4 (2020-08-22 14:45:52)

Bug Fix

2.3.3 (2020-08-22 13:45:43)

Bug Fix

2.3.2 (2020-07-31 20:22:18)

Bug Fix

2.3.1 (2020-07-28 11:40:27)

Bug Fix

2.3.0 (2020-07-28 11:03:03)

Feature

  • App: New function for random values | MP | b3d592c1f5291ad5d471f4963725970852e333aa
    Added a new helper function that returns random values for a given type. This can be useful for automated testing in combination with the sanitizer.

2.2.2 (2020-07-28 10:15:45)

Bug Fix

2.2.1 (2020-07-22 14:34:31)

Bug Fix

2.2.0 (2020-07-22 13:30:55)

Feature

2.1.3 (2020-07-19 10:18:48)

Bug Fix

2.1.2 (2020-07-19 10:13:45)

Bug Fix

  • App: Added modern approach for object validation | MP | bf8bed8b354cc2390d998f9ef182394cebb46fd2
    You can define a properties array of objects, similar to the main one to sanitize objects. This way no custom verify function is necessary (although it is still available for edge cases)

2.1.1 (2020-05-24 09:21:15)

Bug Fix

2.1.0 (2020-04-22 12:17:29)

Feature

2.0.1 (2020-03-29 14:22:47)

Bug Fix

Bug Fixes

BREAKING CHANGES

  • AC Sanitizer: Base64 is no longer automatically converted to string

1.0.9 (2020-02-12 16:26)

Bug Fixes

  • AC Sanitizer: Add field "adminLevel" for fields and params | MP (520c37d4f86ce8e8a64abd002a93f8687187f0ab)
    With adminLevel you can define a "level" a user needs to access/send a certain field in the payload

1.0.8 (2019-12-14 11:16)

Bug Fixes

1.0.7 (2019-12-14 10:24)

Bug Fixes

1.0.6 (2019-11-04 18:29)

Bug Fixes

1.0.5 (2019-08-05 13:37)

Bug Fixes

  • AC Sanitizer: Add uuid check | MP (767675e)
    Add uuid check

1.0.4 (2019-06-18 20:44)

Bug Fixes

  • AC Sanitizer: Allow params to be an empty object | MP (e5baba7)
    Allow params to be an empty object

1.0.3 (2019-04-08 18:06)

Bug Fixes

  • AC Sanitizer: Add support for array and plain object | MP (986207d)
    Add support for array and plain object

1.0.2 (2019-04-08 09:31)

Bug Fixes

  • AC Sanitizer: Minor fix for email | MP (da5e3ad)
    Minor typo fix for email. Added tests for email

1.0.1 (2019-04-08 09:22)

Bug Fixes

  • AC Sanitizer: Add type "email" | MP (fbd2b21)
    Add type "email"

1.0.0 (2019-01-23 11:35)

Bug Fixes

  • AC Sanitizer: Added check for boolean values | MP (1c189ff)
    Added check for boolean values