Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: ExorTek/fastify-mongo-sanitize
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.1.x
Choose a base ref
...
head repository: ExorTek/fastify-mongo-sanitize
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
  • 3 commits
  • 4 files changed
  • 1 contributor

Commits on Nov 11, 2024

  1. added new changes

    ExorTek committed Nov 11, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    f5b0101 View commit details
  2. added new type removeMatches

    ExorTek committed Nov 11, 2024
    Copy the full SHA
    b7fd7b9 View commit details
  3. 1.1.1

    ExorTek committed Nov 11, 2024
    Copy the full SHA
    fa65765 View commit details
Showing with 9 additions and 2 deletions.
  1. +6 −1 README.md
  2. +1 −1 package.json
  3. +1 −0 types/index.d.ts
  4. +1 −0 types/index.test-d.ts
7 changes: 6 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -19,6 +19,9 @@ data. This plugin provides flexible sanitization options for request bodies, par
- Configurable string and array handling options
- Skip routes functionality
- Custom sanitizer support
- **[NEW]** Email address preservation during sanitization
- **[NEW]** Option to remove matched patterns entirely
- **[NEW]** Enhanced security with request object cloning

## Installation

@@ -61,6 +64,7 @@ options:
| Option | Type | Default | Description |
|-------------------|----------------|----------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `replaceWith` | string | `''` | The string to replace the matched patterns with. Default is an empty string. If you want to replace the matched patterns with a different string, you can set this option. |
| 'removeMatches' | boolean | `false` | Remove the matched patterns. Default is false. If you want to remove the matched patterns instead of replacing them, you can set this option to true. |
| `sanitizeObjects` | array | `['body', 'params', 'query']` | The request properties to sanitize. Default is `['body', 'params', 'query']`. You can specify any request property that you want to sanitize. It must be an object. |
| `mode` | string | `'auto'` | The mode of operation. Default is 'auto'. You can set this option to 'auto', 'manual'. If you set it to 'auto', the plugin will automatically sanitize the request objects. If you set it to 'manual', you can sanitize the request objects manually using the request.sanitize() method. |
| `skipRoutes` | array | `[]` | An array of routes to skip. Default is an empty array. If you want to skip certain routes from sanitization, you can specify the routes here. The routes must be in the format `/path`. For example, `['/health', '/metrics']`. |
@@ -101,12 +105,13 @@ The `arrayOptions` object controls array sanitization behavior:
```javascript
const fastify = require('fastify')();

fastify.register(require('fastify-mongo-sanitize'), {
fastify.register(require('@exortek/fastify-mongo-sanitize'), {
replaceWith: '_',
mode: 'manual',
skipRoutes: ['/health', '/metrics'],
recursive: true,
removeEmpty: true,
removeMatches: true, // New option to remove dangerous patterns completely
stringOptions: {
trim: true,
maxLength: 100
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@exortek/fastify-mongo-sanitize",
"version": "1.1.0",
"version": "1.1.1",
"description": "MongoDB query sanitizer for Fastify",
"main": "index.js",
"type": "commonjs",
1 change: 1 addition & 0 deletions types/index.d.ts
Original file line number Diff line number Diff line change
@@ -2,6 +2,7 @@ import type { FastifyPluginCallback } from 'fastify';

export interface FastifyMongoSanitizeOptions {
replaceWith?: string;
removeMatches?: boolean;
sanitizeObjects?: ('body' | 'params' | 'query')[];
mode?: 'auto' | 'manual';
skipRoutes?: string[];
1 change: 1 addition & 0 deletions types/index.test-d.ts
Original file line number Diff line number Diff line change
@@ -7,6 +7,7 @@ instance.register(fastifyMongoSanitize);

instance.register(fastifyMongoSanitize, {
replaceWith: '',
removeMatches: true,
sanitizeObjects: ['body', 'params', 'query'],
mode: 'auto',
skipRoutes: ['/health'],