1 | 'use strict';
|
2 |
|
3 | var _ = require('lodash');
|
4 | var typeis = require('type-is');
|
5 |
|
6 |
|
7 | module.exports = function (options) {
|
8 |
|
9 | options = _.defaults(options || {}, {
|
10 | checkQuery: true,
|
11 | checkBody: true,
|
12 | checkBodyOnlyForContentType: 'urlencoded'
|
13 | });
|
14 |
|
15 | function correctContentType(req) {
|
16 | return typeis(req, options.checkBodyOnlyForContentType);
|
17 | }
|
18 |
|
19 | return function (req, res, next) {
|
20 |
|
21 | if (options.checkQuery && req.query) {
|
22 | req.queryPolluted = {};
|
23 |
|
24 | var queryParams = _.keys(req.query);
|
25 | for ( var q = 0; q < queryParams.length; q+=1 ) {
|
26 |
|
27 | if (!_.isArray(req.query[queryParams[q]])) {
|
28 | continue;
|
29 | }
|
30 |
|
31 | req.queryPolluted[queryParams[q]] = req.query[queryParams[q]];
|
32 | req.query[queryParams[q]] = req.query[queryParams[q]][0];
|
33 |
|
34 | }
|
35 | }
|
36 |
|
37 | if (options.checkBody && req.body && correctContentType(req)) {
|
38 | req.bodyPolluted = {};
|
39 |
|
40 | var bodyParams = _.keys(req.body);
|
41 | for ( var b = 0; b < bodyParams.length; b+=1 ) {
|
42 |
|
43 | if (!_.isArray(req.body[bodyParams[b]])) {
|
44 | continue;
|
45 | }
|
46 |
|
47 | req.bodyPolluted[bodyParams[b]] = req.body[bodyParams[b]];
|
48 | req.body[bodyParams[b]] = req.body[bodyParams[b]][0];
|
49 |
|
50 | }
|
51 |
|
52 | }
|
53 |
|
54 | next();
|
55 |
|
56 | };
|
57 |
|
58 | };
|