allowed-fields

• Description
• Synopsis
• Details
• API
  • Classes
  • Typedefs
  • Interfaces
  • AllowedFieldsConfig
  • AllowedFields
    • new AllowedFields([config])
    • allowedFields.isAllowed(fieldName, [relationName]) ⇒ boolean
  • Fields : Object.<string, (string|Array.<string>)>

Description

This module lets developer define white listed and black listed database fields and provides a function to check whether given field is allowed.

Synopsis

TypeScript

import AllowedFields, { Fields } from "allowed-fields";

JavaScript

const AllowedFields = require("allowed-fields");

const fields = new AllowedFields({
  whiteList: { "": "color", member: "*", company: "*", manager: ["name"] },
  blackList: { member: ["salary"] },
});
 
// Field may be provided with single string as ('table.field').
fields.isAllowed("color"); // true  (color is allowed without relation name)
fields.isAllowed("member.name"); // true  (All fields (*) of member except 'salary' is allowed)
fields.isAllowed("manager.name"); // true  (It is in white list)
fields.isAllowed("member.salary"); // false (It is in black list)
fields.isAllowed("zoo.name"); // false (It is not in white list)
fields.isAllowed("member.*"); // false (Member salary is black listed. All fields (*) except salary are allowed)
fields.isAllowed("company.*"); // true  (All fields (*) of company is in white list)
 
// Field may be provided with two parameters as ('field', 'table')
fields.isAllowed("name", "member"); // true;
fields.isAllowed("salary", "member"); // false;

Details

This module is a utility for checking whether given fields are allowed according to simple blacklist and whitelist rules.

Blacklist and whitelist are provided using object. Keys are relation (table) names, values are field names. To allow every field in a table *

API

Classes

AllowedFields

Class which validates database fields using white list and black list.

Typedefs

Fields : Object.<string, (string|Array.<string>)>

Relation fields. Keys are relation (table) names, values are fields. Fields can be provided as string or array of strings. ie. field, entity.field or entity.. entity. covers all fields in that relation.

Interfaces

AllowedFieldsConfig

Aloowed fields sonfiguration.

AllowedFieldsConfig

Aloowed fields sonfiguration.

Kind: global interface
Properties

AllowedFields

Class which validates database fields using white list and black list.

Kind: global class

• AllowedFields
  • new AllowedFields([config])
  • .isAllowed(fieldName, [relationName]) ⇒ boolean

new AllowedFields([config])

Creates object.

allowedFields.isAllowed(fieldName, [relationName]) ⇒ boolean

Returns whether given field/relation combination is an allowed field according to given rules. Field name can be provided in single parameter or two parameters: i.e ('name', 'member') or ('member.name').

Kind: instance method of AllowedFields
Returns: boolean -

Example

allowedFields.isAllowed("member.name"); // Table and field as a single string.
allowedFields.isAllowed("name", "member"); // Field, Table.

Fields : Object.<string, (string|Array.<string>)>

Relation fields. Keys are relation (table) names, values are fields. Fields can be provided as string or array of strings. ie. field, entity.field or entity.*. entity.* covers all fields in that relation.

Kind: global typedef
Example

const fields = {
  "": "name", // Field name without table.
  person: "name", // Single field from `person` table.
  cart: ["name", "color"], // Some fields from `cart` table.
  report: "*", // All fields from `report` table.
};