think-qs

1.0.1 • Public • Published

think-qs

Build Status Coverage Status npm

Use qs module to parse query & post data, support array & object value.For example, the string 'foo[bar]=baz' converts to:

foo: {
  bar: 'baz'
}

Installation

npm install think-qs

think-qs need thinkjs version >=3.2.2.

How to use

Config file src/config/middleware.js (in multi mode, file is src/common/config/middleware.js), add middleware after payload:

const qs = require('think-qs');
module.exports = [
  ...
  {
    handle: 'payload'
  },
  {
    handle: qs,
    options: {
 
    }
  }
]

After config, you can get array & object value by this.get or this.post in controller.

options

This middleware support follow options:

  • query: true, enable use qs to parse querystring
  • post: true, enable use qs to parse post data

You can find more options from https://github.com/ljharb/qs.

Security

If you use this middleware, you must be careful about security. some ORM support array/object in where conditions, it may be cause SQL injections.

// http://docs.sequelizejs.com/manual/tutorial/querying.html
Post.findAll({
  where: {
    id: this.get('id')
  }
});

In here, we want id is an integer, but when url is /pathname?id[$gt]=6, id value is an object:

{
  $gt: 6
}

then where conditions is not we wanted, it caused SQL injection. you can config logic to resolve this security problems.

module.exports = class extends think.Logic {
  indexAction() {
    this.rules = {
      id: {
        int: true
      }
    }
  }
}

you can get more information about logic from https://thinkjs.org/zh-cn/doc/3.0/logic.html.

Readme

Keywords

Package Sidebar

Install

npm i think-qs

Weekly Downloads

1

Version

1.0.1

License

MIT

Last publish

Collaborators

  • welefen