How to use the express-validator/filter.sanitizeParam function in express-validator
To help you get started, we’ve selected a few express-validator examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
librewiki / liberty-engine / lib / routes / v1 / users / password.js View on Github 
const { User } = require('../../../models');
const Response = require('../../../responses');
const middlewares = require('../../../middlewares');
const router = express.Router({ mergeParams: true });
/* PUT /users/:userId/password */
router.put(
'/',
[
param('userId').trim().isInt().custom(v => v > 0),
body('password').trim().isLength({ min: 6 }),
body('oldPassword').trim(),
],
[
sanitizeParam('userId').trim().toInt(),
sanitizeParam('password').trim(),
sanitizeParam('oldPassword').trim(),
],
middlewares.validate(),
async ({ user, params: { userId }, body: { password, oldPassword } }, res, next) => {
try {
const userFound = await User.findByPk(userId);
if (!userFound) {
return new Response.BadRequest().send(res);
}
if (
user.isAnnonymous
|| userFound.id !== user.id
|| !await user.verifyPassword(oldPassword)
) {
return new Response.Unauthorized().send(res);const Response = require('../../../responses');
const middlewares = require('../../../middlewares');
const router = express.Router({ mergeParams: true });
/* PUT /users/:userId/password */
router.put(
'/',
[
param('userId').trim().isInt().custom(v => v > 0),
body('password').trim().isLength({ min: 6 }),
body('oldPassword').trim(),
],
[
sanitizeParam('userId').trim().toInt(),
sanitizeParam('password').trim(),
sanitizeParam('oldPassword').trim(),
],
middlewares.validate(),
async ({ user, params: { userId }, body: { password, oldPassword } }, res, next) => {
try {
const userFound = await User.findByPk(userId);
if (!userFound) {
return new Response.BadRequest().send(res);
}
if (
user.isAnnonymous
|| userFound.id !== user.id
|| !await user.verifyPassword(oldPassword)
) {
return new Response.Unauthorized().send(res);
}const middlewares = require('../../../middlewares');
const router = express.Router({ mergeParams: true });
/* PUT /users/:userId/password */
router.put(
'/',
[
param('userId').trim().isInt().custom(v => v > 0),
body('password').trim().isLength({ min: 6 }),
body('oldPassword').trim(),
],
[
sanitizeParam('userId').trim().toInt(),
sanitizeParam('password').trim(),
sanitizeParam('oldPassword').trim(),
],
middlewares.validate(),
async ({ user, params: { userId }, body: { password, oldPassword } }, res, next) => {
try {
const userFound = await User.findByPk(userId);
if (!userFound) {
return new Response.BadRequest().send(res);
}
if (
user.isAnnonymous
|| userFound.id !== user.id
|| !await user.verifyPassword(oldPassword)
) {
return new Response.Unauthorized().send(res);
}
await user.update({ password });const upload = multer({
storage,
limits: {
fileSize: 10 * 1024 * 1024, // 10 MiB
},
});
router.get(
'/:descriptionArticleTitle',
[
param('descriptionArticleTitle')
.trim()
.custom(v => Article.validateTitle(v)),
],
[
sanitizeParam('descriptionArticleTitle').trim(),
],
middlewares.validate(),
async (req, res, next) => {
try {
const mediaFile = await MediaFile.findOne({
include: [{
association: MediaFile.associations.descriptionArticle,
where: {
namespaceId: Namespace.Known.FILE.id,
title: req.params.descriptionArticleTitle,
},
}],
});
if (!mediaFile) {
return new Response.ResourceNotFound().send(res);
}const { sanitizeParam } = require('express-validator/filter');
const { User, Role } = require('../../../models');
const Response = require('../../../responses');
const middlewares = require('../../../middlewares');
const { GRANT_REVOKE_ROLE } = require('../../../SpecialPermissions');
const router = express.Router({ mergeParams: true });
/* GET /users/:userId/roles */
router.get(
'/',
[
param('userId').trim().isInt(),
],
[
sanitizeParam('userId').trim().toInt(),
],
async (req, res, next) => {
try {
const user = await User.findByPk(req.params.userId, {
include: [{
association: User.associations.roles,
}],
});
if (!user) {
return new Response.ResourceNotFound().send(res);
}
return new Response.Success({ roles: user.roles }).send(res);
} catch (err) {
return next(err);
}
},const express = require('express')
const router = new express.Router()
const {sanitizeParam} = require('express-validator/filter')
const sanitizeAddress = sanitizeParam('address').customSanitizer(
(value, {req}) => {
return req.params.address
.replace(/[^A-Za-z0-9_.+@-]/g, '') // Remove special characters
.toLowerCase()
}
)
router.get('^/:address([^@/]+@[^@/]+)', sanitizeAddress, (req, res, _next) => {
const mailProcessingService = req.app.get('mailProcessingService')
res.render('inbox', {
title: req.params.address,
address: req.params.address,
mailSummaries: mailProcessingService.getMailSummaries(req.params.address)
})
})Namespace, CategoryLink, Article,
} = require('../../models');
const middlewares = require('../../middlewares');
const Response = require('../../responses');
const router = express.Router({ mergeParams: true });
router.get(
'/:categoryTitle',
[
param('categoryTitle')
.trim()
.custom(v => Article.validateTitle(v)),
],
[
sanitizeParam('categoryTitle').trim(),
],
middlewares.validate(),
async (req, res, next) => {
try {
const categoryLinks = await CategoryLink.findLinks(req.params.categoryTitle);
const subcategories = [];
const members = [];
for (const link of categoryLinks) {
if (link.sourceArticle.namespaceId === Namespace.Known.CATEGORY.id) {
subcategories.push(link.sourceArticle.title);
} else {
members.push(link.sourceArticle.fullTitle);
}
}
return new Response.Success({ subcategories, members }).send(res);
} catch (err) {const router = express.Router({ mergeParams: true });
/*
* hide or unhide a comment
* GET discussion-comment/:commentId
*/
router.put(
'/:commentId/status',
middlewares.permission(SET_DISCUSSION_STATUS),
[
param('commentId').trim().isInt().custom(v => v > 0),
body('status').trim().isIn(['PUBLIC', 'HIDDEN']),
],
[
sanitizeParam('commentId').trim().toInt(),
sanitizeBody('status').trim(),
],
middlewares.validate(),
async ({ params: { commentId }, body: { status }, user }, res, next) => {
try {
const comment = await DiscussionComment.findByPk(commentId);
if (!comment) {
return new Response.ResourceNotFound().send(res);
}
if (status === 'HIDDEN') {
await comment.hide({ hider: user });
} else {
await comment.unhide();
}
return new Response.Success().send(res);
} catch (err) {return new Response.Success({ revisions: result }).send(res);
} catch (err) {
return next(err);
}
},
);
router.get(
'/:revisionId',
[
param('revisionId')
.trim()
.isInt(),
],
[
sanitizeParam('revisionId').trim().toInt(),
],
async (req, res, next) => {
try {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return new Response.BadRequest({ errors: errors.array() }).send(res);
}
const revision = await Revision.findByPk(req.params.revisionId, {
include: [
Revision.associations.author,
Revision.associations.wikitext,
],
});
if (!revision) {
return new Response.ResourceNotFound().send(res);
}},
);
router.put(
'/:roleId/special-permissions',
middlewares.permission(SET_PERMISSION_OF_ROLE),
[
param('roleId')
.trim()
.isInt(),
body('specialPermissions.*')
.trim()
.custom(v => SpecialPermissions[v] !== undefined),
],
[
sanitizeParam('roleId').trim().toInt(),
sanitizeBody('specialPermissions.*').trim(),
],
middlewares.validate(),
async ({ params: { roleId }, body: { specialPermissions } }, res, next) => {
try {
const toSet = specialPermissions.map(p => SpecialPermission.nameKeyMap.get(p));
const role = await Role.findByPk(roleId);
await role.setSpecialPermissions(toSet);
await initializeModels();
return new Response.Success().send(res);
} catch (err) {
return next(err);
}
},
);express-validator
Express middleware for the validator module.
Package Health Score
78 / 100Popular express-validator functions
- express-validator
- express-validator.body
- express-validator.check
- express-validator.checkSchema
- express-validator.matchedData
- express-validator.oneOf
- express-validator.param
- express-validator.query
- express-validator.sanitizeBody
- express-validator.sanitizeQuery
- express-validator.validationResult
- express-validator/check.body
- express-validator/check.check
- express-validator/check.param
- express-validator/check.query
- express-validator/check.validationResult
- express-validator/filter.matchedData
- express-validator/filter.sanitizeBody
- express-validator/filter.sanitizeParam
- express-validator/filter.sanitizeQuery