node_secure-user-input
v0.0.12
Published
Validates and secures user submitted data
Downloads
9
Readme
#node_secure-user-input
Validate and format user submitted data to secure your app against attacks and invalid data.
Simple usage:
import { baseRules, secureUserInput } from 'node_secure-user-input';
// let's define some custom rules
export const RULE = {
...baseRules,
positiveNumber: { ...baseRules.number, min: 0, defaultValue: 0 },
password: {...baseRules.string, required: true, minLength: 8, maxLength: 200, mustIncludeSpecialChar?: true, mustIncludeNumber?: true, mustIncludeLowercaseLetter?: true, mustIncludeUppercaseLetter?: true},
};
// incoming data from user
const insecureData = {
credentials: {
username: 'johnDoe',
password: '1234abcd'
},
info: {
phone: '(123) 123-1234',
email: '[email protected]',
birthday: '1/1/2000',
age: 19,
signature: '<p><blink> I am awesome!!</blink></p>',
favoriteColors: [
'red',
'blue',
'green',
],
pets: [
{name: 'Fido', species: 'dog'},
{name: 'Cinnamon', species: 'cat'},
{name: 'Shelby'}
],
},
wouldLikeEmailNotifications: true
}
// rules to validate against
const validationRules = {
credentials: {
username: {...RULE.string, required: true, minLength: 5, maxLength: 200},
password: RULE.password,
},
info: {
phone: RULE.phone,
email: RULE.email,
birthday: RULE.date,
age: RULE.positiveNumber,
signature: {...RULE.string, htmlEscape: false},
favoriteColors: {...Rule.string, multiple: true},
"pets[]": {
name: {...RULE.string, required: true},
species: RULE.string,
},
},
wouldLikeEmailNotifications: RULE.boolean,
}
// test and validate here
const out = secureUserInput(insecureData, validationRules);
if(out.errors)
console.error(out.errors);
else {
const validData = out.data;
console.log(validData);
}Built in validation for: strings,numbers, booleans, phone numbers, email addresses, dates, urls, and returning raw data
baseRule.string
- required?: boolean;
- defaultValue?: string;
- multiple?: boolean;
- minLength?: number;
- maxLength?: number;
- mustIncludeSpecialChar?: boolean;
- mustIncludeNumber?: boolean;
- mustIncludeLowercaseLetter?: boolean;
- mustIncludeUppercaseLetter?: boolean;
- removeNonvisibleChars?: boolean; defaults to true
- htmlEscape?: boolean; defaults to true
- sqlEscape?: boolean; defaults to true
- enum?: string[];
baseRule.number
- required?: boolean;
- defaultValue?: number;
- multiple?: boolean;
- min?: number;
- max?: number;
- decimalPlaces?: number;
- asString?: boolean;
baseRule.boolean
- required?: boolean;
- defaultValue?: boolean;
- multiple?: boolean;
- to01?: boolean; outputs 1 or 0 instead of true or false
- asString01?: boolean; outputs '1' or '0' instead of true or false
- asString?: boolean; outputs 'true' or 'false' instead of true or false
baseRule.phone (USA format only ... for now)
- required?: boolean;
- defaultValue?: number;
- multiple?: boolean;
baseRule.email
- required?: boolean;
- defaultValue?: number;
- multiple?: boolean;
baseRule.date
- required?: boolean;
- defaultValue?: number;
- multiple?: boolean;
- includeTime?: boolean;
- format?: string; - enter a custom format using the Sugar.date syntax
- sqlEscape?: boolean;
baseRule.url
- required?: boolean;
- defaultValue?: string;
- multiple?: boolean;
- sqlEscape?: boolean;
baseRule.raw
- required?: boolean;
- defaultValue?: any;
baseRule.file
- required?: boolean;
- mimeTypes: 'string[]'; (['image/gif','image/png','image/jpeg'])
- minSize?: number; (bytes)
- maxSize?: number; (bytes)
- virusCheck?: boolean;
Tests coming soon
see tests/ folder for the full set of tests
- file tests coming soon