Paramd

JSON filtering for Node

Features:

• whitelisting params
• blacklisting params
• requiring params
• conditional application of rules
• custom error status codes

Example

var sanitized = require('paramd')();

sanitized
  .require('username')
  .optional(['age', 'favoriteColor', 'email']);

try {
  var json = sanitized(req.body);
} catch(err) {
  return res.json(422, { msg: err.message }) // err.message == "username is missing"
}

var user = new User(json);
user.save(function(err) {
  if(err) return res.json(500, err.message);
  res.json(201, user.toJSON());
});

More Complex Examples

Conditional Requires:

sanitized
  .optional('password')
  .require('passwordConfirmation', { if: (json) => { return json.password !== undefined } }) // using ES6 syntax

Status Code on Errors

sanitized
  .require('username', { status: 422 })

try {
  var json = sanitizd({name: 'Bob'});
} catch(e) {
  res.json(e.status, e.message);
}

Complete Documentation

You may either use a whitelisting mode (specifying attributes allowed), or a blacklisting mode (specifying attributes that aren't allowed). If you use both, an error will be thrown.

All configuration methods are chainable, and can take either a string or an array of properties.

White listing

Valid whitelisting methods are

• require
• optional / allow

Whitelist Example:

var sanitized = paramd()
    .require(['username', 'password'])
    .optional('email')
    .optional('age')

var attrs = sanitized(req.body);

Black listing

Blacklisting methods are

• except / filter

var sanitized = paramd()
    .filter('encryptedPassword')
    .filter('passwordResetToken')

var userData = sanitized(user.toJSON());

res.json(200, userData);