Inline query sanitizer
This commit is contained in:
parent
e8ea13c809
commit
397a9f8915
|
@ -10,22 +10,19 @@ function isKnownQueryParam(param) {
|
||||||
return !!knownQueryParams[param];
|
return !!knownQueryParams[param];
|
||||||
}
|
}
|
||||||
|
|
||||||
function sanitizeQuery(originalQuery) {
|
|
||||||
const query = {};
|
|
||||||
|
|
||||||
Object.keys(originalQuery).forEach(param => {
|
|
||||||
if (isKnownQueryParam(param)) query[param] = originalQuery[param];
|
|
||||||
});
|
|
||||||
|
|
||||||
return query;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Reject URLs with invalid query parameters to increase cache hit rates.
|
* Reject URLs with invalid query parameters to increase cache hit rates.
|
||||||
*/
|
*/
|
||||||
export default function validateQuery(req, res, next) {
|
export default function validateQuery(req, res, next) {
|
||||||
if (!Object.keys(req.query).every(isKnownQueryParam)) {
|
const keys = Object.keys(req.query);
|
||||||
return res.redirect(302, req.path + createSearch(sanitizeQuery(req.query)));
|
|
||||||
|
if (!keys.every(isKnownQueryParam)) {
|
||||||
|
const newQuery = keys.filter(isKnownQueryParam).reduce((query, key) => {
|
||||||
|
query[key] = req.query[key];
|
||||||
|
return query;
|
||||||
|
}, {});
|
||||||
|
|
||||||
|
return res.redirect(302, req.path + createSearch(newQuery));
|
||||||
}
|
}
|
||||||
|
|
||||||
next();
|
next();
|
||||||
|
|
Loading…
Reference in New Issue