{"id":13781070,"url":"https://github.com/thinkjs/think-qs","last_synced_at":"2025-04-10T19:37:17.092Z","repository":{"id":57377006,"uuid":"104420338","full_name":"thinkjs/think-qs","owner":"thinkjs","description":"Use qs module to parse query \u0026 post data, support array \u0026 object value","archived":false,"fork":false,"pushed_at":"2017-10-11T09:15:34.000Z","size":7,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-03-19T21:50:05.155Z","etag":null,"topics":["middleware","qs","think-middleware"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thinkjs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-09-22T02:11:46.000Z","updated_at":"2019-06-13T23:48:10.000Z","dependencies_parsed_at":"2022-09-26T17:00:39.964Z","dependency_job_id":null,"html_url":"https://github.com/thinkjs/think-qs","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thinkjs%2Fthink-qs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thinkjs%2Fthink-qs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thinkjs%2Fthink-qs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thinkjs%2Fthink-qs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thinkjs","download_url":"https://codeload.github.com/thinkjs/think-qs/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248281415,"owners_count":21077423,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["middleware","qs","think-middleware"],"created_at":"2024-08-03T18:01:22.623Z","updated_at":"2025-04-10T19:37:17.059Z","avatar_url":"https://github.com/thinkjs.png","language":"JavaScript","readme":"# think-qs\n\n[![Build Status](https://travis-ci.org/thinkjs/think-qs.svg?branch=master)](https://travis-ci.org/thinkjs/think-qs)\n[![Coverage Status](https://coveralls.io/repos/github/thinkjs/think-qs/badge.svg)](https://coveralls.io/github/thinkjs/think-qs)\n[![npm](https://img.shields.io/npm/v/think-qs.svg)](https://www.npmjs.com/package/think-qs)\n\nUse [qs](https://github.com/ljharb/qs) module to parse query \u0026 post data, support array \u0026 object value.For example, the string 'foo[bar]=baz' converts to: \n\n```js\nfoo: {\n  bar: 'baz'\n}\n```\n\n\n## Installation\n\n```sh\nnpm install think-qs\n```\n\nthink-qs need [thinkjs](https://github.com/thinkjs/thinkjs) version `\u003e=3.2.2`.\n\n## How to use\n\nConfig file `src/config/middleware.js` (in multi mode, file is `src/common/config/middleware.js`), add middleware after payload:\n\n```js\nconst qs = require('think-qs');\nmodule.exports = [\n  ...\n  {\n    handle: 'payload'\n  },\n  {\n    handle: qs,\n    options: {\n\n    }\n  }\n]\n```\n\nAfter config, you can get array \u0026 object value by `this.get` or `this.post` in controller.\n\n## options\n\nThis middleware support follow options:\n\n* `query`: true, enable use qs to parse querystring\n* `post`: true, enable use qs to parse post data\n\nYou can find more options from https://github.com/ljharb/qs.\n\n## Security\n\nIf you use this middleware, you must be careful about security. some ORM support array/object in where conditions, it may be cause SQL injections.\n\n```js\n// http://docs.sequelizejs.com/manual/tutorial/querying.html\nPost.findAll({\n  where: {\n    id: this.get('id')\n  }\n});\n```\nIn here, we want `id` is an integer, but when url is `/pathname?id[$gt]=6`, id value is an object:\n\n```js\n{\n  $gt: 6\n}\n```\n\nthen where conditions is not we wanted, it caused SQL injection. you can config logic to resolve this security problems.\n\n```js\nmodule.exports = class extends think.Logic {\n  indexAction() {\n    this.rules = {\n      id: {\n        int: true\n      }\n    }\n  }\n}\n```\nyou can get more information about logic from https://thinkjs.org/zh-cn/doc/3.0/logic.html.\n","funding_links":[],"categories":["Middlewares"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthinkjs%2Fthink-qs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthinkjs%2Fthink-qs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthinkjs%2Fthink-qs/lists"}