Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/saintedlama/resistor
Resist mass assignment vulnerabilities - map the important bits
https://github.com/saintedlama/resistor
Last synced: 13 days ago
JSON representation
Resist mass assignment vulnerabilities - map the important bits
- Host: GitHub
- URL: https://github.com/saintedlama/resistor
- Owner: saintedlama
- Created: 2015-01-19T14:48:30.000Z (almost 10 years ago)
- Default Branch: master
- Last Pushed: 2022-10-06T20:32:05.000Z (about 2 years ago)
- Last Synced: 2024-10-28T09:58:29.398Z (2 months ago)
- Language: JavaScript
- Size: 29.3 KB
- Stars: 2
- Watchers: 2
- Forks: 0
- Open Issues: 33
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Resistor
Resist mass assignment vulnerabilities - map the important bits
## Installation
npm install resistor --save
## Usage
### Middleware
Instead of validating input directly in your route handler resistor will generate a piece of middleware to do the heavy lifting:
```javascript
var validateSignup = resistor({
email : { type : 'string', required : true },
password : { type : 'string', required : true }
});
router.post('/signup', validateSignup, function(req, res, next) {
// req.model is set and resistor ensures that req.model.email and req.model.password are set
});
```
Out of the box resistor will send 400 JSON responses if a request is not valid. To modify this behaviour the errorHandler option comes
to rescue:
```javascript
function renderErrorView(req, res) {
res
.status(400)
.render('error', req.model);
}
var validateSignup = resistor({
email : { type : 'string', required : true },
password : { type : 'string', required : true }
}, { errorHandler : renderErrorView });
router.post('/signup', validateSignup, function(req, res, next) {
// req.model is set and resistor ensures that req.model.email and req.model.password are set
});
```
### Plain Javascript
To use resistor model binding outside of a middleware context resistor exposes the `binder` function to construct a binder
```javascript
var binder = resistor.binder({ input : '=' });
var model = binder.bind({ input : 'value'});
console.log(model.input); // prints `value` to stdout
```
Model binding/validation errors can be accessed by checking the `errors` field of the model
```javascript
var binder = resistor.binder({ input : { type : 'string', required : true }});
var model = binder.bind({});
console.log(model.errors); // prints `{ input: [ { validator: 'required', value: undefined } ] }` to stdout
```