xyz icon indicating copy to clipboard operation
xyz copied to clipboard
verified publisher icon GEOLYTIX

Sanitize objects provided in location/update post body

Open MatheusAnciloto opened this issue 3 years ago • 0 comments

Objects will be sanitized when provided in the request post body sent to the location/update API.

const sanitize = (obj) => {
  Object.keys(obj).forEach((key) => {
    if (typeof obj[key] === "string") {
      obj[key] = obj[key].replace(/'/gi, `''`);
    } else if (typeof obj[key] === "object") {
      obj[key] = sanitize(obj[key]);
    }
  });
  return obj;
};

module.exports = async (req, res) => {
  const layer = req.params.layer;

  const fields = Object.entries(req.body).map((entry) => {
    if (entry[1] === null) return ` ${entry[0]} = null`;
    if (typeof entry[1] === "string") {
      return ` ${entry[0]} = '${entry[1].replace(/\'/gi, `''`)}'`;
    }
    if (entry[1].coordinates)
      return ` ${
        entry[0]
      } = ST_SetSRID(ST_MakeValid(ST_GeomFromGeoJSON('${JSON.stringify(
        entry[1]
      )}')),${layer.srid})`;
    if (typeof entry[1] === "object")
      return ` ${entry[0]} = '${JSON.stringify(sanitize(entry[1]))}'`;
    if (typeof entry[1] === "boolean" || typeof entry[1] === "number")
      return ` ${entry[0]} = ${entry[1]}`;
  });

MatheusAnciloto avatar Sep 23 '22 10:09 MatheusAnciloto