Whitelist entity fields inside search and filter query

[vladi-strilets]

Is there any "correct" way to filter allowed query fields, for example:

class User {
  name: string;
  email: string;
}

I want to let to GET request filter by name, but not by email

// allow
GET {{API}}/users?filter=name||$cont||a

// prevent
GET {{API}}/users?filter=email||$cont||@

I'm expecting to be able to set a whitelist of fields, whitelist: ['name']. And after that reject any request that comes with the not allowed fields inside filter or search query param. I don't want just to ignore them, I rather prefer to reject the request than perform a database query.

Or it's a typical case when I should define my own interceptor? Thanks!