#node_secure-user-input

Validate and format content from api endpoints to secure your app against attacks and invalid data.

Simple usage:

import { baseRules, secureAPIData } from 'secure-api-data';

// let's define some custom rules
export const RULE = {
    ...baseRules,
    positiveNumber: { ...baseRules.number, min: 0, defaultValue: 0 },
    password: {...baseRules.string, required: true, minLength: 8, maxLength: 200, mustIncludeSpecialChar?: true, mustIncludeNumber?: true, mustIncludeLowercaseLetter?: true, mustIncludeUppercaseLetter?: true},
};

// incoming data from api
const insecureData = {
    credentials: {
        username: 'johnDoe',
        password: '1234abcd'
    },
    info: {
        phone: '(123) 123-1234',
        email: 'johnDoe@gmail.com',
        birthday: '1/1/2000',
        age: 19,
        signature: '<p><blink> I am awesome!!</blink></p>',
        favoriteColors: [
            'red',
            'blue',
            'green',
        ],
        pets: [
            {name: 'Fido', species: 'dog'},
            {name: 'Cinnamon', species: 'cat'},
            {name: 'Shelby'}
        ],
    },
    wouldLikeEmailNotifications: true
}

// rules to validate against
const validationRules = {
    credentials: {
        username: {...RULE.string, required: true, minLength: 5, maxLength: 200},
        password: RULE.password,
    },
    info: {
        phone: RULE.phone,
        email: RULE.email,
        birthday: RULE.date,
        age: RULE.positiveNumber,
        signature: {...RULE.string, htmlEscape: false},
        favoriteColors: {...Rule.string, multiple: true},
        "pets[]": {
            name: {...RULE.string, required: true},
            species: RULE.string,
        },
    },
    wouldLikeEmailNotifications: RULE.boolean,
}

// test and validate here
const out = secureAPIData(insecureData, validationRules);
if(out.errors)
    console.error(out.errors);
else {
    const validData = out.data;
    console.log(validData);
}

Built in validation for: strings,numbers, booleans, phone numbers, email addresses, dates, urls, and returning raw data

baseRule.string

required?: boolean;
defaultValue?: string;
multiple?: boolean;
minLength?: number;
maxLength?: number;
mustIncludeSpecialChar?: boolean;
mustIncludeNumber?: boolean;
mustIncludeLowercaseLetter?: boolean;
mustIncludeUppercaseLetter?: boolean;
removeNonvisibleChars?: boolean; defaults to true
htmlEscape?: boolean; defaults to true
enum?: string[];

baseRule.number

required?: boolean;
defaultValue?: number;
multiple?: boolean;
min?: number;
max?: number;
decimalPlaces?: number;
asString?: boolean;

baseRule.boolean

required?: boolean;
defaultValue?: boolean;
multiple?: boolean;
to01?: boolean; outputs 1 or 0 instead of true or false
asString01?: boolean; outputs '1' or '0' instead of true or false
asString?: boolean; outputs 'true' or 'false' instead of true or false

baseRule.phone (USA format only ... for now)

required?: boolean;
defaultValue?: number;
multiple?: boolean;

baseRule.email

required?: boolean;
defaultValue?: number;
multiple?: boolean;

baseRule.date

required?: boolean;
defaultValue?: number;
multiple?: boolean;
includeTime?: boolean;
format?: string; - enter a custom format using the Sugar.date syntax

baseRule.url

required?: boolean;
defaultValue?: string;
multiple?: boolean;

baseRule.raw

required?: boolean;
defaultValue?: any;

Tests

see tests/ folder for the full set of tests

See our related project for validating user submitted data

https://www.npmjs.com/package/node_secure-user-input

silverhawk184/secureAPIData

Validate and format content from api endpoints to secure your app against attacks and invalid data.

baseRule.string

baseRule.number

baseRule.boolean

baseRule.phone (USA format only ... for now)

baseRule.email

baseRule.date

baseRule.url

baseRule.raw

Tests

See our related project for validating user submitted data