2018-10-23 23:45:42 +08:00
|
|
|
'use strict';
|
|
|
|
|
|
2017-09-25 19:40:22 +08:00
|
|
|
const _ = require('underscore');
|
|
|
|
|
|
|
|
|
|
// Whitelist query parameters and attach format
|
|
|
|
|
const REQUEST_QUERY_PARAMS_WHITELIST = [
|
|
|
|
|
'config',
|
|
|
|
|
'map_key',
|
|
|
|
|
'api_key',
|
|
|
|
|
'auth_token',
|
|
|
|
|
'callback',
|
|
|
|
|
'zoom',
|
|
|
|
|
'lon',
|
|
|
|
|
'lat',
|
|
|
|
|
// analysis
|
|
|
|
|
'filters' // json
|
|
|
|
|
];
|
|
|
|
|
|
2018-03-16 21:03:59 +08:00
|
|
|
module.exports = function cleanUpQueryParamsMiddleware (customQueryParams = []) {
|
|
|
|
|
if (!Array.isArray(customQueryParams)) {
|
|
|
|
|
throw new Error('customQueryParams must receive an Array of params');
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-25 19:40:22 +08:00
|
|
|
return function cleanUpQueryParams (req, res, next) {
|
2018-03-16 21:20:41 +08:00
|
|
|
const allowedQueryParams = [...REQUEST_QUERY_PARAMS_WHITELIST, ...customQueryParams];
|
2017-09-25 19:40:22 +08:00
|
|
|
|
|
|
|
|
req.query = _.pick(req.query, allowedQueryParams);
|
|
|
|
|
|
|
|
|
|
next();
|
|
|
|
|
};
|
|
|
|
|
};
|
