Open bovandersteene opened 4 years ago
It's not related to the crud lib, because the crud request parser doesn't provide such validation. It's totally up to user to implement such validation
Hi, here is how I did it. I extended the crud service to validate each field.
This is not the best solution but I believe this should be included in the crud-typeorm service. I'm not familiar with this repo development cycle, but if you need me to contribute, i'll be happy to.
import { TypeOrmCrudService } from "@nestjsx/crud-typeorm"
import { QueryFilter } from "@nestjsx/crud-request"
import { ObjectLiteral } from "typeorm"
import { ValidationError, validateSync } from "class-validator"
import { BadRequestException } from "@nestjs/common"
import { plainToClass } from "class-transformer"
export class ValidatingTypeOrmCrudService<T> extends TypeOrmCrudService<T> {
/**
* Add parameter value validation
*/
protected mapOperatorsToQuery(cond: QueryFilter, param: any): { str: string; params: ObjectLiteral } {
const errors = this.validateParamValues(cond, param)
if (errors.length > 0) {
throw new BadRequestException(errors)
}
return super.mapOperatorsToQuery(cond, param)
}
protected validateParamValues(cond: QueryFilter, param: any): ValidationError[] {
// @TODO: handle undefined values
if (cond.value === undefined) {
return []
}
let errors: ValidationError[] = []
switch (cond.operator) {
case "$in":
const paramArray = Array.isArray(cond.value) ? cond.value : [cond.value]
for (const paramArrayValue of paramArray) {
// validate each value using the "$eq" operator
errors = errors.concat(this.validateParamValues({ ...cond, operator: "$eq", value: paramArrayValue }, param))
}
break
case "$eq":
// create an entity to be validated
const dto = plainToClass(this.entityType, { [cond.field]: cond.value })
// validate the entity
errors = validateSync(dto)
// only keep errors for the current field
errors = errors.filter((err) => err.property === cond.field)
break
// @TODO: handle other operators
/* istanbul ignore next */
default:
break
}
return errors
}
}
I have following url:
So far so good my executed query is:
Now if I change my request to
My query is:
Now we got a problem, the provided filter value is not a date.
Also if I want to change my provided date inside the query to my own date format it is not possible