Is there any "correct" way to filter allowed query fields, for example:
class User {
name: string;
email: string;
}
I want to let to GET request filter by name, but not by email
// allow
GET {{API}}/users?filter=name||$cont||a
// prevent
GET {{API}}/users?filter=email||$cont||@
I'm expecting to be able to set a whitelist of fields, whitelist: ['name'].
And after that reject any request that comes with the not allowed fields inside filter or search query param.
I don't want just to ignore them, I rather prefer to reject the request than perform a database query.
Or it's a typical case when I should define my own interceptor?
Thanks!
Is there any "correct" way to filter allowed query fields, for example:
I want to let to GET request filter by name, but not by email
I'm expecting to be able to set a whitelist of fields,
whitelist: ['name']
. And after that reject any request that comes with the not allowed fields inside filter or search query param. I don't want just to ignore them, I rather prefer to reject the request than perform a database query.Or it's a typical case when I should define my own interceptor? Thanks!