forbidNonWhitelisted: true

08f59052 · L4168 · 763d20b7 · 08f59052
Commit 08f59052 authored 5 years ago by L4168
--- a/src/shared/validation.pipe.ts
+++ b/src/shared/validation.pipe.ts
+import {
-import { PipeTransform, Injectable, ArgumentMetadata, BadRequestException, HttpException, HttpStatus } from '@nestjs/common';
+  PipeTransform,
+  Injectable,
+  ArgumentMetadata,
+  HttpException,
+  HttpStatus,
+} from '@nestjs/common';
 import { validate } from 'class-validator';
 import { plainToClass } from 'class-transformer';
 @Injectable()
 export class ValidationPipe implements PipeTransform<any> {
-    async transform(value: any, metadata: ArgumentMetadata) {
+  async transform(value: any, metadata: ArgumentMetadata) {
+    if (value instanceof Object && this.isEmpty(value)) {
-        if (value instanceof Object && this.isEmpty(value)) {
+      throw new HttpException(
-            throw new HttpException(
+        'Validation failed: No body submitted',
-                'Validation failed: No body submitted', HttpStatus.BAD_REQUEST
+        HttpStatus.BAD_REQUEST,
-            );
+      );
-        }
-        const { metatype } = metadata;
-        if (!metatype || !this.toValidate(metatype)) {
-            return value;
-        }
-        const object = plainToClass(metatype, value);
-        const errors = await validate(object);
-        if (errors.length > 0) {
-            throw new HttpException(`Validation failed: ${this.formatErrors(errors)}`, HttpStatus.BAD_REQUEST);
-        }
-        return value;
    }
-    private toValidate(metatype: Function): boolean {
+    const { metatype } = metadata;
-        const types: Function[] = [String, Boolean, Number, Array, Object];
+    if (!metatype || !this.toValidate(metatype)) {
-        return !types.includes(metatype);
+      return value;
    }
+    const object = plainToClass(metatype, value);
-    private formatErrors(errors: any[]) {
+    const errors = await validate(object, {
-        return errors.map(err => {
+      whitelist: true,
-            for (let property in err.constraints) {
+      forbidNonWhitelisted: true,
-                return err.constraints[property]
+    });
-            }
+    if (errors.length > 0) {
-        }).join(", ");
+      throw new HttpException(
+        `Validation failed: ${this.formatErrors(errors)}`,
+        HttpStatus.BAD_REQUEST,
+      );
    }
+    return value;
+  }
-    private isEmpty(value: any) {
+  private toValidate(metatype: Function): boolean {
-        return (Object.keys(value).length > 0) ? false : true;
+    const types: Function[] = [String, Boolean, Number, Array, Object];
-    }
+    return !types.includes(metatype);
-}
+  }
\ No newline at end of file
+  private formatErrors(errors: any[]) {
+    return errors
+      .map(err => {
+        for (let property in err.constraints) {
+          return err.constraints[property];
+        }
+      })
+      .join(', ');
+  }
+  private isEmpty(value: any) {
+    return Object.keys(value).length > 0 ? false : true;
+  }
+}