From 08f590520234f346a34644eabe865ef80fcc58e6 Mon Sep 17 00:00:00 2001
From: L4168 <L4168@student.jamk.fi>
Date: Tue, 2 Jul 2019 10:07:20 +0300
Subject: [PATCH] forbidNonWhitelisted: true

---
 src/shared/validation.pipe.ts | 81 ++++++++++++++++++++---------------
 1 file changed, 47 insertions(+), 34 deletions(-)

diff --git a/src/shared/validation.pipe.ts b/src/shared/validation.pipe.ts
index 27f078b..68eb4e8 100644
--- a/src/shared/validation.pipe.ts
+++ b/src/shared/validation.pipe.ts
@@ -1,44 +1,57 @@
-
-import { PipeTransform, Injectable, ArgumentMetadata, BadRequestException, HttpException, HttpStatus } from '@nestjs/common';
+import {
+  PipeTransform,
+  Injectable,
+  ArgumentMetadata,
+  HttpException,
+  HttpStatus,
+} from '@nestjs/common';
 import { validate } from 'class-validator';
 import { plainToClass } from 'class-transformer';
 
 @Injectable()
 export class ValidationPipe implements PipeTransform<any> {
-    async transform(value: any, metadata: ArgumentMetadata) {
-
-        if (value instanceof Object && this.isEmpty(value)) {
-            throw new HttpException(
-                'Validation failed: No body submitted', HttpStatus.BAD_REQUEST
-            );
-        }
-
-        const { metatype } = metadata;
-        if (!metatype || !this.toValidate(metatype)) {
-            return value;
-        }
-        const object = plainToClass(metatype, value);
-        const errors = await validate(object);
-        if (errors.length > 0) {
-            throw new HttpException(`Validation failed: ${this.formatErrors(errors)}`, HttpStatus.BAD_REQUEST);
-        }
-        return value;
+  async transform(value: any, metadata: ArgumentMetadata) {
+    if (value instanceof Object && this.isEmpty(value)) {
+      throw new HttpException(
+        'Validation failed: No body submitted',
+        HttpStatus.BAD_REQUEST,
+      );
     }
 
-    private toValidate(metatype: Function): boolean {
-        const types: Function[] = [String, Boolean, Number, Array, Object];
-        return !types.includes(metatype);
+    const { metatype } = metadata;
+    if (!metatype || !this.toValidate(metatype)) {
+      return value;
     }
-
-    private formatErrors(errors: any[]) {
-        return errors.map(err => {
-            for (let property in err.constraints) {
-                return err.constraints[property]
-            }
-        }).join(", ");
+    const object = plainToClass(metatype, value);
+    const errors = await validate(object, {
+      whitelist: true,
+      forbidNonWhitelisted: true,
+    });
+    if (errors.length > 0) {
+      throw new HttpException(
+        `Validation failed: ${this.formatErrors(errors)}`,
+        HttpStatus.BAD_REQUEST,
+      );
     }
+    return value;
+  }
 
-    private isEmpty(value: any) {
-        return (Object.keys(value).length > 0) ? false : true;
-    }
-}
\ No newline at end of file
+  private toValidate(metatype: Function): boolean {
+    const types: Function[] = [String, Boolean, Number, Array, Object];
+    return !types.includes(metatype);
+  }
+
+  private formatErrors(errors: any[]) {
+    return errors
+      .map(err => {
+        for (let property in err.constraints) {
+          return err.constraints[property];
+        }
+      })
+      .join(', ');
+  }
+
+  private isEmpty(value: any) {
+    return Object.keys(value).length > 0 ? false : true;
+  }
+}
-- 
GitLab