Added 'has' method to check for prohibited characters.

Author: fiznool

.jshintrc

@@ -21,7 +21,6 @@
     "afterEach": false,
     "beforeEach": false,
     "describe": false,
-    "expect": false,
     "it": false
   }
 }

README.md

@@ -38,6 +38,25 @@ app.use(mongoSanitize({
 
 ```
 
+You can also bypass the middleware and use the module directly:
+
+``` js
+var mongoSanitize = require('express-mongo-sanitize');
+
+var payload = {...};
+
+// Remove any keys containing prohibited characters
+mongoSanitize.sanitize(payload);
+
+// Replace any prohibited characters in keys
+mongoSanitize.sanitize(payload, {
+  replaceWith: '_'
+});
+
+// Check if the payload has keys with prohibited characters
+var hasProhibited = mongoSanitize.has(payload);
+```
+
 ## What?
 
 This module searches for any keys in objects that begin with a `$` sign or contain a `.`, from `req.body`, `req.query` or `req.params`. It can then either:

index.js

@@ -3,43 +3,63 @@
 var TEST_REGEX = /^\$|\./,
     REPLACE_REGEX = /^\$|\./g;
 
-var sanitize = function(val, options) {
+var withEach = function(target, cb) {
+  var act = function(obj) {
+    if(Array.isArray(obj)) {
+      obj.forEach(act);
+
+    } else if(obj instanceof Object) {
+      Object.keys(obj).forEach(function(key) {
+        var val = obj[key];
+        var shouldRecurse = cb(obj, val, key);
+        if(shouldRecurse) {
+          act(obj[key]);
+        }
+      });
+    }
+  };
+
+  act(target);
+};
+
+var has = function(target) {
+  var hasProhibited = false;
+  withEach(target, function(obj, val, key) {
+    if(TEST_REGEX.test(key)) {
+      hasProhibited = true;
+      return false;
+    } else {
+      return true;
+    }
+  });
+
+  return hasProhibited;
+};
+
+var sanitize = function(target, options) {
   options = options || {};
 
   var replaceWith = null;
   if(!(TEST_REGEX.test(options.replaceWith))) {
     replaceWith = options.replaceWith;
   }
 
-  var act = function(val) {
-    if(Array.isArray(val)) {
-      val.forEach(act);
-
-    } else if(val instanceof Object) {
-      Object.keys(val).forEach(function(key) {
-        var v = val[key];
-        var noRecurse = false;
-
-        if(TEST_REGEX.test(key)) {
-          delete val[key];
-          if(replaceWith) {
-            val[key.replace(REPLACE_REGEX, replaceWith)] = v;
-          } else {
-            noRecurse = true;
-          }
-        }
+  withEach(target, function(obj, val, key) {
+    var shouldRecurse = true;
 
-        if(!noRecurse) {
-          act(v);
-        }
-
-      });
+    if(TEST_REGEX.test(key)) {
+      delete obj[key];
+      if(replaceWith) {
+        obj[key.replace(REPLACE_REGEX, replaceWith)] = val;
+      } else {
+        shouldRecurse = false;
+      }
     }
 
-    return val;
-  };
+    return shouldRecurse;
+  });
 
-  return act(val);
+  return target;
 };
 
 var middleware = function(options) {
@@ -55,3 +75,4 @@ var middleware = function(options) {
 
 module.exports = middleware;
 module.exports.sanitize = sanitize;
+module.exports.has = has;

package.json

@@ -32,5 +32,8 @@
     "express": "^4.13.3",
     "mocha": "^2.3.3",
     "supertest": "^1.1.0"
+  },
+  "dependencies": {
+    "chai": "^3.4.1"
   }
 }

test.js

@@ -3,6 +3,7 @@
 var request = require('supertest'),
     express = require('express'),
     bodyParser = require('body-parser'),
+    expect = require('chai').expect,
     sanitize = require('./index.js');
 
 describe('Express Mongo Sanitize', function() {
@@ -391,4 +392,89 @@ describe('Express Mongo Sanitize', function() {
         }, done);
     });
   });
+
+  describe('Has Prohibited Keys', function() {
+    it('should return true if the object has a key beginning with a `$`', function() {
+      var input = {
+        $prohibited: 'key'
+      };
+      expect(sanitize.has(input)).to.be.true;
+    });
+
+    it('should return true if the object has a key containing a `.`', function() {
+      var input = {
+        'prohibited.key': 'value'
+      };
+      expect(sanitize.has(input)).to.be.true;
+    });
+
+    it('should return true if the object has a nested key beginning with a `$`', function() {
+      var input = {
+        nested: {
+          $prohibited: 'key'
+        }
+      };
+      expect(sanitize.has(input)).to.be.true;
+    });
+
+    it('should return true if the object has a nested key containing a `.`', function() {
+      var input = {
+        nested: {
+          'prohibited.key': 'value'
+        }
+      };
+      expect(sanitize.has(input)).to.be.true;
+    });
+
+    it('should return true if the array contains an object with a key beginning with a `$`', function() {
+      var input = [{
+        $prohibited: 'key'
+      }];
+      expect(sanitize.has(input)).to.be.true;
+    });
+
+    it('should return true if the array contains an object with a key containing a `.`', function() {
+      var input = [{
+        'prohibited.key': 'value'
+      }];
+      expect(sanitize.has(input)).to.be.true;
+    });
+
+    it('should return true if the payload contains a deeply nested object with a key beginning with a `$`', function() {
+      var input = [{
+        some: {
+          deeply: [{
+            nested: {
+              $prohibited: 'key'
+            }
+          }]
+        }
+      }];
+      expect(sanitize.has(input)).to.be.true;
+    });
+
+    it('should return true if the payload contains a deeply nested object with a key containing a `.`', function() {
+      var input = [{
+        some: {
+          deeply: [{
+            nested: {
+              'prohibited..key': 'key'
+            }
+          }]
+        }
+      }];
+      expect(sanitize.has(input)).to.be.true;
+    });
+
+    it('should return false if the payload doesn\'t contain any prohibited characters', function() {
+      var input = {
+        some: {
+          nested: [{
+            data: 'panda'
+          }]
+        }
+      };
+      expect(sanitize.has(input)).to.be.false;
+    });
+  });
 });