Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Strapi v4 sanitizeEntity

Tags:

strapi

I'm trying out the new strapi v4 right now (4.0.0) community edition. I've got a custom controller which queries for the current user and (in the future) fetches related objects.

When I did this with strapi v3 I used the built-in sanititzeEntitiy - helper function to remove sensitive fields from the user instance. In v4 however, this function appears to not exist anymore and I can't figure out how to achieve this.

Is there anyone that can help me with this? My code so far is:

module.exports = {
  currentUser: async(ctx, next) => {
    let user = ctx.state.user;
    // TODO: sanitize this
  }
}

In v3 I just did return sanitizeEntity(user); which would have the desired effect. I just can't figure out how to do this in v4 and I can't find anything related to that in the docs.

like image 838
derelektrischemoench Avatar asked May 15 '26 08:05

derelektrischemoench

2 Answers

You need to use the "sanitize" utility from "@strapi/utils".

const { sanitize } = require('@strapi/utils');

module.exports = createCoreController('api::payment.payment', ({ strapi }) => ({
  async create(ctx) {
    const entity = await strapi.entityService.create('api::payment.payment', {
      data: {
        field1: 1,
        field2: 2,
      },
    });
    const sanitizedEntity = await sanitize.contentAPI.output(entity);

    return { data: sanitizedEntity };
  },
}));
like image 95
Dmitry Naumenkov Avatar answered May 18 '26 19:05

Dmitry Naumenkov

So I simultaneously posted this question on the strapi community forums. A user named JustJerem got me an answer to this question which looks like this:

**const { sanitizeEntity } = require("strapi-utils/lib");**

module.exports = (plugin) => {

  plugin.controllers.user.deleteMe = async (ctx) => {
    const entity = await strapi.entityService.delete('plugin::users-permissions.user', user.id)
    var result = **sanitizeEntity(entity, { model: strapi.getModel('plugin::users-permissions.user') })**
    return result
  };
//...
};

The original answer in the strapi forums can be found here:

https://forum.strapi.io/t/v4-0-0-sanitize-user-data/13326/4?u=derelektrischemoench

All credits to this solution go out to JustJerem on the strapi boards. Doing it like this worked for me. Hopefully this can help someone else, too.

Greetings, derelektrischemoench

like image 29
derelektrischemoench Avatar answered May 18 '26 18:05

derelektrischemoench

Sign in to Comment

Related questions

How to query a Strapi backend using GraphQL as an authenticated user?
How to get a URL parameter in Strapi?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!