Version Packages (#1145 )

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
fix(arktype-validator): Don't return restricted fields in error responses (#1137 )
2025-04-28 15:21:28 +09:00 · 2025-04-28 15:17:34 +09:00
4 changed files with 63 additions and 2 deletions
--- a/packages/arktype-validator/CHANGELOG.md
+++ b/packages/arktype-validator/CHANGELOG.md
@ -1,5 +1,11 @@
 # @hono/arktype-validator
 ## 2.0.1
 ### Patch Changes
 - [#1137](https://github.com/honojs/middleware/pull/1137) [`01cd896e9b3c6a00c3c16ed59e0c3d20f5983918`](https://github.com/honojs/middleware/commit/01cd896e9b3c6a00c3c16ed59e0c3d20f5983918) Thanks [@MonsterDeveloper](https://github.com/MonsterDeveloper)! - Don't return restricted data fields on error responses
 ## 2.0.0
 ### Major Changes
--- a/packages/arktype-validator/package.json
+++ b/packages/arktype-validator/package.json
@ -1,6 +1,6 @@
 {
  "name": "@hono/arktype-validator",
-  "version": "2.0.0",
+  "version": "2.0.1",
  "description": "ArkType validator middleware",
  "type": "module",
  "main": "dist/index.js",
--- a/packages/arktype-validator/src/index.test.ts
+++ b/packages/arktype-validator/src/index.test.ts
@ -35,6 +35,17 @@ describe('Basic', () => {
    }
  )
  app.get(
    '/headers',
    arktypeValidator(
      'header',
      type({
        'User-Agent': 'string',
      })
    ),
    (c) => c.json({ success: true, userAgent: c.header('User-Agent') })
  )
  type Actual = ExtractSchema<typeof route>
  type Expected = {
    '/author': {
@ -98,6 +109,22 @@ describe('Basic', () => {
    const data = (await res.json()) as { success: boolean }
    expect(data['success']).toBe(false)
  })
  it("doesn't return cookies after headers validation", async () => {
    const req = new Request('http://localhost/headers', {
      headers: {
        'User-Agent': 'invalid',
        Cookie: 'SECRET=123',
      },
    })
    const res = await app.request(req)
    expect(res).not.toBeNull()
    expect(res.status).toBe(400)
    const data = (await res.json()) as { succcess: false; errors: type.errors }
    expect(data.errors).toHaveLength(1)
    expect(data.errors[0].data).not.toHaveProperty('cookie')
  })
 })
 describe('With Hook', () => {
--- a/packages/arktype-validator/src/index.ts
+++ b/packages/arktype-validator/src/index.ts
@ -10,6 +10,10 @@ export type Hook<T, E extends Env, P extends string, O = {}> = (
 type HasUndefined<T> = undefined extends T ? true : false
 const RESTRICTED_DATA_FIELDS = {
  header: ['cookie'],
 }
 export const arktypeValidator = <
  T extends Type,
  Target extends keyof ValidationTargets,
@ -54,7 +58,31 @@ export const arktypeValidator = <
      return c.json(
        {
          success: false,
-          errors: out,
+          errors:
            target in RESTRICTED_DATA_FIELDS
              ? out.map((error) => {
                  const restrictedFields =
                    RESTRICTED_DATA_FIELDS[target as keyof typeof RESTRICTED_DATA_FIELDS] || []
                  if (
                    error &&
                    typeof error === 'object' &&
                    'data' in error &&
                    typeof error.data === 'object' &&
                    error.data !== null &&
                    !Array.isArray(error.data)
                  ) {
                    const dataCopy = { ...(error.data as Record<string, unknown>) }
                    for (const field of restrictedFields) {
                      delete dataCopy[field]
                    }
                    error.data = dataCopy
                  }
                  return error
                })
              : out,
        },
        400
      )