/** * Input validation middleware for the iranti API. * * Validates request bodies against named schema definitions before they reach * route handlers. Each schema entry describes field-level constraints * (type, required, maxLength, pattern, min/max, maxSize). * * Key exports: * validateInput(schemaName) — express middleware factory; rejects with 400 on failure * validateSessionListQuery(query) — parses + validates GET /sessions query string * validateSessionLedgerQuery(q) — parses + validates GET /ledger query string * sanitizeString(str) — XSS-escapes a string value * validateEntity(entity) — returns true if entity matches entityType/entityId pattern * validateKey(key) — returns true if key is alphanumeric+underscore/hyphen */ import { Request, Response, NextFunction } from 'express'; import type { SessionListInput } from '../../sdk'; import type { EventLevel } from '../../lib/staffEventEmitter'; /** Constraint descriptor for a single field in a validation schema. */ interface FieldSchema { type: 'string' | 'number' | 'boolean' | 'array' | 'object' | 'any'; required: boolean; maxLength?: number; pattern?: RegExp; maxSize?: number; min?: number; max?: number; default?: unknown; } declare const schemas: Record>; export declare function validateInput(schemaName: keyof typeof schemas): (req: Request, res: Response, next: NextFunction) => Response> | undefined; export declare function validateSessionListQuery(query: Request['query']): SessionListInput; export declare function validateSessionLedgerQuery(query: Request['query']): { agentId?: string; sessionId?: string; actionType?: string; source?: string; host?: string; level?: EventLevel; since?: Date; until?: Date; limit?: number; }; export declare function sanitizeString(str: string): string; export declare function validateEntity(entity: string): boolean; export declare function validateKey(key: string): boolean; export {}; //# sourceMappingURL=validation.d.ts.map