I'm using SvelteKit with the Node.js adapter and Typescript connecting to an Azure SQL instance.
Assuming I have the following route
/api/things
I want this endpoint to support the following parameters.
filter, orderby, select, top, skip, expand, search
What is the best approach to ensuring the input to these parameters is valid, and also the best/standard approach to formatting them so I can parse them?
Ideally I would like the client experience to be like the following (url encoded).
filter: /api/things?filter=id ge 10 and name eq 'example'
orderby: /api/things?orderby=name asc, id desc
select: /api/things?select=id, name
top: /api/things?top=10
skip: /api/things?skip=0
expand: /api/things?expand=subthings
search: /api/things?search=anything they want
My questions are:
Is the format I showed above acceptable?Is there a better/standard format?
I can't see how to use SQL params for the filter, orderby, or select parameters. Is there one, and if not how can I validate them myself to prevent injection?
Am I correct is putting this in as a hook/middleware over my API routes once I solve it to avoid repetition in the endpoints?
Am I reinventing the wheel and is there a node package for something like this?