feat: Replace express-xss-sanitizer with helmet

The security middleware `express-xss-sanitizer` has been replaced with `helmet` for enhanced security measures. `helmet` provides better protection against potential security vulnerabilities.

Signed-off-by: Mathis <yidhra@tuta.io>

package.json

@@ -12,7 +12,7 @@
     "cors": "^2.8.5",
     "express": "^4.19.2",
     "express-validator": "^7.0.1",
-    "express-xss-sanitizer": "^1.2.0",
+    "helmet": "^7.1.0",
     "jose": "^5.2.4",
     "morgan": "^1.10.0",
     "mysql2": "^3.9.7",

src/services/mysql.service.ts

@@ -271,7 +271,15 @@ const MySqlService = {
 		}
 	},
 	Brand: {
-		insert(handler: MysqlHandler, data: IDbBrand) {
+		/**
+		 * Inserts a record into the `brands` table.
+		 *
+		 * @param {MysqlHandler} handler - The MySQL handler instance.
+		 * @param {IDbBrand} data - The data object representing the record to be inserted.
+		 * @returns {Promise} A promise that resolves with the result of the insertion.
+		 *                    The promise is rejected with an error if the insertion fails.
+		 */
+		insert(handler: MysqlHandler, data: IDbBrand): Promise<unknown> {
 			return new Promise((resolve, reject) => {
 				if (!data.id) return reject('Id is undefined');
 				if (data.id.length !== 36) return reject('Id invalid');
@@ -289,6 +297,38 @@ const MySqlService = {
 					reject(err as Error);
 				}
 			})
+		},
+		/**
+		 * Updates a brand in the database.
+		 * @param {MysqlHandler} handler - The MySQL handler.
+		 * @param {IDbBrand} data - The brand data to be updated.
+		 * @returns {Promise<number>} - A promise that resolves with the number of affected rows in the database.
+		 * @throws {Error} - If an error occurs during the update process.
+		 */
+		update(handler: MysqlHandler, data: IDbBrand): Promise<number> {
+			return new Promise((resolve, reject) => {
+				if (!data.id) return reject('Id is undefined');
+				if (data.id.length !== 36) return reject('Id invalid');
+
+				try {
+					const _template = `
+						${data.slug_name 			? "`slug_name` = ?," 				: null}
+						${data.display_name 	? "`display_name` = ?,"			: null}
+						${data.image_blob 		? "`slug_name` = ?," 				: null}`
+
+					const _values = [
+						data.slug_name,
+						data.display_name,
+						data.image_blob,
+						data.id
+					]
+					const _sql = `UPDATE "brands" SET ${_template} WHERE 'id' = ?`;
+					return resolve(handler.execute(_sql, _values) as unknown as number);
+
+				} catch (err: unknown) {
+					reject(err as Error);
+				}
+			})
 		}
 
 	},
@@ -398,7 +438,7 @@ const MySqlService = {
 		 *
 		 * @param {MysqlHandler} handler - The MySQL handler instance.
 		 * @param {IDbCategory} data - The category data to update.
-		 * @returns {Promise<unknown>} - A Promise that resolves with the result of the UPDATE query execution.
+		 * @returns {Promise<number>} - A promise that resolves with the number of affected rows in the database.
 		 * @throws {Error} - If an error occurs during execution.
 		 */
 		update(handler: MysqlHandler, data: IDbCategory): Promise<unknown> {
@@ -417,7 +457,7 @@ const MySqlService = {
 						data.id
 					]
 					const _sql = `UPDATE "categories" SET ${_template} WHERE 'id' = ?`;
-					return resolve(handler.execute(_sql, _values));
+					return resolve(handler.execute(_sql, _values) as unknown as number);
 
 				} catch (err: unknown) {
 					reject(err as Error);