> api-filtering-sorting
Builds flexible API filtering and sorting systems with query parameter parsing, validation, and security. Use when implementing search endpoints, building data grids, or creating dynamic query APIs.
curl "https://skillshub.wtf/secondsky/claude-skills/api-filtering-sorting?format=md"API Filtering & Sorting
Build flexible filtering and sorting systems that handle complex queries efficiently.
Query Parameter Syntax
GET /products?category=electronics&price[gte]=100&price[lte]=500&sort=-price,name
Implementation (Node.js)
const allowedFilters = ['category', 'status', 'price', 'createdAt'];
const allowedSorts = ['name', 'price', 'createdAt'];
app.get('/products', async (req, res) => {
const filter = {};
const sort = {};
// Parse filters
for (const [key, value] of Object.entries(req.query)) {
if (key === 'sort') continue;
const match = key.match(/^(\w+)\[(\w+)\]$/);
if (match) {
const [, field, operator] = match;
if (!allowedFilters.includes(field)) continue;
filter[field] = { [`$${operator}`]: parseValue(value) };
} else if (allowedFilters.includes(key)) {
filter[key] = value;
}
}
// Parse sort
if (req.query.sort) {
for (const field of req.query.sort.split(',')) {
const direction = field.startsWith('-') ? -1 : 1;
const name = field.replace(/^-/, '');
if (allowedSorts.includes(name)) sort[name] = direction;
}
}
const products = await Product.find(filter).sort(sort);
res.json({ data: products });
});
function parseValue(value) {
if (value === 'true') return true;
if (value === 'false') return false;
if (!isNaN(value)) return Number(value);
return value;
}
Filter Operators
| Operator | Meaning | Example |
|---|---|---|
| eq | Equals | ?status=active |
| ne | Not equals | ?status[ne]=deleted |
| gt/gte | Greater than | ?price[gte]=100 |
| lt/lte | Less than | ?price[lte]=500 |
| in | In array | ?status[in]=active,pending |
| like | Contains | ?name[like]=phone |
Security
- Whitelist allowed filter fields
- Validate input types per field
- Index frequently-filtered columns
- Limit query complexity
- Prevent SQL/NoSQL injection
Best Practices
- Support common operators
- Cache filter option lists
- Monitor query performance
- Provide sensible defaults
> related_skills --same-repo
> zustand-state-management
--- name: zustand-state-management description: Zustand state management for React with TypeScript. Use for global state, Redux/Context API migration, localStorage persistence, slices pattern, devtools, Next.js SSR, or encountering hydration errors, TypeScript inference issues, persist middleware problems, infinite render loops. Keywords: zustand, state management, React state, TypeScript state, persist middleware, devtools, slices pattern, global state, React hooks, create store, useBoundS
> zod
TypeScript-first schema validation and type inference. Use for validating API requests/responses, form data, env vars, configs, defining type-safe schemas with runtime validation, transforming data, generating JSON Schema for OpenAPI/AI, or encountering missing validation errors, type inference issues, validation error handling problems. Zero dependencies (2kb gzipped).
> xss-prevention
--- name: xss-prevention description: XSS attack prevention with input sanitization, output encoding, Content Security Policy. Use for user-generated content, rich text editors, web application security, or encountering stored XSS, reflected XSS, DOM manipulation, script injection errors. Keywords: sanitization, HTML-encoding, DOMPurify, CSP, Content-Security-Policy, rich-text-editor, user-input, escaping, innerHTML, DOM-manipulation, stored-XSS, reflected-XSS, input-validation, output-encodi
> wordpress-plugin-core
--- name: wordpress-plugin-core description: WordPress plugin development with hooks, security, REST API, custom post types. Use for plugin creation, $wpdb queries, Settings API, or encountering SQL injection, XSS, CSRF, nonce errors. Keywords: wordpress plugin development, wordpress security, wordpress hooks, wordpress filters, wordpress database, wpdb prepare, sanitize_text_field, esc_html, wp_nonce, custom post type, register_post_type, settings api, rest api, admin-ajax, wordpress sql inj