Safe, whitelist-based casting of values to atoms.

SafeAtom returns only atoms that are explicitly present in the :allowed list.

Binary input is never converted with String.to_atom/1 or String.to_existing_atom/1. Instead, binary values are compared with the string representation of atoms already present in :allowed.

This avoids creating new atoms from external input and avoids querying the VM atom table for arbitrary binary values.

Examples

iex> SafeAtom.cast("user", allowed: [:user, :guest])
{:ok, :user}

iex> SafeAtom.cast(:user, allowed: [:user, :guest])
{:ok, :user}

iex> SafeAtom.cast("admin", allowed: [:user, :guest])
{:error, :not_allowed}

iex> SafeAtom.cast(:admin, allowed: [:user, :guest])
{:error, :not_allowed}

iex> SafeAtom.cast("anything", allowed: [])
{:error, :not_allowed}

iex> SafeAtom.cast("user", [])
{:error, :missing_allowed}

iex> SafeAtom.cast("user", allowed: ["user"])
{:error, :invalid_allowed}

iex> SafeAtom.cast(123, allowed: [:user])
{:error, :invalid_value}

iex> SafeAtom.cast(nil, allowed: [:user])
{:error, :not_allowed}

iex> SafeAtom.cast(nil, allowed: [nil])
{:ok, nil}

Error reasons

• :missing_allowed - the :allowed option was not provided.
• :invalid_allowed - :allowed is not a list of atoms.
• :invalid_value - the input value is not a binary or an atom.
• :not_allowed - the input value is valid, but does not match any allowed atom.

Telemetry events

SafeAtom emits the following Telemetry events:

[:safe_atom, :cast, :rejected]

Emitted whenever cast/2 returns {:error, reason}.

• measurements:
  • :system_time - System.system_time/0 at the moment of rejection
• metadata:
  • :reason - one of :missing_allowed, :invalid_allowed, :invalid_value, or :not_allowed
  • :value - the input value passed to cast/2
  • :allowed - the :allowed option value, or nil when the option is missing