GithubHelp home page GithubHelp logo

mongoose-private-paths's Introduction

mongoose-private-paths

Build Status Code Climate Coverage Status Analytics Dependency Status devDependency Status peerDependency Status

A simple mongoose plugin to provide private Schema keys

Getting Started

Install the module with: npm install mongoose-private-paths

var mongoose = require('mongoose'),
    privatePaths = require('mongoose-private-paths');

var TestSchema = new mongoose.Schema({
  public:       { type: String },
  _private:     { type: String },
  also_private: { type: String, private: true },
  not_private:  { type: String, private: false },
  _even:        { type: String, private: false },
  works_too:   [{ type: String, private: false }]
});

TestSchema.plugin(privatePaths);

var Test = mongoose.model('Test', Testschema);

var test = new Test({
  public:       'all keys are public by default!',
  _private:     'keys prefixed with an "_" will be private - except "_id"',
  also_private: 'stuff with a "private" field set to true will be... private!',
  not_private:  'stuff with a "private" field set to false will be... NOT private!',
  _even:        'if they are prefixed with an "_"',
  works_too:    'array-like fields should work too'
});

test.toJSON(); // =>
// {
//   _id:          '1234',
//   public:       'all keys are public by default!',
//   not_private: 'stuff with a "private" field set to false will be... NOT private!',
//   _even:        'if they are prefixed with an "_"'
// }

Documentation

As of right now there're only two options available, to be passed when calling Schema.plugin(privatePaths, options):

  • ignore => an Array of keys to ignore (they'll all be public)
  • prefix => a different private key prefix (to be used instead of "_")

document.toJSON([options])

It should be noted that the toJSON method is overloaded with an optional options parameter, with the following keys:

  • keep => Either an array of keys or a single key to ignore (not omit)
  • remove => Either an array of keys or a single key to remove (the default behaviour is overridden, to only remove the specified keys)

Model.omitPrivatePaths(doc, [options])

This is a static function which holds the actual logic for the overloaded .toJSON on documents. It's exported to support serializing lean mongoose objects, avoiding the mongoose overhead for lists and things like that. It takes a document or lean object as its first argument and the options node as its second.

Model.findPrivate(query)

This returns a Query only selecting public fields.

License

Copyright (c) 2016. Licensed under the MIT license.

Donations

Would you like to buy me a beer? Send bitcoin to 3JjxJydvoJjTrhLL86LGMc8cNB16pTAF3y

mongoose-private-paths's People

Contributors

dotlouis avatar grant avatar stbx avatar yamadapc avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

nvdnkpr vs-archive stbx shikakka

mongoose-private-paths's Issues

Support subdocuments

Hi, first of all thanks for this module. It helps me a lot.

I just wanted to report that when nesting subdocument as specified in Mongoose Doc, the private properties of the subdocument are not removed as they should.

(pseudo code non tested)

var ChildSchema = mongoose.Schema({
  privateProp: {type: String, private: true},
  publicProp: String
});

var ParentSchema = mongoose.Schema({
  parentPrivateProp: {type: String, private: true},
  parentPublicProp: String,
  embedChild: ChildSchema
});

var Parent = mongoose.model('Parent', ParentSchema);

var p = new Model({
  parentPrivateProp: "hello",
  parentPublicProp: "my name is",
  embedChild: {
    privateProp: "Slim",
    publicProp: "Shady"
  }
});

p.toJSON();
// returns
/*
{
  parentPublicProp: "my name is",
  embedChild: {
    privateProp: "Slim",
    publicProp: "Shady"
  }
}
*/

// while it should return
/*
{
  parentPublicProp: "my name is",
  embedChild: {
    publicProp: "Shady"
  }
}
*/

I monkey patched the behavior in the nestedOmit() function by replacing

    var p = paths[key],
        t;

by:

    var p, t;

    if(_.isObject(paths.tree)){
        p = paths.tree[key];
    }
    else{
        p = paths[key];
    }

I don't know if it's the proper way to do it and if it passes tests. I just came with this patch.
I may submit a PR later. For now I just wanted to let you know :)

Populated Document support

The private paths from a populated Document will not omitted:

var mongoose = require('mongoose'),
    privatePaths = require('mongoose-private-paths');

var UserSchema = new mongoose.Schema({
    username: { type: String },
    password: { type: String, private: true }
});
UserSchema.plugin(privatePaths);
var User = mongoose.model('User', UserSchema);

var ContentSchema = new mongoose.Schema({
    whatever: { type: String },
    creator: { type: mongoose.Schema.Types.ObjectId, ref: 'User' }
});
ContentSchema.plugin(privatePaths);
var Content = mongoose.model('Content', ContentSchema);

Content.findOne({}).populate('creator').exec(function(err, result) {
    result.toJSON();
/* returns => 
{
  _id: 54f987cb84b425481a7a211a,
  whatever: 'foobar',
  creator:
   { _id: 54f987c784b425481a7a2119,
     username: 'Bob',
     password: 'secret',
     __v: 0 },
  __v: 0 }
*/
});

For my use case works this quick patch: 7cda86c. But yet there is no test etc.

Nested schema support 

var mongoose = require('mongoose'),
    privatize = require('mongoose-private-paths');

var Schema = mongoose.Schema;

var SomethingSchema = new Schema({
  nested: [{
    something: { type: String },
    wat: { type: String, private: true }
  }]
});

SomethingSchema.plugin(privatize);

var Something = mongoose.model('Something', SomethingSchema);

var something = new Something({
  nested: [
    {
      something: 'yey',
      wat: 'I shouldn\'t be here'
    }
  ]
});

something.toJSON();
// should yield =>
// {
//   nested: [
//     {
//       something: 'yey'
//     }
//   ]
// }

Direct type declaration fails isPrivate

If you declare an schema such as:

var userSchema = new Schema({
    username: String,
_password: String
})

That's perfectly valid for mongoose, toJSON will show the field _password because it's not detected properly in isPrivate method.

Atm, this is the ifthat fails:

else if(_.isObject(node) && !node.type && !node.getters) {

since node is the type String (internally that's a function) and underscore returns isObject as true.

Maybe the solution is like

else if(_.isObject(node) && !_.isFunction(node) && !node.type && !node.getters) {

Support direct "privatized" queries

Mixing select with other query operators should be able to handle this. We can either only export a "query modifier" (for an example of such thing see this) or a full query factory.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.