Comments (2)
What you're describing sounds like the sanitizeFilter
option we introduced in Mongoose 6, see docs and intro blog post.
// The following will throw an error if `req.query.search` is `{ $regex: 'abc' }` or `{ $lt: 'test' }` or any other query filter
const documents = await model
.find({ name: req.query.search })
.sort({ name: 'asc' })
.options({ sanitizeFilter: true })
.exec();
Does the sanitizeFilter
option sound like it fixes your issue?
from mongoose.
But apparently it does not strictly sanitize according to the property type and it is still possible to send data types that do not correspond to the schema, for example:
console.log(mongoose.version); // 7.0.3
await mongoose.connect('mongodb://localhost:27017/mongoose_test');
const schema = new mongoose.Schema({ name: String });
const TestModel = mongoose.model('Test', schema);
const doc = new TestModel({ name: 'foobar' });
await doc.save();
const docs = await TestModel.find({ name: [ 'foobar' ] }).setOptions({ sanitizeFilter: true }).exec();
console.log(docs);
The results is:
[ { name: 'foobar',
_id: new ObjectId("666d04f039e8d300b31d303f"),
__v: 0 } ]
In the name
property can send an array instead of a string value with disabled filters in options.
What I propose is an option for the input data to adhere to the schema and not just a simple elimination of filters that begin with the $
character. Or could it be a bug in that option?.
from mongoose.
Related Issues (20)
- MongooseError: Operation `prefixes.findOne()` buffering timed out after 10000ms and MongooseServerSelectionError: connect ECONNREFUSED 13.200.189.28:27017 HOT 1
- MongoServerError: cannot create a new collection -- already using 527 collections of 500 HOT 1
- Is there a way to preserve documents modifications when a doc is modified and then populated? HOT 2
- Typescript sees the Boolean Constructor Type as Date when using Mongoose HOT 6
- getting _id as unknown type HOT 5
- "operation-start" event of the MongooseConnection
- Mismatch between the type derived from the ```lean``` query and the declared interface on virtual fields HOT 3
- Documentation site down? HOT 1
- Type 'import(".../node_modules/mongoose/node_modules/mongodb/mongodb").MongoClient' is not assignable to type 'import(".../node_modules/mongodb/mongodb").MongoClient'. HOT 7
- BSON Timestamp in a mongoose schema HOT 1
- The return type of connection.tranaction method should not be Promise<void>.
- InferRawDocType returns `unknown` for every property instead of the right type HOT 3
- TS: _id not required on DocumentArray properties of documents returned from query HOT 3
- Embedded documents are missing the `toJSON()` method HOT 1
- Can not creating a Schema with a field named 'parent' HOT 8
- Query recursive model with discriminator not working with string ref id filter HOT 1
- await mongoose.connect() not fully connected HOT 3
- how to search objectid with regex? HOT 3
- địt con bà chúng mày
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mongoose.