moleculerjs / database Goto Github PK

Shouldn't this be handled since cacheOpts can be null?

Hi ,
When I change the primary key field to secure , all related foreign key fields persisted encoded ID in database which I can't run a query over database . although when create , update or populate a field , if we used secure foreign key in our schema , incorrect functionality happened in mean time .
Also when we use secure ID in nested object there is no process and transform with nested data happened .
I guess there are a lot of missed scenario implementation for secure field happened.
Also I opened a new discussion that related to this issue that you can find it in #35

We are trying to use the keyField parameter to use _id instead of id

_id: { type: "string", primaryKey: true },

country: {
        type: "string",
        required: true,
        populate: {
          keyField: "_id",
          action: "countries.get",
        },
      },

But we are getting validation errors on countries.get saying that _id is undefined. Seems like id is hardcoded?

Here's a workaround we found:

country: {
        type: "string",
        required: true,
        populate: async (ctx, values, entities, field) => {
          return Promise.all(
            entities.map(
              async (entity) =>
                (entity.postCount = await ctx.call(
                  "countries.get",
                  { _id: entity.country }
                ))
            )
          );
        },
      },

it must be:

const actionEnabled = name => { 
 	return ( 
 		mixinOpts.createActions === true || 
 		(typeof mixinOpts.createActions == "object" && mixinOpts.createActions[name] === true) 
 	); 
 }; 

I'm disabling the default actions with the following:

      createActions: {
        remove: false,
      },

Then I'm trying to override that remove action with a custom one like so:

    remove: {
      rest: {
        method: "DELETE",
        path: "/:id",
      },
      params: {
        id: {type: "string"},
      },
      async handler(ctx) {
              // ...
          });
        }
      },
    },

Unfortunately, this crashing with the following error:

TypeError: def.rest.replace is not a function

    at fixIDInRestPath (@moleculer\database\src\schema.js:32:23)
    at Service.merged (@moleculer\database\src\index.js:272:6)
    at node_modules\moleculer\src\service.js:87:35
    at Array.forEach (<anonymous>)
    at Service.parseServiceSchema (moleculer\src\service.js:87:18)
    at new Service (moleculer\src\service.js:64:20)
    at ServiceBroker.createService (node_modules\moleculer\src\service-broker.js:840:14)
    at ServiceBroker.loadService (moleculer\src\service-broker.js:805:16)
    at moleculer\src\middlewares\hot-reload.js:34:20
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

If I pass rest a simlpe string, it runs but it creates end points for every verb (GET, PUT, etc). Removing the rest setting makes the action dissapear. The only workaround I've found for now is to rename the action to something else, like safeRemove.

When mongo adapter connected with local or single node mongo community 4.4 sever, insertOneResult.acknowledged is always null. We tried to set writeConcern as 'majority' still failed. But, Same code work with Mongo Atlas with 4.4 version database.

Is there a way to disable the acknowledged check in insertOne and insertMany response? @icebob

There is such a problem as the race condition attack.

This problem is famous when using the ORM pattern as Active Record and Data Mapper.
We get a record for changes and change it outside the transaction, which means that we can execute precisely the same query in parallel.

Consider a simple attack in transferring $5 from Alice to Bob:

Get balance Alice -> $5 -> transfer to Bob -$5 -> get balance Bob -> $0 -> received from Alice +$5

And now, if two queries were running at the same time:

Query 1: Get balance Alice -> $5 (race condition!) -> transfer to Bob -$5 -> get balance Bob -> $0 -> received from Alice +$5

Query 2: Get balance Alice -> $5 (race condition!) -> transfer to Bob -$5 -> get balance Bob -> $5 -> recieved from Alice +$5

Bob has a balance of $10, and Alice has $5.

It is elementary to check this behaviour by calling the Promise.all() method, we generate ten requests and, depending on the network, and the processing speed of the database, from 2 to 10 requests will pass simultaneously.

In SQL, the first statement must be with SELECT FOR UPDATE to block against concurrent updates, or both wrapped in a SERIALIZABLE transaction isolation level.

How can we protect ourselves now?

We must wrap the updateEntity method in a transaction with isolation level SERIALIZABLE.
Or use moleculer-channels to update items in strong FIFO in Kafka.

I'm not sure if this issue is related to moleculerjs database or another specific package, but Should createEntity handle converting _id string to ObjectId when passing a string _id (similar to mongoose where you can initialize new ObjectId using mongoose.Types.ObjectId())?

For example in this next image, createEntity with _id as string creates an _id string type instead of an ObjectId type, even with using new ObjectId() from mongodb package.

As title, have any way to config populate fields in object item of sub array?
Example

settings: {
  fields: {
    arrayField: {
      type: 'array',
      items: {
        type: 'object',
        props: {
          normalField: { type: 'string' },
          needPopulatedField: { type: 'object', virtual: true, populate() {} }
        }
      }
    }
  }
}

When using the autogenerated list action, it seems the pageSize parameter is being ignored. I can replicate this both in the api gateway and using curl.

{service}/?pageSize=20 keeps returning 10 (the default). For comparison page does work, {service}/?page=2 returns the second page

Hello @icebob
I want to know is there any plan or implementation for GROUP BY feature find operation ?
Thanks

When user sends scope query param with valid scope name, default scope removed from final scope list.

Example:
Our task service has 3 scopes

1. tenant
2. onlyActive
3. onlyMyTask

Default scope:

1. tenant
2. onlyActive

GET /list?scope=onlyMyTask

Actual scope applied to query
onlyMyTask

Expected scope to be applied

1. tenant
2. onlyActive
3. onlyMyTask