UNPKG

express-restify-mongoose-guard

Version:

Pre / post hooks for express-restify-mongoose that provides configurable protection for Restify interfaces

github.com/hash-bang/express-restify-mongoose-guard

hash-bang/express-restify-mongoose-guard

69 lines (46 loc) 3.16 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
express-restify-mongoose-guard ============================== Pre / post hooks for express-restify-mongoose that provides configurable protection for Restify interfaces. This module works by attaching itself late in the load-order to [express-restify-mongoose](https://www.npmjs.com/package/express-restify-mongoose) and removing any potencially bad fields from the output. This module was necessary as there was no method we could find that would omit certain fields without needing to list them all individually. Functionality grew over time to include other handy operations such as the `DELETE` to `UPDATE` rewriter. Usage ----- Include the module in the usual way and set it as the default `outputFn` when setting up express-restify-monogoose within your main `server.js` file: var restify = require('express-restify-mongoose'); var restifyGuard = require('express-restify-mongoose-guard')(); restify.defaults({ version: '', middleware: restifyGuard.preHook, outputFn: restifyGuard.postHook, }); Configuration ------------- By default express-restify-mongoose-guard will protect any field beginning with `_` from being outputted (except for `_id` and `__v` which is renamed to `_v`). If you wish to tweak this further you can pass options by adding them to the function call. The below shows some common patterns: var restify = require('express-restify-mongoose'); var restifyGuard = require('express-restify-mongoose-guard')({ // Rewrite all DELETE operations into an UPDATE forcing 'model.status = deleted' deleteUpdateRemap: {status: 'deleted'}, removeFields: [ // Remove all fields beginning with '_' /^_/, // Remove all fields beginning with '$' /^\$/, // Run the fields though a filter and remove anything where the value is 'FIXME' function (val, key) { return (val == 'FIXME'); }, ], }); restify.defaults({ version: '', middleware: restifyGuard.preHook, outputFn: restifyGuard.postHook, }); | Option | Type | Default | Description | |---------------------|-------------------------------|-------------------------------|----------------| | `deleteUpdateRemap` | Object | `false` | If specified all `DELETE` operations are rewritten as update operations and the object is saved. This allows you to override deletes with something like `{status: 'deleted'}` as a flag instead of actually removing the document | | `remapMethods` | Object (method => middleware) | `{}` | Middleware handler for specific HTTP methods. Each function is called as `function(req, res, next)` in the usual Express style | | `removeFields` | Array of RegExps / Functions | `[/^_/]` | A list of regular expressions or closure functions to run on each object field. Returning true will omit that field from the output | | `renameFields` | Object (field => renamed) | `{'_id': '_id', '__v': '_v'}` | An object of fields to rename. This also takes presidence over `removeFields` so any rename here will override the remove |