UNPKG

mongoose-hidden

Version:

Hides certain model properties when invoking toJSON or toObject.

github.com/mblarsen/mongoose-hidden

mblarsen/mongoose-hidden

200 lines (143 loc) β€’ 11 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
# mongoose-hidden :see_no_evil: [![Build status](http://img.shields.io/travis/mblarsen/mongoose-hidden.svg)](http://travis-ci.org/mblarsen/mongoose-hidden) [![codebeat badge](https://codebeat.co/badges/05e78d4b-9038-4339-8e67-0702cc4416a2)](https://codebeat.co/projects/github-com-mblarsen-mongoose-hidden-master) [![Coverage status](https://coveralls.io/repos/github/mblarsen/mongoose-hidden/badge.svg?branch=master)](https://coveralls.io/github/mblarsen/mongoose-hidden?branch=master) [![Known vulnerabilities](https://snyk.io/test/github/mblarsen/mongoose-hidden/badge.svg)](https://snyk.io/test/github/mblarsen/mongoose-hidden) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) [![Monthly downloads](https://img.shields.io/npm/dm/mongoose-hidden.svg)](https://www.npmjs.com/package/mongoose-hidden) [![NPM version](http://img.shields.io/npm/v/mongoose-hidden.svg)](https://www.npmjs.com/package/mongoose-hidden) A Mongoose schema plugin that hooks into `toJSON()` and `toObject()` to allow hiding of properties you do not want sent client-side, like passwords and other secrets and sensitive information. [![Contact me on Codementor](https://www.codementor.io/m-badges/mblarsen/im-a-cm-b.svg)](https://www.codementor.io/@mblarsen?refer=badge) # Install ``` npm i mongoose-hidden ``` # Usage A simple example that hides passwords: ```javascript let mongoose = require('mongoose') let Schema = mongoose.Schema let mongooseHidden = require('mongoose-hidden')() let UserSchema = new Schema( name: String, password: { type: String, hide: true }, email: String ) UserSchema.plugin(mongooseHidden) let User = mongoose.model('User', UserSchema) let user = new User({ name: 'Joe', email: 'joe@example.com', password: 'secret' }) user.save(function() { console.log(user.toJSON()) // { name: 'Joe', email: 'joe@example.com' } }) ``` ### Property params: `hide`, `hideJSON`, `hideObject` A property will be hidden in all cases when `toJSON` and `toObject` is invoked if the property parameter `hide` is used. Alternatively use `hideJSON` or `hideObject` to target either of the serialization functions. ```javascript let UserSchema = new Schema( ... password: { type: String, hideJSON: true }, // hidden for toJSON but not for toObject ... ) ``` The value of `hide`, `hideJSON`, and `hideObject` can be a callback with the following signature: ```javascript function (doc, ret) // same as the transform function callback ``` ### Option: `hidden` If you find yourself hiding the same properties over and over again you can initialize the plugin with the `hidden` option. There are two ways to set this up and they can be combined for more granular control. ```javascript // Passing constructor parameters const mongooseHidden = require('mongoose-hidden')({ hidden: { _id: true, password: true } }) UserSchema.plugin(mongooseHidden) // Passing plugin parameters when attaching to schema const mongooseHidden = require('mongoose-hidden')() UserSchema.plugin(mongooseHidden, { hidden: { _id: true, password: true } }) // Here they are used together const mongooseHidden = require('mongoose-hidden')({ hidden: { _id: true, password: true } }) UserSchema.plugin(mongooseHidden, { hidden: { resetToken: true } }) PaymentSchema.plugin(mongooseHidden, { hidden: { _id: false, authToken: true } }) // unhides _id //.. another example: if (app === 'web') { UserSchema.plugin(mongooseHidden, { hidden: { _id: true, password: true } }) } else if (app == 'private-api') { UserSchema.plugin(mongooseHidden, { hidden: { password: true } }) } else { UserSchema.plugin(mongooseHidden) } ``` ### Option: `defaultHidden` By default `_id` and `__v` properties are hidden. You can override this behaviour, when you load the plugin: ```javascript let mongooseHidden = require('mongoose-hidden')({ defaultHidden: { password: true } }) UserSchema.plugin(mongooseHidden) ``` This effectively overrides the plugin defaults leaving only `password` hidden and `_id` and `__v` are left untouched. Alternatively if you only want to unhide the params hidden by the plugin by default you can pass the plugin option `autoHideJSON` and `autoHideObject` with a value of `false`. ### Option: `virtuals` Hiding of virtuals can be done as well. Be sure to include the plugin after you turn on virtuals. ```javascript // By default in Mongoose virtuals will not be included. Turn on before enabling plugin. schema.set('toJSON', { virtuals: true }) schema.set('toObject', { virtuals: true }) // Enable plugin schema.plugin(mongooseHidden, { virtuals: { fullname: 'hideJSON' } }) ``` The value of the virtuals key can be: `hide`, `hideJSON` and `hideObject`. For nested virtuals use the path for the key above, e.g. `'nested.virtual': 'hideJSON'`. _Note: If you don't turn on virtuals for `toObject`, `fullname` in the above example `fullname` will *NOT* be hidden despite its `hideJSON` value._ ### Option: `applyRecursively` Off by default, but when turned on the plugin will attach itself to any child schemas as well. ### Transform The `mongoose-hidden` is written as a transform function. If you implement your own transform functions be sure to add them prior to applying the plugin. The plugin will then invoke that function before hiding properties. ```javascript let mongooseHidden = require('mongoose-hidden')() // First define transform function UserSchema.set('toJSON', { transform: function (doc, ret, opt) { ret['name'] = 'Mr ' + ret['name'] return ret }, }) // Then apply plugin UserSchema.plugin(mongooseHidden) ``` All names will now be prefixed with "Mr". # Changelog See [CHANGELOG.md](https://github.com/mblarsen/mongoose-hidden/blob/master/CHANGELOG.md) # Limitations - Always set `{ getters: true, virtuals: true }` before installing plugin if you want virtuals to be returned: ```javascript schema.set('toJSON', { getters: true, virtuals: true }) schema.plugin(require(mongooseHidden)) ``` ## Contributors ✨ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)): <!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section --> <!-- prettier-ignore-start --> <!-- markdownlint-disable --> <table> <tr> <td align="center"><a href="https://github.com/AlbertHambardzumyan"><img src="https://avatars3.githubusercontent.com/u/11527341?v=4" width="100px;" alt=""/><br /><sub><b>Albert Hambardzumyan</b></sub></a><br /><a href="https://github.com/mblarsen/mongoose-hidden/commits?author=AlbertHambardzumyan" title="Tests">⚠️</a> <a href="https://github.com/mblarsen/mongoose-hidden/issues?q=author%3AAlbertHambardzumyan" title="Bug reports">πŸ›</a></td> <td align="center"><a href="https://github.com/awelllle"><img src="https://avatars0.githubusercontent.com/u/25726727?v=4" width="100px;" alt=""/><br /><sub><b>Awele</b></sub></a><br /><a href="https://github.com/mblarsen/mongoose-hidden/commits?author=awelllle" title="Documentation">πŸ“–</a></td> <td align="center"><a href="http://infiniscene.com"><img src="https://avatars3.githubusercontent.com/u/938128?v=4" width="100px;" alt=""/><br /><sub><b>Dan Trocchio</b></sub></a><br /><a href="https://github.com/mblarsen/mongoose-hidden/issues?q=author%3Alavarsicious" title="Bug reports">πŸ›</a> <a href="https://github.com/mblarsen/mongoose-hidden/commits?author=lavarsicious" title="Tests">⚠️</a> <a href="https://github.com/mblarsen/mongoose-hidden/commits?author=lavarsicious" title="Code">πŸ’»</a></td> <td align="center"><a href="https://www.codeboutique.com"><img src="https://avatars0.githubusercontent.com/u/247048?v=4" width="100px;" alt=""/><br /><sub><b>Michael BΓΈcker-Larsen</b></sub></a><br /><a href="https://github.com/mblarsen/mongoose-hidden/issues?q=author%3Amblarsen" title="Bug reports">πŸ›</a> <a href="https://github.com/mblarsen/mongoose-hidden/commits?author=mblarsen" title="Code">πŸ’»</a> <a href="#maintenance-mblarsen" title="Maintenance">🚧</a> <a href="https://github.com/mblarsen/mongoose-hidden/commits?author=mblarsen" title="Documentation">πŸ“–</a></td> <td align="center"><a href="https://twitter.com/ohnobinki"><img src="https://avatars2.githubusercontent.com/u/82626?v=4" width="100px;" alt=""/><br /><sub><b>Nathan Phillip Brink</b></sub></a><br /><a href="https://github.com/mblarsen/mongoose-hidden/commits?author=binki" title="Documentation">πŸ“–</a></td> <td align="center"><a href="https://github.com/Santinell"><img src="https://avatars2.githubusercontent.com/u/3122009?v=4" width="100px;" alt=""/><br /><sub><b>Pavel Evdokimov</b></sub></a><br /><a href="https://github.com/mblarsen/mongoose-hidden/issues?q=author%3ASantinell" title="Bug reports">πŸ›</a> <a href="https://github.com/mblarsen/mongoose-hidden/commits?author=Santinell" title="Code">πŸ’»</a> <a href="https://github.com/mblarsen/mongoose-hidden/commits?author=Santinell" title="Tests">⚠️</a></td> <td align="center"><a href="https://github.com/Bajix"><img src="https://avatars3.githubusercontent.com/u/4229773?v=4" width="100px;" alt=""/><br /><sub><b>Thomas Sieverding</b></sub></a><br /><a href="https://github.com/mblarsen/mongoose-hidden/issues?q=author%3ABajix" title="Bug reports">πŸ›</a> <a href="https://github.com/mblarsen/mongoose-hidden/commits?author=Bajix" title="Code">πŸ’»</a></td> </tr> <tr> <td align="center"><a href="https://github.com/lykmapipo"><img src="https://avatars3.githubusercontent.com/u/1610857?v=4" width="100px;" alt=""/><br /><sub><b>lally elias</b></sub></a><br /><a href="https://github.com/mblarsen/mongoose-hidden/issues?q=author%3Alykmapipo" title="Bug reports">πŸ›</a> <a href="https://github.com/mblarsen/mongoose-hidden/commits?author=lykmapipo" title="Code">πŸ’»</a></td> <td align="center"><a href="https://github.com/marshalys"><img src="https://avatars3.githubusercontent.com/u/344530?v=4" width="100px;" alt=""/><br /><sub><b>mars</b></sub></a><br /><a href="https://github.com/mblarsen/mongoose-hidden/issues?q=author%3Amarshalys" title="Bug reports">πŸ›</a> <a href="https://github.com/mblarsen/mongoose-hidden/commits?author=marshalys" title="Code">πŸ’»</a></td> <td align="center"><a href="https://github.com/proswdev"><img src="https://avatars3.githubusercontent.com/u/9143637?v=4" width="100px;" alt=""/><br /><sub><b>proswdev</b></sub></a><br /><a href="https://github.com/mblarsen/mongoose-hidden/issues?q=author%3Aproswdev" title="Bug reports">πŸ›</a> <a href="https://github.com/mblarsen/mongoose-hidden/commits?author=proswdev" title="Tests">⚠️</a> <a href="https://github.com/mblarsen/mongoose-hidden/commits?author=proswdev" title="Code">πŸ’»</a></td> </tr> </table> <!-- markdownlint-enable --> <!-- prettier-ignore-end --> <!-- ALL-CONTRIBUTORS-LIST:END --> This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome!