@r5v/mongoose-paginate 1.0.14 → 1.0.15

package/README.md

@@ -139,7 +139,7 @@ GET /api/books?$lean=true
 | staticPostFilter            | Mongo Filter Object  | create a filter on the pipeline that is added after all the pipeline stages. this cannot be overwritten by params                                                        | AggregationPagingQuery              |          | {}      |
 | staticFilter                | Mongo Filter Object  | create a filter on the pipeline that is added before all the pipeline stages. on find requests, this is added to the filter object. this cannot be overwritten by params | AggregationPagingQuery              |          | {}      |
 | pipeline                    | MongoPipelineStage[] | pipeline request object. if the first item in pipeline stage is a $match or another required first stage operator. it will be placed before all other modifiers          | AggregationPagingQuery              | true     | []      |
-| removeProtected \(REMOVED\) | boolean              | auto remove protected (select: false) for root Model                                                                                                                     | AggregationPagingQuery              |          | false   |
+| removeProtected             | boolean              | **EXPERIMENTAL** - auto remove protected fields (those with `select: false` in schema) from aggregation results. Use with caution and test thoroughly in your environment | AggregationPagingQuery              |          | false   |
 
 ## Utilities
 
@@ -307,8 +307,9 @@ $ yarn run start
 9. Apply pagination (`$skip`, `$limit`) and options
 
 
-## NOTES
-1. removeProtected removed from aggregation query due to inconsistent results after publication
+### 1.0.15
+  - **Re-enabled `removeProtected` option** for `AggregationPagingQuery` (EXPERIMENTAL) - Automatically excludes fields marked with `select: false` in your schema (e.g., passwords, secret keys) from aggregation results. Use with caution and test thoroughly in your environment.
+  - Uses refactored `findProtectedPaths` utility which safely traverses schemas without JSON serialization
 
 ### 1.0.14
   - Added proper TypeScript package exports with subpaths (`/utils`, `/types`)

package/dist/aggregationPagingQuery.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"aggregationPagingQuery.d.ts","sourceRoot":"","sources":["../src/aggregationPagingQuery.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,KAAK,EACL,SAAS,EAKZ,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAC,qBAAqB,EAAE,iCAAiC,EAAE,WAAW,EAAC,MAAM,SAAS,CAAA;AAQlG,qBAAa,sBAAsB;IAC/B,MAAM,EAAG,iCAAiC,CAYzC;IACD,OAAO,EAAE,qBAAqB,CAK7B;IACD,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,GAAG,SAAS,CAAA;IACvC,cAAc,EAAE,MAAM,EAAE,CAAK;IAC7B,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;gBACL,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,qBAAqB;IAiB/E,kBAAkB,kCAAqB;IACvC,WAAW,sPAAc;IACzB,iBAAiB,6BAAoB;IACrC,YAAY,2BAAe;IAC3B,eAAe,mEAAkB;IACjC,wBAAwB;;MAA2B;IACnD,YAAY,aAOX;IACD,SAAS,sBAkDR;IACD,cAAc,GAAI,CAAC,EAAE,UAAU,CAAC,KAAG,CAAC,CAmCnC;IAED,OAAO,CAAC,qBAAqB,CAS5B;IACD,IAAI,yBAgCH;CAEJ"}
+{"version":3,"file":"aggregationPagingQuery.d.ts","sourceRoot":"","sources":["../src/aggregationPagingQuery.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,KAAK,EACL,SAAS,EAKZ,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAC,qBAAqB,EAAE,iCAAiC,EAAE,WAAW,EAAC,MAAM,SAAS,CAAA;AAQlG,qBAAa,sBAAsB;IAC/B,MAAM,EAAG,iCAAiC,CAYzC;IACD,OAAO,EAAE,qBAAqB,CAM7B;IACD,KAAK,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,GAAG,SAAS,CAAA;IACvC,cAAc,EAAE,MAAM,EAAE,CAAK;IAC7B,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;gBACL,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,qBAAqB;IAoB/E,kBAAkB,kCAAqB;IACvC,WAAW,sPAAc;IACzB,iBAAiB,6BAAoB;IACrC,YAAY,2BAAe;IAC3B,eAAe,mEAAkB;IACjC,wBAAwB;;MAA2B;IACnD,YAAY,aAOX;IACD,SAAS,sBAsDR;IACD,cAAc,GAAI,CAAC,EAAE,UAAU,CAAC,KAAG,CAAC,CAmCnC;IAED,OAAO,CAAC,qBAAqB,CAS5B;IACD,IAAI,yBAgCH;CAEJ"}

package/dist/aggregationPagingQuery.js

@@ -45,6 +45,7 @@ class AggregationPagingQuery {
             enableFilter: false,
             enablePostFilter: false,
             enablePreSort: true,
+            removeProtected: false,
             pipeline: []
         };
         this.protectedPaths = [];
@@ -65,7 +66,7 @@ class AggregationPagingQuery {
         };
         this.initQuery = () => __awaiter(this, void 0, void 0, function* () {
             const { $filter, $sort, $preSort, $select, $count, $postFilter } = this.params;
-            const _a = this.options, { enableFilter, enablePreSort, enablePostFilter, staticFilter, staticPostFilter, pipeline } = _a, options = __rest(_a, ["enableFilter", "enablePreSort", "enablePostFilter", "staticFilter", "staticPostFilter", "pipeline"]);
+            const _a = this.options, { enableFilter, enablePreSort, enablePostFilter, staticFilter, staticPostFilter, removeProtected, pipeline } = _a, options = __rest(_a, ["enableFilter", "enablePreSort", "enablePostFilter", "staticFilter", "staticPostFilter", "removeProtected", "pipeline"]);
             this.query = this.model.aggregate();
             const [p1, ...pipes] = pipeline;
             const filterObj = { $and: [Object.assign({}, staticFilter)] };
@@ -100,6 +101,9 @@ class AggregationPagingQuery {
             if ($select) {
                 this.query.project($select);
             }
+            if (removeProtected) {
+                this.removeProtectedFields();
+            }
             if ($count.length) {
                 this.createCounts();
             }
@@ -191,6 +195,9 @@ class AggregationPagingQuery {
         this.options = Object.assign(Object.assign({}, this.options), options);
         this.model = model;
         this.params = this.parseParams(this.params, req.query, true);
+        if (this.options.removeProtected) {
+            this.protectedPaths = this.findProtectedPaths(model);
+        }
         this.initQuery();
     }
 }

package/dist/tests/aggregationPagingQuery.spec.js

@@ -56,6 +56,18 @@ const AggTestSchema = new mongoose_1.Schema({
     category: { type: mongoose_1.Schema.Types.ObjectId, ref: 'Category' }
 });
 const AggTestModel = mongoose_1.default.model('AggTestModel', AggTestSchema);
+// Create a test schema with protected fields
+const ProtectedSchema = new mongoose_1.Schema({
+    username: { type: String, required: true },
+    email: { type: String },
+    password: { type: String, select: false },
+    secretKey: { type: String, select: false },
+    profile: {
+        name: { type: String },
+        ssn: { type: String, select: false }
+    }
+});
+const ProtectedModel = mongoose_1.default.model('ProtectedModel', ProtectedSchema);
 // Default pipeline with at least one stage to avoid undefined error
 const defaultPipeline = [{ $match: {} }];
 describe('AggregationPagingQuery', () => {
@@ -362,4 +374,46 @@ describe('AggregationPagingQuery', () => {
             }).toThrow('Invalid JSON in $postFilter parameter');
         });
     });
+    describe('removeProtected', () => {
+        test('should find protected paths when removeProtected is enabled', () => {
+            const req = (0, node_mocks_http_1.createRequest)({ query: {} });
+            const apq = new aggregationPagingQuery_1.AggregationPagingQuery(req, ProtectedModel, {
+                pipeline: defaultPipeline,
+                removeProtected: true
+            });
+            expect(apq.protectedPaths).toContain('password');
+            expect(apq.protectedPaths).toContain('secretKey');
+        });
+        test('should not find protected paths when removeProtected is disabled', () => {
+            const req = (0, node_mocks_http_1.createRequest)({ query: {} });
+            const apq = new aggregationPagingQuery_1.AggregationPagingQuery(req, ProtectedModel, {
+                pipeline: defaultPipeline,
+                removeProtected: false
+            });
+            expect(apq.protectedPaths).toEqual([]);
+        });
+        test('should not find protected paths by default', () => {
+            const req = (0, node_mocks_http_1.createRequest)({ query: {} });
+            const apq = new aggregationPagingQuery_1.AggregationPagingQuery(req, ProtectedModel, {
+                pipeline: defaultPipeline
+            });
+            expect(apq.protectedPaths).toEqual([]);
+        });
+        test('should set removeProtected option correctly', () => {
+            const req = (0, node_mocks_http_1.createRequest)({ query: {} });
+            const apq = new aggregationPagingQuery_1.AggregationPagingQuery(req, ProtectedModel, {
+                pipeline: defaultPipeline,
+                removeProtected: true
+            });
+            expect(apq.options.removeProtected).toBe(true);
+        });
+        test('should have empty protected paths for model without protected fields', () => {
+            const req = (0, node_mocks_http_1.createRequest)({ query: {} });
+            const apq = new aggregationPagingQuery_1.AggregationPagingQuery(req, AggTestModel, {
+                pipeline: defaultPipeline,
+                removeProtected: true
+            });
+            expect(apq.protectedPaths).toEqual([]);
+        });
+    });
 });

package/dist/types/index.d.ts

@@ -59,9 +59,15 @@ export interface AggregateQueryOptions extends Omit<AggregateOptions, 'comment'>
     disablePaging?: boolean;
     disablePostFilter?: boolean;
     disablePreSort?: boolean;
+    enablePostFilter?: boolean;
+    enablePreSort?: boolean;
+    staticFilter?: {
+        [key: string]: any;
+    };
     staticPostFilter?: {
         [key: string]: any;
     };
+    removeProtected?: boolean;
     pipeline: mongoose.PipelineStage[];
 }
 //# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AACA,OAAO,QAAQ,EAAE,EAAC,YAAY,EAAE,SAAS,EAAE,gBAAgB,EAAC,MAAM,UAAU,CAAC;AAC7E,OAAO,EAAC,QAAQ,EAAC,MAAM,IAAI,CAAC;AAE5B;;;;GAIG;AACH,MAAM,WAAW,WAAW;IACxB,KAAK,EAAE,QAAQ,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC7C;AAED,MAAM,WAAW,eAAgB,SAAQ,QAAQ;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,KAAK,GAAG,IAAI,GAAG,GAAG,GAAG,OAAO,CAAA;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,2BAA2B;IACxC,OAAO,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAA;IAChC,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;IACpB,OAAO,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,8BAA+B,SAAQ,2BAA2B;IAC/E,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,EAAE,CAAA;CAEhC;AACD,MAAM,WAAW,iCAAkC,SAAQ,2BAA2B;IAClF,QAAQ,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,CAAA;KAAE,CAAA;IACtC,KAAK,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,CAAA;KAAE,CAAA;IACnC,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,WAAW,EAAE;QAAC,CAAC,GAAG,EAAC,MAAM,GAAE,GAAG,CAAA;KAAC,CAAA;CAClC;AACD,MAAM,WAAW,oBAAqB,SAAQ,YAAY;IACtD,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,aAAa,CAAC,EAAE,OAAO,CAAA;CAC1B;AAED,MAAM,WAAW,kBAAmB,SAAQ,oBAAoB;IAC5D,YAAY,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAA;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,qBAAsB,SAAQ,IAAI,CAAC,gBAAgB,EAAC,SAAS,CAAC;IAC3E,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE;QAAE,CAAC,GAAG,EAAC,MAAM,GAAG,GAAG,CAAA;KAAE,CAAA;IACxC,QAAQ,EAAE,QAAQ,CAAC,aAAa,EAAE,CAAA;CACrC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AACA,OAAO,QAAQ,EAAE,EAAC,YAAY,EAAE,SAAS,EAAE,gBAAgB,EAAC,MAAM,UAAU,CAAC;AAC7E,OAAO,EAAC,QAAQ,EAAC,MAAM,IAAI,CAAC;AAE5B;;;;GAIG;AACH,MAAM,WAAW,WAAW;IACxB,KAAK,EAAE,QAAQ,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC7C;AAED,MAAM,WAAW,eAAgB,SAAQ,QAAQ;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,KAAK,GAAG,IAAI,GAAG,GAAG,GAAG,OAAO,CAAA;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,2BAA2B;IACxC,OAAO,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAA;IAChC,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;IACpB,OAAO,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,8BAA+B,SAAQ,2BAA2B;IAC/E,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,EAAE,CAAA;CAEhC;AACD,MAAM,WAAW,iCAAkC,SAAQ,2BAA2B;IAClF,QAAQ,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,CAAA;KAAE,CAAA;IACtC,KAAK,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,CAAA;KAAE,CAAA;IACnC,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,WAAW,EAAE;QAAC,CAAC,GAAG,EAAC,MAAM,GAAE,GAAG,CAAA;KAAC,CAAA;CAClC;AACD,MAAM,WAAW,oBAAqB,SAAQ,YAAY;IACtD,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,aAAa,CAAC,EAAE,OAAO,CAAA;CAC1B;AAED,MAAM,WAAW,kBAAmB,SAAQ,oBAAoB;IAC5D,YAAY,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAA;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,qBAAsB,SAAQ,IAAI,CAAC,gBAAgB,EAAC,SAAS,CAAC;IAC3E,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,YAAY,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,CAAA;IACrC,gBAAgB,CAAC,EAAE;QAAE,CAAC,GAAG,EAAC,MAAM,GAAG,GAAG,CAAA;KAAE,CAAA;IACxC,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,EAAE,QAAQ,CAAC,aAAa,EAAE,CAAA;CACrC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@r5v/mongoose-paginate",
-  "version": "1.0.14",
+  "version": "1.0.15",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
   "types": "./dist/index.d.ts",