coral 1.0.0 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +23 -0
- package/lib/models/coral.d.ts +1 -0
- package/lib/queryConfig.js +13 -2
- package/lib/queryConfig.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -171,6 +171,29 @@ Coral supports the following query parameters for all `GET` list requests:
|
|
|
171
171
|
|
|
172
172
|
---
|
|
173
173
|
|
|
174
|
+
## 🛡️ Security
|
|
175
|
+
|
|
176
|
+
Here are a few tips to keep your data extra secure:
|
|
177
|
+
|
|
178
|
+
- **Mass Assignment**: Use Mongoose's `strict` mode (default) and `express-validator` to ensure only the right fields (like `email` and `name`) are saved to your database.
|
|
179
|
+
- **Resource Protection**: Coral automatically caps `?limit=` to prevent your server from being overwhelmed. For heavy traffic, also try [express-rate-limit](https://www.npmjs.com/package/express-rate-limit).
|
|
180
|
+
|
|
181
|
+
```javascript
|
|
182
|
+
// Example: Using express-validator to sanitize inputs
|
|
183
|
+
const validateUser = [
|
|
184
|
+
body('email').isEmail(),
|
|
185
|
+
body('name').notEmpty(),
|
|
186
|
+
(req, res, next) => {
|
|
187
|
+
req.body = matchedData(req); // Only keep validated fields!
|
|
188
|
+
next();
|
|
189
|
+
}
|
|
190
|
+
];
|
|
191
|
+
|
|
192
|
+
Coral({ path: '/users', model: User, middlewares: [validateUser] });
|
|
193
|
+
```
|
|
194
|
+
|
|
195
|
+
---
|
|
196
|
+
|
|
174
197
|
## Developer Setup
|
|
175
198
|
|
|
176
199
|
To contribute or run tests locally:
|
package/lib/models/coral.d.ts
CHANGED
package/lib/queryConfig.js
CHANGED
|
@@ -102,7 +102,8 @@ export default function createQueryConfig(req, res, config) {
|
|
|
102
102
|
options.skip = skip;
|
|
103
103
|
}
|
|
104
104
|
if (limit) {
|
|
105
|
-
|
|
105
|
+
const maxLimit = config.perPage ? config.perPage * 10 : 100;
|
|
106
|
+
options.limit = Math.min(limit, maxLimit);
|
|
106
107
|
}
|
|
107
108
|
if (page) {
|
|
108
109
|
options.skip = page * perPage;
|
|
@@ -126,12 +127,22 @@ export default function createQueryConfig(req, res, config) {
|
|
|
126
127
|
if (select) {
|
|
127
128
|
fields = select.split(',').join(' ');
|
|
128
129
|
}
|
|
130
|
+
let data = req.body;
|
|
131
|
+
if (config.bodyFilter && data && typeof data === 'object') {
|
|
132
|
+
data = Object.keys(data)
|
|
133
|
+
.filter((key) => config.bodyFilter.includes(key))
|
|
134
|
+
.reduce((obj, key) => {
|
|
135
|
+
;
|
|
136
|
+
obj[key] = data[key];
|
|
137
|
+
return obj;
|
|
138
|
+
}, {});
|
|
139
|
+
}
|
|
129
140
|
return {
|
|
130
141
|
conditions,
|
|
131
142
|
subDoc: subDocRoot,
|
|
132
143
|
fields,
|
|
133
144
|
options,
|
|
134
|
-
data
|
|
145
|
+
data,
|
|
135
146
|
callback: createCallback(req, res, config.updateRef)
|
|
136
147
|
};
|
|
137
148
|
}
|
package/lib/queryConfig.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"queryConfig.js","sourceRoot":"","sources":["../src/queryConfig.ts"],"names":[],"mappings":"AAUA,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC1C,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAA;IACjD,OAAO,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAA;AAClD,CAAC;AAED,SAAS,WAAW,CAAC,MAAqB;IACxC,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAA;IAE7B,MAAM,MAAM,GAAiB,EAAE,GAAG,MAAM,EAAE,CAAA;IAC1C,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACtB,MAAM,CAAC,UAAU,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;IAC9C,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IAC5C,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAmB;IAC3C,MAAM,cAAc,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAA;IAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,IAAI,EAAE,CAAA;IACxC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAA;IAEtC,OAAO;QACL,UAAU,EAAE;YACV,GAAG,cAAc;YACjB,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,IAAI,EAAE,CAAC;SACpC;QACD,OAAO,EAAE;YACP,GAAG,WAAW;YACd,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC;SACjC;QACD,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,IAAI,UAAU;KAC3C,CAAA;AACH,CAAC;AAED,SAAS,YAAY,CACnB,GAAY,EACZ,GAAa,EACb,SAA0B;IAE1B,IAAI,OAAO,SAAS,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;QAC9C,OAAO,SAAS,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IACtC,CAAC;IAED,OAAO,SAAS,CAAC,SAAS,CAAA;AAC5B,CAAC;AAED,SAAS,cAAc,CACrB,GAAY,EACZ,GAAa,EACb,SAA2B;IAE3B,OAAO,KAAK,UAAU,QAAQ,CAAC,GAAY,EAAE,IAAc;QACzD,IAAI,GAAG,EAAE,CAAC;YACR,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACzB,OAAM;QACR,CAAC;QAED,IAAI,CAAC,IAAI,IAAI,CAAC,SAAS,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACd,OAAM;QACR,CAAC;QAED,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;YACnD,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;YAEpE,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC,CAAA;gBACjE,OAAM;YACR,CAAC;YAED,MAAM,MAAM,GAAI,GAA0C,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;YAC1E,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAE,IAAoC,CAAC,GAAG,CAAC,CAAA;YACxD,CAAC;iBAAM,CAAC;gBACN,CAAC;
|
|
1
|
+
{"version":3,"file":"queryConfig.js","sourceRoot":"","sources":["../src/queryConfig.ts"],"names":[],"mappings":"AAUA,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC1C,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAA;IACjD,OAAO,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAA;AAClD,CAAC;AAED,SAAS,WAAW,CAAC,MAAqB;IACxC,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAA;IAE7B,MAAM,MAAM,GAAiB,EAAE,GAAG,MAAM,EAAE,CAAA;IAC1C,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACtB,MAAM,CAAC,UAAU,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;IAC9C,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IAC5C,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAmB;IAC3C,MAAM,cAAc,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAA;IAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,IAAI,EAAE,CAAA;IACxC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAA;IAEtC,OAAO;QACL,UAAU,EAAE;YACV,GAAG,cAAc;YACjB,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,IAAI,EAAE,CAAC;SACpC;QACD,OAAO,EAAE;YACP,GAAG,WAAW;YACd,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC;SACjC;QACD,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,IAAI,UAAU;KAC3C,CAAA;AACH,CAAC;AAED,SAAS,YAAY,CACnB,GAAY,EACZ,GAAa,EACb,SAA0B;IAE1B,IAAI,OAAO,SAAS,CAAC,SAAS,KAAK,UAAU,EAAE,CAAC;QAC9C,OAAO,SAAS,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IACtC,CAAC;IAED,OAAO,SAAS,CAAC,SAAS,CAAA;AAC5B,CAAC;AAED,SAAS,cAAc,CACrB,GAAY,EACZ,GAAa,EACb,SAA2B;IAE3B,OAAO,KAAK,UAAU,QAAQ,CAAC,GAAY,EAAE,IAAc;QACzD,IAAI,GAAG,EAAE,CAAC;YACR,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACzB,OAAM;QACR,CAAC;QAED,IAAI,CAAC,IAAI,IAAI,CAAC,SAAS,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACd,OAAM;QACR,CAAC;QAED,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;YACnD,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;YAEpE,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC,CAAA;gBACjE,OAAM;YACR,CAAC;YAED,MAAM,MAAM,GAAI,GAA0C,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;YAC1E,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAE,IAAoC,CAAC,GAAG,CAAC,CAAA;YACxD,CAAC;iBAAM,CAAC;gBACN,CAAC;gBAAE,GAA0C,CAAC,SAAS,CAAC,IAAI,CAAC,GAC3D,IACD,CAAC,GAAG,CAAA;YACP,CAAC;YAED,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;YAChB,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAChB,CAAC;QAAC,OAAO,OAAO,EAAE,CAAC;YACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAC/B,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,OAAO,UAAU,iBAAiB,CACvC,GAAY,EACZ,GAAa,EACb,MAAmB;IAEnB,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAChE,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACnE,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACtE,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC7C,MAAM,KAAK,GAAG,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IAC/C,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAE7C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,EAAE,CAAA;IACpC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAA;IACzC,MAAM,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAA;IACtC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAA;IAChC,IAAI,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAA;IAE5B,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IAC7C,IAAI,MAAM,GAAG,UAAU,CAAA;IAEvB,IAAI,WAAW,GAAG,MAAM,CAAC,OAAO;QAC9B,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QAC5B,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAA;IAE1B,IAAI,IAAI,IAAI,CAAC,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,YAAY,IAAI,KAAK,KAAK,IAAI,CAAC,EAAE,CAAC;QAC3E,OAAO,CAAC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAA;IAC3B,CAAC;SAAM,IAAI,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,WAAW,IAAI,KAAK,KAAK,GAAG,CAAC,EAAE,CAAC;QAC/E,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;IACrB,CAAC;IAED,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;IACrB,CAAC;IAED,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAA;QAC3D,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;IAC3C,CAAC;IAED,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,CAAC,IAAI,GAAG,IAAI,GAAG,OAAO,CAAA;QAC7B,OAAO,CAAC,KAAK,GAAG,OAAO,CAAA;IACzB,CAAC;IAED,IAAI,WAAW,EAAE,CAAC;QAChB,UAAU,CAAC,MAAM,CAAC,WAAW,IAAI,KAAK,CAAC,GAAG,WAAW,CAAA;IACvD,CAAC;IAED,OAAO,MAAM,EAAE,CAAC;QACd,WAAW,GAAG,MAAM,CAAC,OAAO;YAC1B,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;YAC5B,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAA;QAE1B,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,CAAC,UAAU,GAAG,EAAE,CAAA;YACtB,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvB,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,WAAW,CAAA;YACrD,CAAC;QACH,CAAC;QAED,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;IACxB,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACtC,CAAC;IAED,IAAI,IAAI,GAAG,GAAG,CAAC,IAAI,CAAA;IACnB,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC1D,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;aACrB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,UAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;aACjD,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACnB,CAAC;YAAE,GAA+B,CAAC,GAAG,CAAC,GACrC,IACD,CAAC,GAAG,CAAC,CAAA;YACN,OAAO,GAAG,CAAA;QACZ,CAAC,EAAE,EAAE,CAAC,CAAA;IACV,CAAC;IAED,OAAO;QACL,UAAU;QACV,MAAM,EAAE,UAAU;QAClB,MAAM;QACN,OAAO;QACP,IAAI;QACJ,QAAQ,EAAE,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,SAAS,CAAC;KACrD,CAAA;AACH,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "coral",
|
|
3
3
|
"description": "A lightweight Node.js framework designed to dynamically generate RESTful API routes for Express applications using Mongoose models",
|
|
4
|
-
"version": "1.0.
|
|
4
|
+
"version": "1.0.2",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "Prathamesh Satpute",
|
|
7
7
|
"email": "prathamesh.satpute@gmail.com"
|