🚀 DAY 5 OF LAUNCH WEEK: Introducing Socket Firewall Enterprise.Learn more →

Book a Demo Install Sign in

@bubojs/sequelize

Package Overview

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@bubojs/sequelize

latest

Source

npm

Version: 1.0.1

Version published: 3 years ago

Maintainers: 4

Created: 3 years ago

Source

Middlewares Sequelize

Back to Main Menu

Attributes

The @SequelizeAttributes decorator allows 3 things:

Define hidden fields for all users
Define hidden fields based on the current user
Allow the client to request particular fields in its request instead of retrieving everything

The decorator takes 3 parameters:

The associated Model (allows to retrieve the different fields)
A getter on the Interdis Attributes (()=>Array|undefined)
A getter on the Authorized Attributes ((req:any)=> Array|undefined)

example:

import { Controller, DefaultActions, Post, Body } from '@bubojs/api'
import { SequelizeAttributes } from '../../utils/middlewares/SequelizeAttributes.middleware'
import { AuthMiddleware, RoleMiddleware } from '@bubojs/catalog'
import { userAcl } from './UserAcl'

@Acl(userAcl)
@Controller({ repository: userRepository })
export class UsersController {
  constructor() {
    applyUserAccessControlList()
  }

  @AuthMiddleware()
  @CheckAcl()
  @SequelizeAttributes(
    User,
    () => ['password'],
    (req: any) => {
      const attr = req.permission.attributes
      return attr === ['*'] ? undefined : attr
    }
  )
  [DefaultActions.GET_ONE]() {}

In this example on the getOne route of the users we have the following configuration:

No user can have access to the password field, this allows to be sure that a data does not go out of the server whatever the user rights are
We get the available data per user in req.permission.attributes (req.permission is filled by the @CheckAcl)
The client can pass in the query a $attributes field which will be read and can allow to select the desired fields, if they are not in one of the exclusion lists they will be added, if nothing is specified by the client everything is returned

Populate

The populate option allows the client to aggregate other models related to the first one in the database and return these additional data in a single query without having to make another query

the decorator takes two parameters:

the associated Model, this allows to retrieve the possible associations
the authorized paths between the Models

example:

Model User

import { Column, Default, Model, Table, HasOne } from 'sequelize-typescript'
import { DataTypes } from 'sequelize'
import { CircularHelper } from '@bubojs/sequelize'
import { Basket } from '../basket/Basket'

@Table({
  paranoid: true,
  tableName: 'user',
  underscored: true,
  timestamps: true
})
export class User extends Model {
  @Column({ type: DataTypes.STRING })
  declare username: string

  @Default(USERS_ROLES.PLAYER)
  @Column({ type: DataTypes.STRING })
  declare role: USERS_ROLES

  @Column({ type: DataTypes.STRING })
  declare password: string

  @HasOne(() => Basket)
  declare avatar: CircularHelper<Avatar>

Model Basket

import { Model, Column, DataType, HasMany, HasOne, ForeignKey, Table, BelongsTo } from 'sequelize-typescript'
import { CircularHelper } from '@bubojs/sequelize'
import { Product } from '../product/Product'
import { User } from '../user/User'

@Table({
  paranoid: true,
  timestamps: true,
  tableName: 'basket',
  underscored: true
})
export class Basket extends Model {

@Column({type: DataTypes.JSON})
declare content: Object

@ForeignKey(() => User)
@Column
declare userId: number

@BelongsTo(() => User)
declare user: CircularHelper<User>

@HasMany(()=> Product)
declare products: Array<CircularHelper<Product>>
}

Model Product

import { Model, Column, DataType, HasMany, HasOne, ForeignKey, Table, BelongsTo } from 'sequelize-typescript'
import { CircularHelper } from '@bubojs/sequelize'
import { Basket } from '../basket/Basket'

@Table({
  paranoid: true,
  timestamps: true,
  tableName: 'product',
  underscored: true
})
export class Product extends Model {

@Column({type: DataTypes.JSON})
declare content: Object

@ForeignKey(() => User)
@Column
declare userId: number

@BelongsTo(() => User)
declare user: CircularHelper<User>

@HasMany(()=> Product)
declare products: Array<CircularHelper<Product>>
}

Controleur User

import { AfterMiddleware, BeforeMiddleware, Controller, DefaultActions, Post, Body } from '@bubojs/api'
import { ValidationMiddleware, CurrentUser, AuthMiddleware, RoleMiddleware } from '@bubojs/catalog'
import { applyUserAccessControlList } from './UsersAccess'
import { User } from './User'
import { userAcl } from './UserAcl'
import { SequelizePopulate } from '../../bubo.middlewares/Sequelize/Populate.middleware'

@Acl(userAcl)
@Controller({ repository: userRepository })
export class UsersController {

  @AuthMiddleware()
  @CheckAcl()
  @SequelizePopulate(User, ['basket.product'])
  [DefaultActions.GET_ONE]() {}
}

Back To Main Menu

Editor

FAQs

What is @bubojs/sequelize?

Is @bubojs/sequelize well maintained?

Package last updated on 01 Mar 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@bubojs/sequelize

Middlewares Sequelize

Attributes

Populate

Editor

Related posts

New CNAPulse Dashboard Tracks CNA Activity and Disclosure Trends

Introducing GitHub Actions Scanning Support