Socket
Socket
Sign inDemoInstall

@krimzen-ninja/mongo-crud

Package Overview
Dependencies
Maintainers
1
Versions
52
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@krimzen-ninja/mongo-crud

A collection of types and code to make crud work easier and standardized


Version published
Weekly downloads
10
increased by900%
Maintainers
1
Weekly downloads
 
Created
Source

mongo-crud

This library was generated with Nx.

Running unit tests

Run nx test mongo-crud to execute the unit tests via Jest.

Running lint

Run nx lint mongo-crud to execute the lint via ESLint.

About

The purpose of this library is not just to CRUD objects, this is already provided for in a simple way by the mongodb package. Instead what I intend is to provide a mechanism of middleware when performing CRUD operations that can alter the data or the nature of the operation prior and post the actual operation. Some of the objectives would be:

  1. Prevent CRUD operations if there is a logged in user who doesn't have access to this particular resource. e.g. Customer cannot see orders from other customers
  2. Prevent entities in one organisation from performing CRUD operations on entities in other organisations.
    1. While still allowing me to write cross-organisation reports or perform cross-org data migrations
  3. Enforce schema of objects prior to being saved - Probably best to do this using a JSON schema on the actual collection, need to test as this will alleviate workload on the api and also ensure any other apps or manual access from storing invalid data.
  4. When returning a document from an api, there are certain fields (cost price, passwordHash, etc) that should not be exposed, this should provide a framework for stripping those out, while still allowing these values to be used internally by the code.
  5. Set date created
  6. Set last updated
  7. Add audit information
  8. Ownership of entities by logged in user
  9. Status (Active/inactive)

Authorisation/Permissions

Objectives

  1. Prevent access across orgs if not a super user (e.g. allow super users to pull a report that reads data across orgs)
  2. Prevent certain actions on objects based on ownership (e.g. if you don't own a voucher, you can't CRUD it)
  3. Prevent certain actions on objects based on status of object (E.g. soft deleted objects can't be updated)
  4. limit certain actions on objects to certain roles (e.g. only admins can read reports)
  5. Prevent certain fields from being CRUDed by certain types of users (e.g. don't allow user to see or change passwordHash directly)
  6. Limit result sets returned to only ones you are allowed (e.g. my orders)

https://dev.to/rschwabco/building-rbac-in-node-3hcb

Casl

https://www.npmjs.com/package/@casl/ability https://casl.js.org/v6/en/package/casl-react https://www.npmjs.com/package/@casl/mongoose (Provides a filtered query)

Cerbos

https://cerbos.dev/video/implement-cerbos-in-less-than-4-minutes

Data stores - https://docs.cerbos.dev/cerbos/latest/configuration/storage.html

Aserto

https://www.aserto.com/ .

Keywords

FAQs

Package last updated on 20 May 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc