Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@ucast/mongo
Advanced tools
Readme
This package is a part of ucast ecosystem. It provides a parser that can parse MongoDB query into conditions AST.
npm i @ucast/mongo
# or
yarn add @ucast/mongo
# or
pnpm add @ucast/mongo
To parse MongoDB query into conditions AST, you need to create a MongoQueryParser
instance:
import { MongoQueryParser, allParsingInstructions } from '@ucast/mongo';
const parser = new MongoQueryParser(allParsingInstructions);
const ast = parser.parse({
id: 1,
active: true
});
To create a parser you need to pass in it parsing instruction. Parsing instruction is an object that defines how a particular operator should be parsed. There are 3 types of ParsingInstruction
, one for each AST node type:
field
represents an instruction for an operator which operates in a field context only. For example, operators $eq
, $lt
, $not
, $regex
compound
represents an instruction for an operator that aggregates nested queries. For example, operators $and
, $or
, $nor
document
represents an instruction for an operator which operates in a document context only. For example, $where
or $jsonSchema
It's important to understand that it's not required that parsing instruction with type field
should be parsed into FieldCondition
. It can be parsed into CompoundCondition
as it's done for $not
operator.
A parsing instruction is an object of 3 fields:
const parsingInstruction = {
type: 'field' | 'document' | 'compound',
validate?(instruction, value) { // optional
// throw exception if something is wrong
},
parse?(instruction, schema, context) { // optional
/*
* custom logic to parse operator,
* returns FieldCondition | DocumentCondition | CompoundCondition
*/
}
}
Some operators like $and
and $or
optimize their parsing logic, so if one of that operators contain a single condition it will be resolved to that condition without additional wrapping. They also recursively collapse conditions from nested operators with the same name. Let's see an example to understand what this means:
const ast = parser.parse({
a: 1
$and: [
{ b: 2 },
{ c: 3 }
]
});
console.dir(ast, { depth: null })
/*
CompoundCondition {
operator: "and",
value: [
FieldCondition { operator: "eq", field: "a", value: 1 },
FieldCondition { operator: "eq", field: "b", value: 2 },
FieldCondition { operator: "eq", field: "c", value: 3 },
]
}
*/
This optimization logic helps to speed up interpreter's execution time, instead of going deeply over tree-like structure we have a plain structure of all conditions under a single compound condition.
Pay attention: parser removes $
prefix from operator names
In order for an operator to be parsed, it needs to define a parsing instruction. Let's implement a custom instruction which checks that object corresponds to a particular json schema.
First of all, we need to understand on which level this operator operates (field or document). In this case, $jsonSchema
clearly operates on document level. It doesn't contain nested MongoDB queries, so it's not a compound
instruction. So, we are left only with document
one.
To test that document corresponds to provided json schema, we use ajv but it's also possible to use a library of your preference.
// operators/jsonSchema.js
import { DocumentInstruction, DocumentCondition } from '@ucast/core';
import Ajv from 'ajv';
export const $jsonSchema: DocumentInstruction = {
type: 'document',
validate(instruction, value) {
if (!value || typeof value !== 'object') {
throw new Error(`"${instruction.name}" expects to receive an object`)
}
},
parse(instruction, schema) {
const ajv = new Ajv();
return new DocumentCondition(instruction.name, ajv.compile(schema));
}
};
In order to use this operator, we need to pass this instruction into MongoQueryParser
constructor:
import { MongoQueryParser, allParsingInstructions } from '@ucast/core';
import { $jsonSchema } from './operators/jsonSchema';
const parser = new MongoQueryParser({
...allParsingInstructions,
$jsonSchema
});
const ast = parser.parse({
$jsonSchema: {
type: 'object',
properties: {
firstName: { type: 'string' },
lastName: { type: 'string' },
},
additionalProperties: false,
}
});
console.dir(ast, { depth: null });
/*
DocumentCondition { operator: "jsonSchema", value: [Function: validate] }
*/
The only thing which is left is to implement a corresponding JavaScript interpreter:
function jsonSchema(condition, object) { // interpreter
return condition.value(object);
}
Want to file a bug, contribute some code, or improve documentation? Excellent! Read up on guidelines for contributing
FAQs
git@github.com:stalniy/ucast.git
The npm package @ucast/mongo receives a total of 426,265 weekly downloads. As such, @ucast/mongo popularity was classified as popular.
We found that @ucast/mongo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.