express-query-params
Advanced tools
express-query-params - npm Package Compare versions
Comparing version 0.4.0 to 1.0.0
@@ -1,1 +0,1 @@ | ||
| module.exports = require('./lib/params'); | ||
| module.exports = require('./lib').middleware |
@@ -1,17 +0,27 @@ | ||
| var moment = require('moment'); | ||
| /* | ||
| Taken from this blog post: | ||
| https://www.myintervals.com/blog/2009/05/20/iso-8601-date-validation-that-doesnt-suck/ | ||
| exports.typeCast = function(options) { | ||
| return function(val) { | ||
| if (!options.typeCast) return val; | ||
| if (val === String(options.parseNum(val))) return options.parseNum(val); | ||
| if (moment(val, options.dateFormat, true).isValid()) return options.parseDate(val); | ||
| return val; | ||
| I removed a couple needless escapes. | ||
| */ | ||
| const ISO8601_REGEX = /^([+-]?\d{4}(?!\d{2}\b))((-?)((0[1-9]|1[0-2])(\3([12]\d|0[1-9]|3[01]))?|W([0-4]\d|5[0-2])(-?[1-7])?|(00[1-9]|0[1-9]\d|[12]\d{2}|3([0-5]\d|6[1-6])))([T\s]((([01]\d|2[0-3])((:?)[0-5]\d)?|24:?00)([.,]\d+(?!:))?)?(\17[0-5]\d([.,]\d+)?)?([zZ]|([+-])([01]\d|2[0-3]):?([0-5]\d)?)?)?)?$/ | ||
| const OPERATOR_TRIM_REGEX = /(\*|>=?|<=?|\^)/g | ||
| exports.typeCast = ({ dateFormat = 'iso8601', returnJSDate } = {}) => ( | ||
| rawValue => { | ||
| if (rawValue === Number(rawValue).toString()) return Number(rawValue) | ||
| if ([ 'true', 'false' ].indexOf(rawValue) > -1) return rawValue === 'true' | ||
| if (typeof dateFormat === 'function' && dateFormat(rawValue)) return dateFormat(rawValue) | ||
| if ( | ||
| (dateFormat.toLowerCase() === 'iso8601' && ISO8601_REGEX.test(rawValue)) && | ||
| returnJSDate | ||
| ) return new Date(rawValue) | ||
| return rawValue | ||
| } | ||
| }; | ||
| ) | ||
| exports.parseDate = function(options) { | ||
| return function(date) { | ||
| var dto = moment(date, options.dateFormat).format(); | ||
| return options.format === 'sql' ? "DATE('" + dto + "')" : dto; | ||
| } | ||
| }; | ||
| exports.trimOperators = raw => raw.replace(OPERATOR_TRIM_REGEX, '') |
| { | ||
| "name": "express-query-params", | ||
| "version": "0.4.0", | ||
| "version": "1.0.0", | ||
| "description": "Express.js middleware implementing the API Query Spec, converting the params to SQL or a Mongo query", | ||
| "main": "index.js", | ||
| "scripts": { | ||
| "test": "mocha", | ||
| "package:update": "npm outdated --depth=0 | grep -v Package | awk '{print $1}' | xargs -I% npm install %@latest --save" | ||
| "test": "jest --verbose" | ||
| }, | ||
@@ -24,3 +23,3 @@ "repository": { | ||
| ], | ||
| "author": "Mike Timofiiv (http://fiiv.io)", | ||
| "author": "Mike Timofiiv (https://fiiv.io)", | ||
| "license": "MIT", | ||
@@ -32,9 +31,14 @@ "bugs": { | ||
| "devDependencies": { | ||
| "chai": "^3.2.0", | ||
| "mocha": "^2.3.0", | ||
| "node-mocks-http": "^1.4.3" | ||
| "eslint": "^4.19.1", | ||
| "eslint-config-airbnb-base": "^12.1.0", | ||
| "eslint-plugin-import": "^2.11.0", | ||
| "jest": "^22.4.3" | ||
| }, | ||
| "dependencies": { | ||
| "moment": "^2.10.6" | ||
| "dependencies": {}, | ||
| "peerDependencies": { | ||
| "express": "^4.16.3" | ||
| }, | ||
| "engines": { | ||
| "node": ">8" | ||
| } | ||
| } |
@@ -1,10 +0,13 @@ | ||
| # Mongo Express Query Params | ||
| # Express Query Params | ||
| Express.js middleware implementing the [API Query Spec](http://mgmco.github.io/api-query-spec/), converting the query to something that can be used to look up the resource. | ||
| It works for MongoDB and SQL. | ||
| ## Installing | ||
| ```sh | ||
| npm i --save express-query-params # with npm | ||
| yarn add express-query-params # with yarn | ||
| ``` | ||
| npm i --save express-query-params | ||
| ``` | ||
@@ -16,11 +19,11 @@ ## Basic Usage | ||
| ```js | ||
| var express = require('express'); | ||
| var queryParams = require('express-query-params'); | ||
| const express = require('express') | ||
| const queryParams = require('express-query-params') | ||
| var app = express(); | ||
| const app = express() | ||
| app.use(queryParams()); | ||
| app.use(queryParams()) | ||
| ``` | ||
| Inside any downstream middleware, this plugin will create a `parsedQuery` object on the `request`. See the [test](https://github.com/mtimofiiv/express-query-params/blob/master/test/test.js) to see how it works. | ||
| Inside any downstream middleware, this plugin will create a `parsedQuery` prop on `request`, so you should be able to access it via `request.parsedQuery`. | ||
@@ -34,16 +37,43 @@ ## Advanced Usage | ||
| // Function to parse integers or floats - defaults to javascript's own parseFloat | ||
| parseNum: parseFloat, | ||
| /* | ||
| Will validate dates according to this format - defaults to ISO8601 | ||
| // Will validate dates according to this format - defaults to ISO_8601 | ||
| dateFormat: '2014-01-01', | ||
| If you want to custom-format your dates, please pass a function here. Its first | ||
| argument would be the raw date and it would expect the formatted date as a return. | ||
| */ | ||
| dateFormat: 'ISO8601', | ||
| // Function to parse dates to the `dateFormat` variable - defaults to Moment.js | ||
| parseDate: function() {}, | ||
| /* | ||
| Here you can overwrite the default behaviour of how dates are handled. If this is | ||
| set to true, it will give you back a JS Date object. If you set it to false, you will | ||
| merely get the string you put in. | ||
| // Set this to false to disable type casting and have the output be all strings | ||
| typeCast: true, | ||
| A caveat - if you set `dateFormat` to a custom function, this option will have no effect. | ||
| // Accepts `mongodb` or `sql` - defaults to `mongodb` | ||
| format: 'mongodb' | ||
| For SQL, this defaults to false and for Mongo the default is true | ||
| */ | ||
| returnJSDate: false|true, | ||
| // Accepts `mongo` or `sql` - defaults to `mongo` | ||
| format: 'mongo', | ||
| /* | ||
| Use this to prevent certain params from becoming clauses. Useful for things like | ||
| pagination params. Default is `limit`. | ||
| Add their key to this array. | ||
| Is compatible with the whitelistParams (but can't really imagine why you'd want to!) | ||
| */ | ||
| blacklistParams: [ 'limit' ], | ||
| /* | ||
| Use this to only allow certain params becoming clauses. Useful for limiting access in | ||
| your API's search functionality. | ||
| Add their key to this array. | ||
| Is compatible with the blacklistParams (but can't really imagine why you'd want to!) | ||
| */ | ||
| whitelistParams: [] | ||
| })); | ||
@@ -56,10 +86,23 @@ ``` | ||
| In case of `mongodb`, the output is a javascript object that can be used to query MongoDb. | ||
| * In case of `mongodb`, the output is a javascript object that can be used to query MongoDb. | ||
| * In case of `sql`, it will output an object with the following props: | ||
| * `query` - this contains a tokenised query (ie. `$1` replaces raw params) | ||
| * `values` - this is an array of typecast values you can use in your query runner to coincide with the `query` prop | ||
| In case of `sql`, it will output a `WHERE` clause for you as a string. | ||
| ## A Note About v1 | ||
| This module has endured a complete re-write from version `0.4.0` to `1.0.0`. Their APIs are only partially compatible now, so please ensure you read the following differences before upgrading: | ||
| * The SQL format now returns an object with a tokenised query and an array of corresponding values, and before it used to return a complete query. This was done because it is out of scope of this module to protect your application from SQL injection, and this is a real conern with a raw query. You can plug these props right into something like Sequelize to make them work! That has built in parameter sanitisation. | ||
| * The `dateFormat` option now works differently, please read about it above if you need it to do something besides default. | ||
| * `moment` is no longer required for this module, it uses only native JS date. | ||
| ## Contributing | ||
| Do you have a database that is not SQL or Mongo? Would love to have your contribution in the form of a PR! Please include a test. | ||
| ## Tests | ||
| ``` | ||
| mocha | ||
| yarn test | ||
| ``` |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1221.08%
137815
- Number of package files
- increased by88.89%
17
- Lines of code
- increased by54.23%
310
- Number of low quality alerts
- decreased by-100%
0
- Number of lines in readme file
- increased by68.25%
106
Worsened metrics
- Dev dependency count
- increased by33.33%
4
- Number of low supply chain risk alerts
- increased byInfinity%
1
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedaccepts@1.3.8(transitive)
+ Addedarray-flatten@1.1.1(transitive)
+ Addedbody-parser@1.20.3(transitive)
+ Addedbytes@3.1.2(transitive)
+ Addedcall-bind@1.0.7(transitive)
+ Addedcontent-disposition@0.5.4(transitive)
+ Addedcontent-type@1.0.5(transitive)
+ Addedcookie@0.7.1(transitive)
+ Addedcookie-signature@1.0.6(transitive)
+ Addeddebug@2.6.9(transitive)
+ Addeddefine-data-property@1.1.4(transitive)
+ Addeddepd@2.0.0(transitive)
+ Addeddestroy@1.2.0(transitive)
+ Addedee-first@1.1.1(transitive)
+ Addedencodeurl@1.0.22.0.0(transitive)
+ Addedes-define-property@1.0.0(transitive)
+ Addedes-errors@1.3.0(transitive)
+ Addedescape-html@1.0.3(transitive)
+ Addedetag@1.8.1(transitive)
+ Addedexpress@4.21.1(transitive)
+ Addedfinalhandler@1.3.1(transitive)
+ Addedforwarded@0.2.0(transitive)
+ Addedfresh@0.5.2(transitive)
+ Addedfunction-bind@1.1.2(transitive)
+ Addedget-intrinsic@1.2.4(transitive)
+ Addedgopd@1.0.1(transitive)
+ Addedhas-property-descriptors@1.0.2(transitive)
+ Addedhas-proto@1.0.3(transitive)
+ Addedhas-symbols@1.0.3(transitive)
+ Addedhasown@2.0.2(transitive)
+ Addedhttp-errors@2.0.0(transitive)
+ Addediconv-lite@0.4.24(transitive)
+ Addedinherits@2.0.4(transitive)
+ Addedipaddr.js@1.9.1(transitive)
+ Addedmedia-typer@0.3.0(transitive)
+ Addedmerge-descriptors@1.0.3(transitive)
+ Addedmethods@1.1.2(transitive)
+ Addedmime@1.6.0(transitive)
+ Addedmime-db@1.52.0(transitive)
+ Addedmime-types@2.1.35(transitive)
+ Addedms@2.0.02.1.3(transitive)
+ Addednegotiator@0.6.3(transitive)
+ Addedobject-inspect@1.13.3(transitive)
+ Addedon-finished@2.4.1(transitive)
+ Addedparseurl@1.3.3(transitive)
+ Addedpath-to-regexp@0.1.10(transitive)
+ Addedproxy-addr@2.0.7(transitive)
+ Addedqs@6.13.0(transitive)
+ Addedrange-parser@1.2.1(transitive)
+ Addedraw-body@2.5.2(transitive)
+ Addedsafe-buffer@5.2.1(transitive)
+ Addedsafer-buffer@2.1.2(transitive)
+ Addedsend@0.19.0(transitive)
+ Addedserve-static@1.16.2(transitive)
+ Addedset-function-length@1.2.2(transitive)
+ Addedsetprototypeof@1.2.0(transitive)
+ Addedside-channel@1.0.6(transitive)
+ Addedstatuses@2.0.1(transitive)
+ Addedtoidentifier@1.0.1(transitive)
+ Addedtype-is@1.6.18(transitive)
+ Addedunpipe@1.0.0(transitive)
+ Addedutils-merge@1.0.1(transitive)
+ Addedvary@1.1.2(transitive)
- Removedmoment@^2.10.6
- Removedmoment@2.30.1(transitive)