Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
hydrate-mongodb-fixed
Advanced tools
An Object Document Mapper (ODM) for MongoDB updated for Developer.
An Object/Document Mapping (ODM) framework for Node.js and MongodDB
Hydrate provides a means for developers to map Node.js classes to documents stored in a MongoDB database. Developers can work normally with objects and classes, and Hydrate takes care of the onerous details such as serializing classes to documents, validation, mapping of class inheritance, optimistic locking, fetching of references between database collections, change tracking, and managing of persistence through bulk operations.
Hydrate is inspired by other projects including JPA, Hibernate, and Doctrine.
TypeScript is a superset of JavaScript that includes type information and compiles to regular JavaScript. If you choose to use TypeScript in your projects, this type information can be used to create the mappings between your classes and the MongoDB documents, reducing duplicate work. However, TypeScript is not required and you can use Hydrate with plain JavaScript.
Decorators are a method of annotating classes and properties in JavaScript at design time. There is currently a proposal to include decorators as a standard part of JavaScript in ES7. In the meantime, several popular transpilers including Babel and TypeScript make decorators available for use now. Hydrate gives developers the option to leverages decorators as simple means to describe persistent classes.
Hydrate uses an approach to the persistence API similar to Hibernate ORM. Developers familiar with this approach should feel at home with Hydrate. Furthermore, Hydrate's query API is kept as similar as possible to the MongoDB native Node.js driver.
MongoDB bulk write operations are used to synchronize changes with the database, which can result in significant performance gains.
Hydrate requires a minimum of MongoDB 2.6 and Node 4.0. Once these dependencies are installed, Hydrate can be installed using npm:
$ npm install hydrate-mongodb --save
For brevity, the example here is only given in TypeScript. JavaScript examples coming soon.
In this example we'll model a task list. We create a file, model.ts
, defining entities Task
and Person
. We also
define an enumeration used to indicate the status of a task on the task list.
model.ts:
import {Entity, Field} from "hydrate-mongodb";
export enum TaskStatus {
Pending,
Completed,
Archived
}
@Entity()
export class Person {
@Field()
name: string;
constructor(name: string) {
this.name = name;
}
}
@Entity()
export class Task {
@Field()
text: string;
@Field()
status: TaskStatus;
@Field()
created: Date;
@Field()
assigned: Person;
constructor(text: string) {
this.created = new Date();
this.status = TaskStatus.Pending;
this.text = text;
}
archive(): boolean {
if(this.status == TaskStatus.Completed) {
this.status = TaskStatus.Archived;
return true;
}
return false;
}
}
Once our model is defined, we need to tell Hydrate about it. We do this by adding the model to an AnnotationMappingProvider, then adding the mapping provider to the Configuration.
server.ts:
import {MongoClient} from "mongodb";
import {Configuration, AnnotationMappingProvider} from "hydrate-mongodb";
import * as model from "./model";
var config = new Configuration();
config.addMapping(new AnnotationMappingProvider(model));
We use the standard MongoDB native driver to establish a connection to MongoDB. Once the connection is open, we create a SessionFactory using the MongoDB connection and the previously defined Configuration.
server.ts (con't):
MongoClient.connect('mongodb://localhost/mydatabase', (err, db) => {
if(err) throw err;
config.createSessionFactory(db, (err, sessionFactory) => {
...
});
});
A Hydrate Session should not be confused with the web-server session. The Hydrate Session is analogous to JPA's EntityManager, and is responsible for managing the lifecycle of persistent entities.
Typically the SessionFactory is created once at server startup and then used to create a Session for each connection to the server. For example, using a Session in an Express route might look something like this:
app.get('/', function (req, res, next) {
var session = sessionFactory.createSession();
...
session.close(next);
});
Calling close on the Session persists any changes to the database and closes the Session. Call flush instead to persist any changes without closing the Session.
In order to create a new Task
we instantiate the task and then add it to the
Session by calling
save.
var task = new Task("Take out the trash.");
session.save(task);
To find a task by identifier we use find.
session.find(Task, id, (err, task) => {
...
});
To find all tasks that have not yet been completed, we can use the query method.
session.query(Task).findAll({ status: TaskStatus.Pending }, (err, tasks) => {
...
});
Below is an example of finding all tasks assigned to a specific person. Note that even though person
is an instance
of the Person
entity which is serialized as an ObjectId
in the task
collection, there is no need to pass the
identifier of the person
directly to the query.
session.find(Person, personId, (err, person) => {
...
session.query(Task).findAll({ assigned: person }, (err, tasks) => {
...
});
});
Hydrate provides a mechanism to retrieve references between persistent entities. We do this using fetch. Note that fetch uses the same dot notation that MongoDB uses for queries.
For example, say we wanted to fetch the Person
that a Task
is assigned to.
session.fetch(task, "assigned", (err) => {
console.log(task.assigned.name); // prints the name of the Person
});
The fetch method can be used in conjunction with queries as well.
session.find(Task, id).fetch("assigned", (err, task) => {
...
});
All queries can use a Promise for the query result by calling asPromise.
session.find(Task, id).asPromise().then((task) => {
...
});
session.query(Task).findAll({ assigned: person }).asPromise().then((tasks) => {
...
});
Queries that return multiple entities may return an Observable for the query by calling asObservable.
session.query(Task).findAll({ assigned: person }).asObservable().subscribe((task) => {
...
});
In TypeScript, the emitDecoratorMetadata and experimentalDecorators options must be enabled on the compiler.
Entities are classes that map to a document in a MongoDB collection.
@Entity()
export class Person {
@Field()
name: string;
constructor(name: string) {
this.name = name;
}
}
If a name for the collection is not given, an entity is mapped to a collection in MongoDB based on the name of the class. The collectionNamingStrategy in the Configuration is used to determine the name of the collection. The default naming strategy is CamelCase. Alternatively, a name for the collection can be specified using the Collection decorator.
@Entity()
@Collection("people")
export class Person {
@Field()
name: string;
constructor(name: string) {
this.name = name;
}
}
Fields are mapped on an opt-in basis. Only fields that are decorated are mapped. The name for the field in the document can optionally be specified using the Field decorator.
@Entity()
export class User {
@Field("u")
username: string;
}
If the name for the field is not specified, the fieldNamingStrategy on the Configuration is used to determine the name of the field. The default naming strategy is CamelCase.
The identityGenerator on the Configuration is used to generate an identifier for an entity. The default identity generator is the ObjectIdGenerator. This is the only generator that ships with Hydrate. Composite identifiers are not supported. Natural identifiers are not supported.
The identifier is exposed on an entity as a string through the id
property and in it's native format, typically ObjectID,
on the _id
property. This is the default behavior and cannot be disabled. No decorator is required.
@Entity()
export class User {
_id: ObjectID;
id: string;
@Field()
username: string;
}
If you do not want to use one or more of the identity properties, you can leave them off your class definition.
@Entity()
export class User {
id: string;
@Field()
username: string;
}
Embeddables are classes that map to nested subdocuments within entities, arrays, or other embeddables.
@Embeddable()
export class HumanName {
@Field()
last: string;
@Field()
first: string;
@Field()
name: string;
constructor(last: string, first?: string) {
this.last = last;
this.first = first;
this.name = last;
if(first) {
this.name += ", " + first;
}
}
}
@Entity()
export class Person {
@Field()
name: HumanName;
constructor(name: HumanName) {
this.name = name;
}
}
Using the Parent decorator, Embeddables can designate a property to reference the object they are embedded in. The property is automatically populated with a reference to the parent object when the embeddable is loaded from the database. Properties annotated with Parent are not persisted to the database.
@Entity()
export class Person {
@ElementType(Address)
addresses: Address[];
}
@Embeddable()
export class Address {
@Parent()
resident: Person;
@Field()
street: string;
...
}
When using TypeScript, the type of a field is automatically provided. The following types are supported:
Type Decorator
When a property is an embeddable or a reference to an entity, sometimes the type of the property cannot be determined
because of circular references of import
statements. In this case the
Type decorator should be used with the name
of the type.
@Entity()
export class Person {
@Type("HumanName")
name: HumanName;
constructor(name: HumanName) {
this.name = name;
}
}
Arrays
TypeScript does not provide the type of an array element, so the type of the array element must be indicate with the ElementType decorator.
@Entity()
export class Organization {
@ElementType(Address)
addresses: Address[];
}
This is true for primitive types as well.
@Entity()
export class Person {
@ElementType(String)
aliases: string[];
}
Enums
By default enums are serialized as numbers. Use the Enumerated decorator to serialize enums as strings.
export enum TaskStatus {
Pending,
Completed,
Archived
}
@Entity()
export class Task {
@Field()
text: string;
@Enumerated(TaskStatus)
status: TaskStatus;
}
Standard prototypical inheritance is supported for both entities and embeddables.
@Entity()
class Party {
...
}
@Entity()
class Person extends Party {
...
}
@Entity()
class Organization extends Party {
...
}
All entities within an inheritance hierarchy are stored in the same collection. If the Collection decorator is used, it is only valid on the root of an inheritance hierarchy.
Entities stored in separate collections may share a common superclass that is not mapped to a collection. In the example,
below Patient
(stored in patient
collection) and Document
(stored in document
collection) share a common
superclass Asset
that defines the field owner
.
class Asset {
@Field()
owner: Organization;
constructor(owner: Organization) {
this.owner = owner;
}
}
@Entity()
class Patient extends Asset {
...
}
@Entity()
class Document extends Asset {
...
}
If Asset
was decorated with Entity then Patient
and Document
would instead both be stored in a collection called asset
.
If an inheritance hierarchy is defined, a discriminator field is added to the serialized document to indicate the type when deserializing the entity or embeddable. By default, the discriminatorField on the Configuration is used to determine the name of the field to store the discriminator. Optionally, the discriminator field can be specified on the root of an inheritance hierarchy using the DiscriminatorField decorator.
@Entity()
@DiscriminatorField("type")
class Party {
...
}
The class discriminator can be specified using the DiscriminatorValue decorator.
@Entity()
@DiscriminatorValue("P")
class Person extends Party {
...
}
@Entity()
@DiscriminatorValue("O")
class Organization extends Party {
...
}
If the discriminator value is not explicitly specified for a class, it is determined using the discriminatorNamingStrategy on the Configuration. By default, the name of the class is used.
By default entity references are not loaded and must be fetched using Session#fetch or similar. If a FetchType of Eager is specified on an entity reference then that reference is automatically fetched when the entity is loaded.
@Entity()
export class Task {
@Fetch(FetchType.Eager)
owner: Person;
}
When an entity is loaded, all fields for that entity are retrieved from the database. Specifying a FetchType of Lazy for a field causes that field to not be retrieved from the database when the entity is loaded. The field is only loaded by calling Session#fetch and indicating which field to load.
@Entity()
export class Person {
@Fetch(FetchType.Lazy)
image: Buffer;
}
Make sure you are defining appropriate indexes on the Entities and creating them in the database. To define indexes use the @Index decorator on an Entity. To create the indexes in the database call createIndexes on the SessionFactory or set createIndexes to true in the Configuration. You can do this on server start up when NODE_ENV does not equal "production". For production you can call createIndexes as needed as part of your deployment process.
The default ChangeTrackingType, DeferredImplicit, during a flush will dirty check, every Entity that is loaded in the Session. Although this is convenient, because you don't have to worry about when Entities are modified, the dirty checking is expensive. If you have entities that are frequently loaded and rarely modified, you should consider switching to DeferredExplicit change tracking. This will only dirty check entities when you explicitly call save on the Session. You can set change tracking on an entity using the @ChangeTracking decorator. You can switch to DeferredExplicit change tracking for all Entities instead by default by setting the changeTracking property on the Configuration.
If you know Entities will never change, set them as immutable using the @Immutable decorator. This will disable change tracking and optimistic locking for the entity. This means the Entity will never be dirty checked or written to the database after the first time it's written.
If you know your embedded classes will not change, set them to immutable as well using the @Immutable decorator. When an embedded class is immutable, it will be skipped when Hydrate is dirty checking the containing Entity and the embedded's document representation will be cached for serialization.
If you are pulling back large amounts of data in situations where no domain logic will be used and the entity will not be modified, such as for reports, consider querying the database directly. You can access the underlying database connection with the connection property of the SessionFactory. For example: session.factory.connection.collection("user").aggregate(...)
Duplicate data to avoid fetching Entity references. For example, let's say you have a Book entity that references an Author entity, and you often have to fetch the Author of the Book just to display the name of the author. Instead, store the name of the Author as a property on the Book (in addition to the reference to the Author) so that you don't need to fetch the Author every time you load a Book. This also helps with reporting if you are using the database connection directly for reporting (as suggested above).
If you have a property on an Entity that stores large amounts of data, such as a binary file or photo, set it to lazy fetching with the @Fetch decorator. When a property is set to FetchType.Lazy, it is not loaded from the database when the Entity is loaded unless it is explicitly fetched using fetch on the Session.
Generally avoid using FetchType.Eager on entity references since it could end up loading a large portion of your entity graph. Instead, fetch entity references as needed.
To help identify slow queries during development, add a bunyan logger with a log level of TRACE as the logger property in the Configuration. This will log all queries executed along with the amount of time it took to execute the query. You can then execute slow queries directly in the MongoDB shell with explain to determine what indexes will be helpful (or if your current indexes are working as expected). Note that ObjectId's logged in the queries are printed as strings so you need to make sure to wrap them with ObjectId when running a query in the MongoDB shell.
The logger will also print out summary information for a flush, such as the execution time, and the number of entities inserted, updated, removed, and dirty checked. If your flushes are slow, consider using the strategies mentioned above to reduce dirty checking and serialization time.
It is not recommend using the logger in a production environment.
FAQs
An Object Document Mapper (ODM) for MongoDB updated for Developer.
The npm package hydrate-mongodb-fixed receives a total of 2 weekly downloads. As such, hydrate-mongodb-fixed popularity was classified as not popular.
We found that hydrate-mongodb-fixed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.