Comparing version 0.0.81 to 0.0.82
34
api.js
@@ -32,2 +32,3 @@ var _ = require('underscore'), | ||
this.resources = []; | ||
this.resources_schemas = []; | ||
@@ -54,5 +55,35 @@ var self = this; | ||
this.resources.push({name:name, url:resource.path}); | ||
resource.schema_path = _.chain([]) | ||
.push(this.path) | ||
.push('schema/') | ||
.push(name) | ||
.join('') | ||
.value(); | ||
this.resources.push({ | ||
name:name, | ||
url:resource.path, | ||
schema: resource.schema_path | ||
}); | ||
this.resources_schemas.push({ | ||
name:name, | ||
url:resource.path, | ||
allowed_methods:resource.allowed_methods, | ||
fields:resource.show_fields(), | ||
update_fields:resource.show_update_fields(), | ||
filtering : _.map(resource.filtering || {},function(value,key) | ||
{ | ||
return { field : key, usage1: resource.path + '?' + key + '=<value>', usage2: resource.path + '?' + key + '__in=<value1>,<value2>'}; | ||
}), | ||
sorting : resource.path + "?order_by=<field1>,<field2>" | ||
}); | ||
var resource_index = this.resources.length -1; | ||
var self = this; | ||
this.app.get('/' + resource.schema_path,function(req,res){ | ||
res.json(self.resources_schemas[resource_index]); | ||
}); | ||
this.app.resource(resource.path, (function(methods){ | ||
@@ -66,2 +97,3 @@ _.each(['show', 'index', 'create', 'update', 'destroy', 'load'], function(name) { | ||
})({})); | ||
}, | ||
@@ -68,0 +100,0 @@ //Alias for register -Backword Compability |
@@ -8,3 +8,3 @@ var Class = require('sji'); | ||
is_authenticated:function (req, callback) { | ||
callback(null,true); | ||
callback(null, true); | ||
}, | ||
@@ -11,0 +11,0 @@ // get a request identifier, uses for throttling (optional) |
@@ -37,5 +37,5 @@ var _ = require('underscore'), | ||
if (!user_id) | ||
callback({message:'cant get user id'}); | ||
callback({message:'cannot get user id'}); | ||
else { | ||
object.set(this.user_field, user_id); | ||
object[this.user_field] = user_id; | ||
callback(null, object); | ||
@@ -42,0 +42,0 @@ } |
@@ -17,2 +17,9 @@ var _ = require('underscore'), | ||
show_fields : function(){ | ||
return this.fields || _.map(this.model.schema.tree,function(value,key) | ||
{ | ||
return key; | ||
}); | ||
}, | ||
get_object:function (req, id, callback) { | ||
@@ -30,2 +37,3 @@ var query = this.model.findById(id); | ||
var self = this; | ||
var query = this.default_query(this.model.find(this.default_filters)); | ||
@@ -60,10 +68,15 @@ var count_query = this.default_query(this.model.count(this.default_filters)); | ||
} | ||
var default_sort = query.options.sort || []; | ||
query.options.sort = []; | ||
for (var i = 0; i < sorts.length; i++) | ||
query.sort(sorts[i].field, sorts[i].type); | ||
for(var i=0; i<default_sort.length; i++) | ||
query.options.sort.push(default_sort[i]); | ||
query.limit(limit); | ||
query.skip(offset); | ||
var results = null, count = null; | ||
@@ -96,3 +109,4 @@ | ||
}); | ||
this.authorization.limit_object_list(req, count_query, function (err, count_query) { | ||
self.authorization.limit_object_list(req, count_query, function (err, count_query) { | ||
if (err) callback(err); | ||
@@ -112,6 +126,9 @@ else | ||
var self = this; | ||
var object = new self.model(); | ||
for (var field in fields) { | ||
object[field] = fields[field]; | ||
} | ||
self.authorization.edit_object(req, object, function (err, object) { | ||
@@ -129,2 +146,3 @@ if (err) callback(err); | ||
var self = this; | ||
self.authorization.edit_object(req, object, function (err, object) { | ||
@@ -131,0 +149,0 @@ if (err) callback(err); |
{ | ||
"name":"jest", | ||
"description":"JavaScriptational State Transfer. JS restful API layer with Mongoose based resources. Inspired by python Tastypie", | ||
"version":"0.0.81", | ||
"version":"0.0.82", | ||
"author":"Ishai Jaffe <ishai@empeeric.com>", | ||
@@ -6,0 +6,0 @@ "contributors": [ |
@@ -33,4 +33,8 @@ var _ = require('underscore'), | ||
this.filtering = {}; | ||
// fields uppon sorting is allowed | ||
this.sorting = null; | ||
// fields that can be updated/created | ||
this.update_fields = null; | ||
// fields than can't be updated (stronger) | ||
this.update_exclude_fields = null; | ||
// fields which are exposable | ||
@@ -113,3 +117,3 @@ this.fields = null; | ||
// get request fields, parse & limit them | ||
var fields = self.hydrate(req.body); | ||
var fields = self.hydrate(req.body,self.get_update_tree(), self.get_update_exclude_tree()); | ||
@@ -320,2 +324,16 @@ // validate object | ||
get_update_exclude_tree: function(){ | ||
if (!this.update_exclude_tree && this.update_exclude_fields) { | ||
if (Array.isArray(this.update_exclude_fields)) { | ||
this.update_exclude_tree = {}; | ||
for (var i = 0; i < this.update_exclude_fields.length; i++) { | ||
this.update_exclude_tree[this.update_exclude_fields[i]] = null; | ||
} | ||
} | ||
if (typeof(this.update_exclude_fields) == 'object') | ||
this.update_exclude_tree = this.update_exclude_fields; | ||
} | ||
return this.update_exclude_tree; | ||
}, | ||
/** | ||
@@ -341,2 +359,4 @@ * goes over response objects & hide all fields that aren't in this.fields. Turns all objects to basic types (Number,String,Array,Object) | ||
dehydrate:function (object, tree) { | ||
if(!object) | ||
return object; | ||
// if an array -> dehydrate each object independently | ||
@@ -488,3 +508,3 @@ if (Array.isArray(object)) { | ||
case 'put': | ||
status = 204; | ||
status = 202; | ||
break; | ||
@@ -518,8 +538,21 @@ case 'delete': | ||
// check for querying operators | ||
if (field.split('__')[0] in this.filtering) | ||
filters[field] = query[field]; | ||
var parts = field.split('__'); | ||
var field_name = parts[0]; | ||
var operand = parts.length > 1 ? parts[1] : 'exact'; | ||
if (field_name in this.filtering) | ||
{ | ||
if(this.filtering[field_name] && typeof(this.filtering[field_name]) == 'object') | ||
{ | ||
if(operand in this.filtering[field_name]) | ||
filters[field] = query[field]; | ||
else | ||
continue; | ||
} | ||
else | ||
filters[field] = query[field]; | ||
} | ||
else | ||
continue; | ||
// support 'in' query | ||
if (field.split('__').length > 1 && field.split('__')[1] == 'in') | ||
if (operand == 'in') | ||
filters[field] = query[field].split(','); | ||
@@ -566,4 +599,4 @@ if (field == 'or') | ||
sorting[i] = sorting[i].substr(1); | ||
sorts.push({field:sorting[i], type:asec ? 1 : -1}); | ||
if(!this.sorting || sorting[i] in this.sorting) | ||
sorts.push({field:sorting[i], type:asec ? 1 : -1}); | ||
} | ||
@@ -628,7 +661,7 @@ return sorts; | ||
*/ | ||
hydrate:function (object, tree) { | ||
hydrate:function (object, tree,exclude_tree) { | ||
if (Array.isArray(object)) { | ||
var objects = []; | ||
for (var i = 0; i < object.length; i++) { | ||
objects.push(this.hydrate(object[i], tree)); | ||
objects.push(this.hydrate(object[i], tree,exclude_tree)); | ||
} | ||
@@ -639,13 +672,27 @@ return objects; | ||
return object; | ||
if (!tree) | ||
tree = this.get_update_tree(); | ||
if (!tree) | ||
return object; | ||
// if (!tree) | ||
// return object; | ||
var new_object = {}; | ||
for (var field in tree) | ||
new_object[field] = this.hydrate(object[field], tree[field]); | ||
tree = tree || {}; | ||
exclude_tree = exclude_tree || {}; | ||
for (var field in object) | ||
{ | ||
if(field in tree || !tree) | ||
{ | ||
if(!exclude_tree || !(field in exclude_tree)) | ||
new_object[field] = this.hydrate(object[field], tree[field],exclude_tree[field]); | ||
} | ||
} | ||
return new_object; | ||
}, | ||
show_fields:function(){ | ||
return this.fields || []; | ||
}, | ||
show_update_fields:function() { | ||
return this.update_fields || this.show_fields(); | ||
}, | ||
// Methods to implemenet | ||
@@ -652,0 +699,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 2 instances in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 2 instances in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 8 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Mixed license
License(Experimental) Package contains multiple licenses.
Found 1 instance in 1 package
Unidentified License
License(Experimental) Something that seems like a license was found, but its contents could not be matched with a known license.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No License Found
License(Experimental) License information could not be found.
Found 1 instance in 1 package
4445490
306
34873
90
2
80
2
238
24