Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

jsonapi-server

Package Overview
Dependencies
Maintainers
3
Versions
69
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jsonapi-server - npm Package Compare versions

Comparing version 0.13.0 to 0.13.1

2

CHANGELOG.md

@@ -39,1 +39,3 @@ 2015-06-29 - Initial release

2015-11-12 - v0.13.0
2015-11-17 - Additional error handling for foreign relation lookup
2015-11-17 - v0.13.1

26

lib/routes/search.js

@@ -27,2 +27,28 @@ "use strict";

function(callback) {
if (!request.params.relationships) return callback();
var target = Object.keys(request.params.relationships)[0];
var relation = resourceConfig.attributes[target];
if (!relation || !relation._settings || !(relation._settings.__one || relation._settings.__many)) {
return callback({
status: "403",
code: "EFORBIDDEN",
title: "Request validation failed",
detail: "Requested relation \"" + target + "\" does not exist on " + request.params.type
});
}
if (relation._settings.__as) {
return callback({
status: "403",
code: "EFORBIDDEN",
title: "Request validation failed",
detail: "Requested relation \"" + target + "\" is a foreign reference and does not exist on " + request.params.type
});
}
return callback();
},
function(callback) {
resourceConfig.handlers.search(request, callback);

@@ -29,0 +55,0 @@ },

2

package.json
{
"name": "jsonapi-server",
"version": "0.13.0",
"version": "0.13.1",
"description": "A fully featured NodeJS sever implementation of json:api. You provide the resources, we provide the api.",

@@ -5,0 +5,0 @@ "keywords": [

49

test/get-:resource.js

@@ -314,2 +314,51 @@ "use strict";

});
describe("by foreign key", function() {
it("should find resources by relation", function(done) {
var url = "http://localhost:16006/rest/articles/?relationships[photos]=aab14844-97e7-401c-98c8-0bd5ec922d93";
request.get(url, function(err, res, json) {
assert.equal(err, null);
json = helpers.validateJson(json);
assert.equal(res.statusCode, "200", "Expecting 200 OK");
assert.equal(json.data.length, 2, "Should be 2 matching resources");
done();
});
});
it("should error with incorrectly named relations", function(done) {
var url = "http://localhost:16006/rest/articles/?relationships[photo]=aab14844-97e7-401c-98c8-0bd5ec922d93";
request.get(url, function(err, res, json) {
assert.equal(err, null);
json = helpers.validateError(json);
assert.equal(res.statusCode, "403", "Expecting 403 EFORBIDDEN");
done();
});
});
it("should error when queriying with non-relation attributes", function(done) {
var url = "http://localhost:16006/rest/articles/?relationships[content]=aab14844-97e7-401c-98c8-0bd5ec922d93";
request.get(url, function(err, res, json) {
assert.equal(err, null);
json = helpers.validateError(json);
assert.equal(res.statusCode, "403", "Expecting 403 EFORBIDDEN");
done();
});
});
it("should error when querying the foreign end of a relationship", function(done) {
var url = "http://localhost:16006/rest/comments/?relationships[article]=aab14844-97e7-401c-98c8-0bd5ec922d93";
request.get(url, function(err, res, json) {
assert.equal(err, null);
json = helpers.validateError(json);
assert.equal(res.statusCode, "403", "Expecting 403 EFORBIDDEN");
done();
});
});
});
});

@@ -316,0 +365,0 @@ 

lib/mongoHandlers.js~
test/503.js~
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc