Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
jsonreststores-mysql
Advanced tools
Readme
Don't specify paramIds
in schema. They will be added to the schema as {type: 'id' }
automatically
Don't specify searchSchema
. It will be worked out taking all schema element marked as searchable: true
(except paramIds)
SimpleSchema - Github. This module makes it easy (and I mean, really easy) to define a schema and validate/cast data against it. It's really simple to extend a schema as well. It's a no-fuss module.
searchSchema
In JsonRestStores you actually define what fields are acceptable as filters in implementQuery
(specifically, request.options.conditions
) with the property searchSchema
, which is defined exactly as a schema. So, writing this is equivalent to the code just above:
// Basic definition of the managers store
class Managers extends HTTPMixin(Store) {
static get schema () {
return new Schema({
name: { type: 'string', trim: 60 },
surname: { type: 'string', searchable: true, trim: 60 }
})
}
searchSchema: new Schema( {
surname: { type: 'string', trim: 60 },
}),
static get storeName () { return 'managers' }
static get publicURL () { return '/managers/:id' }
static get handlePut () { return true }
static get handlePost () { return true }
static get handleGet () { return true }
static get handleGetQuery () { return true }
static get handleDelete () { return true }
// ...implement??? functions
}
If searchSchema
is not defined, JsonRestStores will create one based on your main schema by doing a shallow copy, excluding paramIds
(which means that, in this case, id
is not added automatically to searchSchema
, which is most likely what you want).
If you define your own searchSchema
, you are able to decide exactly how you want to filter the values. For example you could define a different default, or trim value, etc. You might also have fields that will create more complex queries. For example:
// Basic definition of the managers store
class Managers extends HTTPMixin(Store) {
static get schema () {
return new Schema({
name: { type: 'string', searchable: true, trim: 60 },
surname: { type: 'string', searchable: true, trim: 60 }
})
}
searchSchema: new Schema( {
surname: { type: 'string', trim: 60 },
name: { type: 'string', trim: 60 },
anyField: { type: string, trim: 60 }
}),
static get storeName () { return 'managers' }
static get publicURL () { return '/managers/:id' }
static get handlePut () { return true }
static get handlePost () { return true }
static get handleGet () { return true }
static get handleGetQuery () { return true }
static get handleDelete () { return true }
async implementQuery (request) {
// request.options.conditions might have 'any', which should generate
// an SQL query checking both name and surname
}
// ...implement??? functions
}
Every rest method runs checkPermissions()
in order to check permissions. If everything is fine, checkPermissions()
returns true
; if it returns false
, along with a message, it means that permission wasn't granted.
The checkPermissions()
method has the following signature:
checkPermissions: function( request, method)
Here:
request
. It is the request objectmethod
. It can be post
, put
, get
, getQuery
, delete
Here is an example of a store only allowing deletion only to specific admin users:
Note that if your store is derived from another one, and you want to preserve the parent store's permission model, you can run super.checkPermissions()
:
async checkPermissions (request, method) {
// Run the parent's permission check. If it failed, honour the failure
let { granted, message } = super.checkPermissions(request, method)
if (!granted) return { granted: true }
// We are only adding checks for `put`.
// In any other case, will go along with the parent's response
if (method === 'put') return { granted: true }
// User is admin (id: 1 )
if( request.session.user === 1){ return { granted: true }
else return { granted: false, message: 'Only admin can do this'}
},
Please note that checkPermissions()
is only run for local requests, with remote
set to false. All requests coming from APIs will ignore the method.
publicURL
and paramIds
When you define a store like this:
var Managers = declare( Store, {
schema: new Schema({
name : { type: 'string', trim: 60 },
surname: { type: 'string', trim: 60 },
}),
storeName: 'managers',
publicURL: '/managers/:id',
handlePut: true,
handlePost: true,
handleGet: true,
handleGetQuery: true,
handleDelete: true,
hardLimitOnQueries: 50,
});
managers.protocolListen( 'HTTP', { app: app } );;
The publicURL
is used to:
id: { type: id }
to the schema automatically. This is done so that you don't have to do the grunt work of defining id
in the schema if they are already in publicURL
.paramIds
array for the store. In this case, paramIds
will be [ 'id' ]
.So, you could reach the same goal without publicURL
:
// Basic definition of the managers store
class Managers extends HTTPMixin(Store) {
static get schema () {
return new Schema({
id: { type: 'id' },
name: { type: 'string', searchable: true, trim: 60 },
surname: { type: 'string', trim: 60 }
})
}
static get paramIds () { return [ 'id' ] }
static get storeName () { return 'managers' }
static get publicURL () { return '/managers/:id' }
static get handlePut () { return true }
static get handlePost () { return true }
static get handleGet () { return true }
static get handleGetQuery () { return true }
static get handleDelete () { return true }
// ...implement??? functions
}
Note that:
id
parameter had to be defined in the schemaparamIds
array had to be defined by handmanagers.protocolListenHTTP({ app: app } );
can't be used as the public URL is not thereIn any case, the property idProperty
is set as last element of paramIds
; in this example, it is id
.
*/
/* Schema options * searchable (added to searchSchema automatically if searchSchema not set) * silent (not fetched in query and fetch if true) */
FAQs
Mixin to implement MySql calls for jsonreststores
The npm package jsonreststores-mysql receives a total of 0 weekly downloads. As such, jsonreststores-mysql popularity was classified as not popular.
We found that jsonreststores-mysql demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.