Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

mongo-express

Package Overview
Dependencies
Maintainers
4
Versions
169
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

mongo-express - npm Package Compare versions

Comparing version 0.54.0 to 1.0.0-alpha.1

patches/mongodb-query-parser+2.0.2.patch
yarn-error.log

67

app.js

@@ -101,42 +101,47 @@ #!/usr/bin/env node

app.use(config.site.baseUrl, middleware(config));
app.use(config.site.baseUrl, csrf());
async function bootstrap() {
const resolvedMiddleware = await middleware(config);
app.use(config.site.baseUrl, resolvedMiddleware);
app.use(config.site.baseUrl, csrf());
if (config.site.sslEnabled) {
defaultPort = 443;
sslOptions = {
key: fs.readFileSync(config.site.sslKey),
cert: fs.readFileSync(config.site.sslCert),
};
server = https.createServer(sslOptions, app);
}
if (config.site.sslEnabled) {
defaultPort = 443;
sslOptions = {
key: fs.readFileSync(config.site.sslKey),
cert: fs.readFileSync(config.site.sslCert),
};
server = https.createServer(sslOptions, app);
}
let addressString = (config.site.sslEnabled ? 'https://' : 'http://') + (config.site.host || '0.0.0.0') + ':' + (config.site.port || defaultPort);
let addressString = (config.site.sslEnabled ? 'https://' : 'http://') + (config.site.host || '0.0.0.0') + ':' + (config.site.port || defaultPort);
server.listen(config.site.port, config.site.host, function () {
if (config.options.console) {
server.listen(config.site.port, config.site.host, function () {
if (config.options.console) {
console.log('Mongo Express server listening', 'at ' + addressString);
console.log('Mongo Express server listening', 'at ' + addressString);
if (!config.site.host || config.site.host === '0.0.0.0') {
console.error(clc.red('Server is open to allow connections from anyone (0.0.0.0)'));
}
if (!config.site.host || config.site.host === '0.0.0.0') {
console.error(clc.red('Server is open to allow connections from anyone (0.0.0.0)'));
}
if (config.basicAuth.username === 'admin' && config.basicAuth.password === 'pass') {
console.error(clc.red('basicAuth credentials are "admin:pass", it is recommended you change this in your config.js!'));
if (config.basicAuth.username === 'admin' && config.basicAuth.password === 'pass') {
console.error(clc.red('basicAuth credentials are "admin:pass", it is recommended you change this in your config.js!'));
}
}
})
.on('error', function (e) {
if (e.code === 'EADDRINUSE') {
console.log();
console.error(clc.red('Address ' + addressString + ' already in use! You need to pick a different host and/or port.'));
console.log('Maybe mongo-express is already running?');
}
}
})
.on('error', function (e) {
if (e.code === 'EADDRINUSE') {
console.log();
console.error(clc.red('Address ' + addressString + ' already in use! You need to pick a different host and/or port.'));
console.log('Maybe mongo-express is already running?');
}
console.log('If you are still having trouble, try Googling for the key parts of the following error object before posting an issue');
console.log(JSON.stringify(e));
return process.exit(1);
});
}
bootstrap();
console.log();
console.log('If you are still having trouble, try Googling for the key parts of the following error object before posting an issue');
console.log(JSON.stringify(e));
return process.exit(1);
});

2

build-assets.json

@@ -1,1 +0,1 @@

{"codemirror":{"js":"public/codemirror-448baf1b30a5c8041167.min.js"},"collection":{"js":"public/collection-eebeb1154da990f38368.min.js"},"index":{"js":"public/index-0d94eb863f41a0adfbe0.min.js"},"gridfs":{"js":"public/gridfs-2a2de6ba63e24c52de65.min.js"},"document":{"js":"public/document-14c5429f8bb0330baeef.min.js"},"database":{"js":"public/database-ea9f483ec5a79aabee9d.min.js"},"vendor":{"js":"public/vendor-a6502aaae055f01bdcc3.min.js"},"":{"css":["public/css/codemirror.css","public/css/bootstrap-theme.min.css","public/css/bootstrap.min.css","public/css/style.css","public/css/theme/3024-day.css","public/css/theme/abcdef.css","public/css/theme/ambiance.css","public/css/theme/3024-night.css","public/css/theme/base16-light.css","public/css/theme/bespin.css","public/css/theme/ambiance-mobile.css","public/css/theme/base16-dark.css","public/css/theme/cobalt.css","public/css/theme/darcula.css","public/css/theme/blackboard.css","public/css/theme/duotone-dark.css","public/css/theme/duotone-light.css","public/css/theme/dracula.css","public/css/theme/colorforth.css","public/css/theme/elegant.css","public/css/theme/eclipse.css","public/css/theme/erlang-dark.css","public/css/theme/gruvbox-dark.css","public/css/theme/icecoder.css","public/css/theme/hopscotch.css","public/css/theme/idea.css","public/css/theme/isotope.css","public/css/theme/liquibyte.css","public/css/theme/lesser-dark.css","public/css/theme/lucario.css","public/css/theme/material.css","public/css/theme/mdn-like.css","public/css/theme/midnight.css","public/css/theme/mbo.css","public/css/theme/neo.css","public/css/theme/night.css","public/css/theme/monokai.css","public/css/theme/neat.css","public/css/theme/paraiso-dark.css","public/css/theme/panda-syntax.css","public/css/theme/oceanic-next.css","public/css/theme/paraiso-light.css","public/css/theme/seti.css","public/css/theme/rubyblue.css","public/css/theme/railscasts.css","public/css/theme/pastel-on-dark.css","public/css/theme/shadowfox.css","public/css/theme/ssms.css","public/css/theme/the-matrix.css","public/css/theme/solarized.css","public/css/theme/tomorrow-night-bright.css","public/css/theme/tomorrow-night-eighties.css","public/css/theme/ttcn.css","public/css/theme/twilight.css","public/css/theme/vibrant-ink.css","public/css/theme/xq-light.css","public/css/theme/xq-dark.css","public/css/theme/zenburn.css","public/css/theme/yeti.css"],"ico":"public/img/favicon.ico","gif":"public/img/gears.gif","png":"public/img/mongo-express-logo.png","svg":["public/img/mongo-express-logo.svg","public/fonts/glyphicons-halflings-regular.svg"],"ai":"public/img/mongo-express-logo.ai","eot":"public/fonts/glyphicons-halflings-regular.eot","woff":"public/fonts/glyphicons-halflings-regular.woff","ttf":"public/fonts/glyphicons-halflings-regular.ttf","woff2":"public/fonts/glyphicons-halflings-regular.woff2"}}
{"codemirror":{"js":"public/codemirror-448baf1b30a5c8041167.min.js"},"collection":{"js":"public/collection-eebeb1154da990f38368.min.js"},"index":{"js":"public/index-0d94eb863f41a0adfbe0.min.js"},"gridfs":{"js":"public/gridfs-2a2de6ba63e24c52de65.min.js"},"document":{"js":"public/document-14c5429f8bb0330baeef.min.js"},"database":{"js":"public/database-ea9f483ec5a79aabee9d.min.js"},"vendor":{"js":"public/vendor-a6502aaae055f01bdcc3.min.js"},"":{"css":["public/css/codemirror.css","public/css/bootstrap.min.css","public/css/bootstrap-theme.min.css","public/css/style.css","public/css/theme/3024-day.css","public/css/theme/ambiance-mobile.css","public/css/theme/3024-night.css","public/css/theme/abcdef.css","public/css/theme/ambiance.css","public/css/theme/base16-dark.css","public/css/theme/base16-light.css","public/css/theme/blackboard.css","public/css/theme/colorforth.css","public/css/theme/cobalt.css","public/css/theme/darcula.css","public/css/theme/bespin.css","public/css/theme/duotone-dark.css","public/css/theme/dracula.css","public/css/theme/duotone-light.css","public/css/theme/eclipse.css","public/css/theme/elegant.css","public/css/theme/erlang-dark.css","public/css/theme/gruvbox-dark.css","public/css/theme/idea.css","public/css/theme/icecoder.css","public/css/theme/hopscotch.css","public/css/theme/isotope.css","public/css/theme/liquibyte.css","public/css/theme/lesser-dark.css","public/css/theme/lucario.css","public/css/theme/material.css","public/css/theme/mbo.css","public/css/theme/mdn-like.css","public/css/theme/midnight.css","public/css/theme/monokai.css","public/css/theme/neat.css","public/css/theme/neo.css","public/css/theme/night.css","public/css/theme/oceanic-next.css","public/css/theme/panda-syntax.css","public/css/theme/paraiso-light.css","public/css/theme/paraiso-dark.css","public/css/theme/pastel-on-dark.css","public/css/theme/railscasts.css","public/css/theme/seti.css","public/css/theme/rubyblue.css","public/css/theme/shadowfox.css","public/css/theme/solarized.css","public/css/theme/ssms.css","public/css/theme/tomorrow-night-bright.css","public/css/theme/the-matrix.css","public/css/theme/tomorrow-night-eighties.css","public/css/theme/ttcn.css","public/css/theme/twilight.css","public/css/theme/vibrant-ink.css","public/css/theme/xq-dark.css","public/css/theme/xq-light.css","public/css/theme/zenburn.css","public/css/theme/yeti.css"],"gif":"public/img/gears.gif","ico":"public/img/favicon.ico","svg":["public/img/mongo-express-logo.svg","public/fonts/glyphicons-halflings-regular.svg"],"png":"public/img/mongo-express-logo.png","ai":"public/img/mongo-express-logo.ai","eot":"public/fonts/glyphicons-halflings-regular.eot","ttf":"public/fonts/glyphicons-halflings-regular.ttf","woff2":"public/fonts/glyphicons-halflings-regular.woff2","woff":"public/fonts/glyphicons-halflings-regular.woff"}}

68

config.default.js

@@ -63,3 +63,21 @@ 'use strict';

function getConnectionStringFromEnvVariables() {
const infos = {
// server: mongodb hostname or IP address
// for replica set, use array of string instead
server: (
meConfigMongodbServer.length > 1 ? meConfigMongodbServer : meConfigMongodbServer[0]
) || mongo.host,
port: process.env.ME_CONFIG_MONGODB_PORT || mongo.port,
// >>>> If you are using an admin mongodb account, or no admin account exists, fill out section below
// >>>> Using an admin account allows you to view and edit all databases, and view stats
// leave username and password empty if no admin account exists
username: getFileEnv(adminUsername) || getFileEnv(dbAuthUsername) || mongo.username,
password: getFileEnv(adminPassword) || getFileEnv(dbAuthPassword) || mongo.password,
};
const login = infos.username ? `${infos.username}:${infos.password}@` : '';
return `mongodb://${login}${infos.host}:${infos.port}/${infos.dbName}`;
}
const sslCA = 'ME_CONFIG_MONGODB_CA_FILE';

@@ -71,26 +89,21 @@ const sslCAFromEnv = getBinaryFileEnv(sslCA);

// if a connection string options such as server/port/etc are ignored
connectionString: mongo.connectionString || '',
connectionString: mongo.connectionString || getConnectionStringFromEnvVariables(),
// server: mongodb hostname or IP address
// for replica set, use array of string instead
server: (
meConfigMongodbServer.length > 1 ? meConfigMongodbServer : meConfigMongodbServer[0]
) || mongo.host,
port: process.env.ME_CONFIG_MONGODB_PORT || mongo.port,
connectionOptions: {
// ssl: connect to the server using secure SSL
ssl: process.env.ME_CONFIG_MONGODB_SSL || mongo.ssl,
// ssl: connect to the server using secure SSL
ssl: process.env.ME_CONFIG_MONGODB_SSL || mongo.ssl,
// sslValidate: validate mongod server certificate against CA
sslValidate: process.env.ME_CONFIG_MONGODB_SSLVALIDATE || true,
// sslValidate: validate mongod server certificate against CA
sslValidate: process.env.ME_CONFIG_MONGODB_SSLVALIDATE || true,
// sslCA: array of valid CA certificates
sslCA: sslCAFromEnv ? [sslCAFromEnv] : [],
// sslCA: array of valid CA certificates
sslCA: sslCAFromEnv ? [sslCAFromEnv] : [],
// autoReconnect: automatically reconnect if connection is lost
autoReconnect: true,
//autoReconnect: automatically reconnect if connection is lost
autoReconnect: true,
// poolSize: size of connection pool (number of connections to use)
poolSize: 4,
},
//poolSize: size of connection pool (number of connections to use)
poolSize: 4,
// set admin to true if you want to turn on admin features

@@ -103,22 +116,3 @@ // if admin is true, the auth list below will be ignored

// >>>> If you are using regular accounts, fill out auth details in the section below
// >>>> If you have admin auth, leave this section empty and skip to the next section
auth: [
/*
* Add the name, username, and password of the databases you want to connect to
* Add as many databases as you want!
*/
{
database: process.env.ME_CONFIG_MONGODB_AUTH_DATABASE || mongo.db,
username: getFileEnv(dbAuthUsername) || mongo.username,
password: getFileEnv(dbAuthPassword) || mongo.password,
},
],
// >>>> If you are using an admin mongodb account, or no admin account exists, fill out section below
// >>>> Using an admin account allows you to view and edit all databases, and view stats
// leave username and password empty if no admin account exists
adminUsername: getFileEnv(adminUsername) || '',
adminPassword: getFileEnv(adminPassword) || '',
// whitelist: hide all databases except the ones in this list (empty list for no whitelist)

@@ -125,0 +119,0 @@ whitelist: [],

14

HISTORY.md

@@ -0,1 +1,15 @@

# 1.0-alpha.1 - Mon Jun 22, 2020
Brekaing:
- Change mongo-query-parser to 2.0. This changes how parsing works altogether and drop support for some advanced syntax but is safer [(#528)](https://github.com/mongo-express/mongo-express/pull/#528)
- Rewrite the connection module to use mongo as much as possible and update mongodb to 3.5 [(#528)](https://github.com/mongo-express/mongo-express/pull/#528)
New:
- Add csv extension in file export [(#578)](https://github.com/mongo-express/mongo-express/pull/#578)
- Don't drop the collection on Delete docs action when no query is provided. [(#502)](https://github.com/mongo-express/mongo-express/pull/#502)
- Fix broken delete document for UUID (BinData 3 & 4) [(#538)](https://github.com/mongo-express/mongo-express/pull/#538)
Deps:
- Bump lodash to 4.6.2 [(#525)](https://github.com/mongo-express/mongo-express/pull/#525)
# 0.54 - Tue Dec 24, 2019

@@ -2,0 +16,0 @@

14

lib/bson.js
'use strict';
const parser = require('mongodb-query-parser');
const ESJON = require('mongodb-extended-json');
const mongodb = require('mongodb');
const bson = require('bson');
const EJSON = bson.EJSON;
exports.toBSON = function (string) {

@@ -16,4 +17,3 @@ return parser(string);

try {
var bsonObject = exports.toBSON(string);
return bsonObject;
return exports.toBSON(string);
} catch (err) {

@@ -26,3 +26,3 @@ return null;

if (/^[0-9a-f]{24}$/i.test(string)) {
return mongodb.ObjectId(string);
return new bson.ObjectId(string);
}

@@ -32,3 +32,3 @@ return exports.toBSON(string);

//Convert BSON documents to string
// Convert BSON documents to string
exports.toString = function (doc) {

@@ -39,3 +39,3 @@ return parser.toJSString(doc, ' ');

exports.toJsonString = function (doc) {
return ESJON.stringify(doc);
return EJSON.stringify(EJSON.serialize(doc));
};

251

lib/db.js
'use strict';
const _ = require('lodash');
const Bluebird = require('bluebird');
const mongodb = require('mongodb');
let connect = function (config) {
const connect = async function (config) {
// connectionData gets passed back from this method
// some fields will not be populated until a connection is established
let connectionData = {
// adminDb: undefined,
// mainConn: undefined,
clients: [],
// mainClient: undefined,
collections: {},
connections: {},
databases: [],
};
// update the collections list
connectionData.updateCollections = function (db, dbName, callback) {
db.listCollections().toArray(function (err, result) {
let names = [];
for (let r in result) {
names.push(result[r].name);
}
connectionData.collections[dbName] = names.sort();
if (callback) {
callback(err);
}
});
connectionData.updateCollections = async function (dbConnection) {
if (!dbConnection.fullName) {
console.error('Received db instead of db connection');
return [];
}
const collections = await Bluebird.fromCallback(
cb => dbConnection.db.listCollections().toArray(cb)
);
const names = [];
for (let collection of collections) {
names.push(collection.name);
}
connectionData.collections[dbConnection.fullName] = names.sort();
return collections;
};
// update database list
connectionData.updateDatabases = function (admin, callback) {
connectionData.updateDatabases = async function () {
connectionData.connections = {};
connectionData.collections = {};
await Promise.all(
connectionData.clients.map(async (connectionInfo) => {
const addConnection = (db, dbName) => {
const fullName = connectionData.clients.length > 1 ?
`${connectionInfo.connectionName}_${dbName}` :
dbName;
const newConnection = {
info: connectionInfo,
dbName,
fullName,
db,
};
connectionData.connections[fullName] = newConnection;
return newConnection;
};
if (!admin) {
console.error('Admin database is not accessible');
}
admin.listDatabases(function (err, dbs) {
connectionData.databases = [];
if (err) {
//TODO: handle error
console.error('unable to list databases');
console.error(err);
connectionData.databases = _.map(config.mongodb.auth, 'database');
} else {
for (let i = 0; i < dbs.databases.length; i++) {
let dbName = dbs.databases[i].name;
if (dbName) {
if (config.mongodb.whitelist.length !== 0) {
if (!_.includes(config.mongodb.whitelist, dbName)) {
continue;
if (connectionInfo.adminDb) {
const allDbs = await Bluebird.fromCallback(
cb => connectionInfo.adminDb.listDatabases(cb)
);
for (let i = 0; i < allDbs.databases.length; ++i) {
const dbName = allDbs.databases[i].name;
if (dbName) {
if (connectionInfo.info.whitelist.length !== 0) {
if (!_.includes(connectionInfo.info.whitelist, dbName)) {
continue;
}
}
}
if (config.mongodb.blacklist.length !== 0) {
if (_.includes(config.mongodb.blacklist, dbName)) {
continue;
if (connectionInfo.info.blacklist.length !== 0) {
if (_.includes(connectionInfo.info.blacklist, dbName)) {
continue;
}
}
const connection = addConnection(connectionInfo.client.db(dbName), dbName);
await connectionData.updateCollections(connection);
}
connectionData.connections[dbName] = connectionData.mainConn.db(dbName);
connectionData.databases.push(dbName);
connectionData.updateCollections(connectionData.connections[dbName], dbName);
}
} else {
const dbConnection = connectionInfo.client.db();
const dbName = dbConnection.databaseName;
const connection = addConnection(dbConnection, dbName);
await connectionData.updateCollections(connection);
}
}
//Sort database names
connectionData.databases = connectionData.databases.sort();
if (callback) {
callback(connectionData.databases);
}
});
})
);
};
function setupAdminModeDatabases(db) {
let adminDb = db.admin();
connectionData.adminDb = adminDb;
connectionData.getDatabases = () => Object.keys(connectionData.connections).sort();
if (!config.mongodb.adminUsername || config.mongodb.adminUsername.length === 0) {
if (config.options.console) console.log('Admin Database connected');
connectionData.updateDatabases(adminDb);
} else {
//auth details were supplied, authenticate admin account with them
adminDb.authenticate(config.mongodb.adminUsername, config.mongodb.adminPassword, function (err) {
if (err) {
//TODO: handle error
console.error(err);
}
if (config.options.console) console.log('Admin Database connected');
connectionData.updateDatabases(adminDb);
});
}
}
function setupDefaultDatabase(db) {
var currentDbName = db.databaseName;
if (config.options.console) console.log('Connected to ' + currentDbName + '...');
connectionData.connections[currentDbName] = db;
connectionData.databases.push(currentDbName);
connectionData.updateCollections(db, currentDbName);
}
function setupAuthDatabases(db) {
config.mongodb.auth.forEach(function (auth) {
if (auth.database) {
if (config.options.console) console.log('Connecting to ' + auth.database + '...');
connectionData.connections[auth.database] = db.db(auth.database);
connectionData.databases.push(auth.database);
if (typeof auth.username !== 'undefined' && auth.username.length !== 0) {
connectionData.connections[auth.database].authenticate(auth.username, auth.password, function (err, success) {
if (err) {
//TODO: handle error
console.error(err);
}
if (!success) {
console.error('Could not authenticate to database "' + auth.database + '"');
}
connectionData.updateCollections(connectionData.connections[auth.database], auth.database);
if (config.options.console) console.log('Database ' + auth.database + ' connected');
});
} else {
connectionData.updateCollections(connectionData.connections[auth.database], auth.database);
if (config.options.console) console.log('Database ' + auth.database + ' connected');
}
}
});
}
// connect to mongodb database
function processOpenDatabase(err, db) {
if (err) {
// database connections
const connections = Array.isArray(config.mongodb) ? config.mongodb : [config.mongodb];
connectionData.clients = await Promise.all(connections.map(async (connectionInfo, index) => {
const { connectionString, connectionName, admin, connectionOptions } = connectionInfo;
try {
const client = await Bluebird.fromCallback(
cb => mongodb.MongoClient.connect(connectionString, connectionOptions, cb)
);
const adminDb = admin ? client.db().admin() : null;
return {
connectionName: connectionName || `connection${index}`,
client,
adminDb,
info: connectionInfo,
};
} catch (err) {
console.error(`Could not connect to database at index "${index}"`);
throw err;
}
if (config.options.console) console.log('Database connected');
connectionData.mainConn = db;
//Check if admin features are on
if (config.mongodb.admin === true) {
setupAdminModeDatabases(db);
} else {
//Regular user authentication
if (typeof config.mongodb.auth === 'undefined' || config.mongodb.auth.length === 0 || !config.mongodb.auth[0].database) {
// no auth list specified so use the database from the connection string
setupDefaultDatabase(db);
} else {
setupAuthDatabases(db);
}
}
}));
if (!connectionData.mainClient) {
connectionData.mainClient = connectionData.clients[0];
}
// database connection
if (config.mongodb.connectionString) {
mongodb.MongoClient.connect(config.mongodb.connectionString, processOpenDatabase);
} else {
await connectionData.updateDatabases();
// connection options
let dbOptions = {
auto_reconnect: config.mongodb.autoReconnect,
poolSize: config.mongodb.poolSize,
ssl: config.mongodb.ssl,
sslValidate: config.mongodb.sslValidate,
sslCA: config.mongodb.sslCA,
};
// set up database using legacy configuration
let host = config.mongodb.server || 'localhost';
let port = config.mongodb.port || 27017;
if (config.mongodb.useSSL) {
console.error('Please update config file to use mongodb.ssl instead of mongodb.useSSL. Copying value for now.');
config.mongodb.ssl = config.mongodb.useSSL;
}
let db;
if (Array.isArray(host)) {
host = host.map(function (host) {
return new mongodb.Server(host, Number(port), dbOptions);
});
db = new mongodb.Db('local', new mongodb.ReplSet(host), { safe: true, w: 0 });
db.open(processOpenDatabase);
} else {
db = new mongodb.Db('local', new mongodb.Server(host, port, dbOptions), { safe: true });
db.open(processOpenDatabase);
}
}
return connectionData;

@@ -202,0 +115,0 @@ };

4

lib/middleware.js

@@ -11,3 +11,3 @@ 'use strict';

const middleware = function (config) {
const middleware = async function (config) {
const app = express();

@@ -37,3 +37,3 @@

app.use('/', router(config));
app.use('/', await router(config));

@@ -40,0 +40,0 @@ app.set('read_only', config.options.readOnly || false);

42

lib/router.js
'use strict';
const _ = require('lodash');
const Bluebird = require('bluebird');
const basicAuth = require('basic-auth-connect');
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const db = require('./db');
const errorHandler = require('errorhandler');

@@ -14,2 +14,4 @@ const express = require('express');

const mongodb = require('mongodb');
const db = require('./db');
const routes = require('./routes');

@@ -19,6 +21,6 @@ const session = require('express-session');

const router = function (config) {
const router = async function (config) {
// appRouter configuration
const appRouter = express.Router();
const mongo = db(config);
const mongo = await db(config);

@@ -78,3 +80,3 @@ if (config.useBasicAuth) {

res.locals.baseHref = buildBaseHref(req.originalUrl, req.url);
res.locals.databases = mongo.databases;
res.locals.databases = mongo.getDatabases();
res.locals.collections = mongo.collections;

@@ -94,9 +96,5 @@ res.locals.gridFSBuckets = utils.colsToGrid(mongo.collections);

//user in admin databases normally have the read and write access to all databases
if (config.mongodb.admin !== true && mongo.databases[0] !== 'admin') return next();
mongo.updateDatabases(mongo.adminDb, function (databases) {
mongo.databases = databases;
res.locals.databases = mongo.databases;
return next();
Bluebird.resolve(mongo.updateDatabases()).asCallback((err) => {
res.locals.databases = mongo.getDatabases();
next(err);
});

@@ -107,4 +105,4 @@ });

appRouter.param('database', function (req, res, next, id) {
//Make sure database exists
if (!_.includes(mongo.databases, id)) {
// Make sure database exists
if (!mongo.connections[id]) {
req.session.error = 'Database not found!';

@@ -118,9 +116,4 @@ return res.redirect(res.locals.baseHref);

if (mongo.connections[id] !== undefined) {
req.db = mongo.connections[id];
} else {
mongo.connections[id] = mongo.mainConn.db(id);
req.db = mongo.connections[id];
}
req.dbConnection = mongo.connections[id];
req.db = mongo.connections[id].db;
next();

@@ -145,3 +138,3 @@ });

mongo.connections[req.dbName].collection(id, function (err, coll) {
mongo.connections[req.dbName].db.collection(id, function (err, coll) {
if (err || coll === null) {

@@ -266,10 +259,11 @@ req.session.error = 'Collection not found!';

const mongoMiddleware = function (req, res, next) {
req.mainConn = mongo.mainConn;
req.mainClient = mongo.mainClient;
req.adminDb = mongo.adminDb;
req.databases = mongo.databases; //List of database names
req.databases = mongo.getDatabases(); //List of database names
req.collections = mongo.collections; //List of collection names in all databases
req.gridFSBuckets = utils.colsToGrid(mongo.collections);
//Allow page handlers to request an update for collection list
// Allow page handlers to request an update for collection list
req.updateCollections = mongo.updateCollections;
req.updateDatabases = mongo.updateDatabases;

@@ -276,0 +270,0 @@ next();

22

lib/routes/collection.js
'use strict';
var _ = require('lodash');
var bson = require('../bson');
var os = require('os');
var utils = require('../utils');
var csv = require('../csv');
const _ = require('lodash');
const Bluebird = require('bluebird');
const bson = require('../bson');
const os = require('os');
const utils = require('../utils');
const csv = require('../csv');

@@ -369,3 +370,4 @@ const buildCollectionURL = utils.buildCollectionURL;

'Content-Disposition',
'attachment; filename="' + encodeURI(req.collectionName) + '"; filename*=UTF-8\'\'' + encodeURI(req.collectionName)
'attachment; filename="' + encodeURI(req.collectionName) + '.csv"; filename*=UTF-8\'\'' + encodeURI(req.collectionName)
+ '.csv'
);

@@ -436,3 +438,3 @@ res.setHeader('Content-Type', 'text/csv');

req.updateCollections(req.db, req.dbName, function () {
Bluebird.resolve(req.updateCollections(req.dbConnection)).asCallback(function () {
req.session.success = 'Collection created!';

@@ -470,3 +472,3 @@ res.redirect(buildCollectionURL(res.locals.baseHref, req.dbName, name));

}
req.updateCollections(req.db, req.dbName, function (err) {
Bluebird.resolve(req.updateCollections(req.dbConnection)).asCallback(function (err) {
if (err) {

@@ -500,3 +502,3 @@ req.session.error = 'Something went wrong: ' + err;

req.updateCollections(req.db, req.dbName, function (err) {
Bluebird.resolve(req.updateCollections(req.dbConnection)).asCallback(function (err) {
if (err) {

@@ -514,3 +516,3 @@ req.session.error = 'Something went wrong: ' + err;

exp.updateCollections = function (req, res) {
req.updateCollections(req.db, req.dbName, function (err) {
Bluebird.resolve(req.updateCollections(req.dbConnection)).asCallback(function (err) {
if (err) {

@@ -517,0 +519,0 @@ req.session.error = 'Something went wrong: ' + err;

13

lib/routes/database.js
'use strict';
var utils = require('../utils');
const Bluebird = require('bluebird');
const utils = require('../utils');

@@ -10,3 +11,3 @@ var routes = function () {

req.updateCollections(req.db, req.dbName, function (error) {
Bluebird.resolve(req.updateCollections(req.dbConnection)).asCallback(function (error) {
if (error) {

@@ -60,5 +61,4 @@ req.session.error = 'Could not refresh collections. ' + JSON.stringify(error);

}
var ndb = req.mainClient.client.db(name);
var ndb = req.mainConn.db(name);
ndb.createCollection('delete_me', function (err) {

@@ -72,3 +72,3 @@ if (err) {

res.redirect(res.locals.baseHref);
req.updateDatabases().then(() => res.redirect(res.locals.baseHref));

@@ -96,4 +96,3 @@ // ndb.dropCollection('delete_me', function(err) {

}
res.redirect(res.locals.baseHref);
req.updateDatabases().then(() => res.redirect(res.locals.baseHref));
});

@@ -100,0 +99,0 @@ };

2

lib/routes/document.js

@@ -117,3 +117,3 @@ 'use strict';

req.session.success = 'Document deleted! _id: ' + req.document._id;
req.session.success = 'Document deleted! _id: ' + filters.stringDocIDs(req.document._id);
res.redirect(

@@ -120,0 +120,0 @@ buildCollectionURL(res.locals.baseHref, req.dbName, req.collectionName) +

14

package.json
{
"version": "0.54.0",
"version": "1.0.0-alpha.1",
"author": "https://github.com/mongo-express",

@@ -30,3 +30,5 @@ "name": "mongo-express",

"basic-auth-connect": "^1.0.0",
"bluebird": "^3.7.2",
"body-parser": "^1.18.3",
"bson": "^4.0.3",
"busboy": "^0.2.13",

@@ -47,5 +49,4 @@ "cli-color": "^1.1.0",

"method-override": "^2.3.10",
"mongodb": "2.2.24",
"mongodb-extended-json": "^1.10",
"mongodb-query-parser": "1.4.3",
"mongodb": "^3.5.5",
"mongodb-query-parser": "^2.0.2",
"morgan": "^1.9.0",

@@ -81,7 +82,6 @@ "patch-package": "^6.2.0",

"resolutions": {
"**/event-stream": "^4.0.1",
"bson": "1.1.3"
"**/event-stream": "^4.0.1"
},
"engines": {
"node": ">=6.0.0",
"node": ">=10.0.0",
"npm": ">=3.0.0"

@@ -88,0 +88,0 @@ },

132

test/lib/bsonSpec.js

@@ -5,4 +5,5 @@ 'use strict';

const mongodb = require('mongodb');
const bson = require('bson');
const bson = require('../../lib/bson');
const libBson = require('../../lib/bson');

@@ -13,3 +14,3 @@ describe('BSON', function () {

const test = '{test: true, "s": "hello", i: -99.44}';
const result = bson.toBSON(test);
const result = libBson.toBSON(test);
expect(result).to.eql({

@@ -24,5 +25,5 @@ test: true,

const test = '{_id: ObjectID(), id2: ObjectId()}';
const result = bson.toBSON(test);
expect(result).to.have.property('_id').to.be.an.instanceof(mongodb.ObjectId);
expect(result).to.have.property('id2').to.be.an.instanceof(mongodb.ObjectId);
const result = libBson.toBSON(test);
expect(result).to.have.property('_id').to.be.an.instanceof(bson.ObjectId);
expect(result).to.have.property('id2').to.be.an.instanceof(bson.ObjectId);
});

@@ -32,3 +33,3 @@

const test = '{date: ISODate(), date2: new Date()}';
const result = bson.toBSON(test);
const result = libBson.toBSON(test);

@@ -41,5 +42,5 @@ expect(result).to.have.property('date').to.be.an.instanceof(Date);

const test = '{ts: Timestamp()}';
const result = bson.toBSON(test);
const result = libBson.toBSON(test);
expect(result).to.have.property('ts').to.be.an.instanceof(mongodb.Timestamp);
expect(result).to.have.property('ts').to.be.an.instanceof(bson.Timestamp);
});

@@ -53,11 +54,11 @@

}`;
const result = bson.toBSON(test);
expect(result).to.have.property('ref').to.be.an.instanceof(mongodb.DBRef);
const result = libBson.toBSON(test);
expect(result).to.have.property('ref').to.be.an.instanceof(bson.DBRef);
expect(result).to.have.property('ref').to.have.property('namespace', 'coll');
expect(result).to.have.property('ref').to.have.property('oid').eql('579e18580bddc20700502419');
expect(result).to.have.property('ref2').to.be.an.instanceof(mongodb.DBRef);
expect(result).to.have.property('ref2').to.be.an.instanceof(bson.DBRef);
expect(result).to.have.property('ref2').to.have.property('db', 'db');
expect(result).to.have.property('ref3').to.be.an.instanceof(mongodb.DBRef);
expect(result).to.have.property('ref3').to.be.an.instanceof(bson.DBRef);
expect(result).to.have.property('ref3').to.have.property('db', '');

@@ -68,5 +69,5 @@ });

const test = '{symbol: Symbol("test")}';
const result = bson.toBSON(test);
const result = libBson.toBSON(test);
expect(result).to.have.property('symbol').to.be.an.instanceof(mongodb.Symbol);
expect(result).to.have.property('symbol').to.be.an.instanceof(bson.BSONSymbol);
});

@@ -76,5 +77,5 @@

const test = '{key: MinKey()}';
const result = bson.toBSON(test);
const result = libBson.toBSON(test);
expect(result).to.have.property('key').to.be.an.instanceof(mongodb.MinKey);
expect(result).to.have.property('key').to.be.an.instanceof(bson.MinKey);
});

@@ -84,19 +85,14 @@

const test = '{key: MaxKey()}';
const result = bson.toBSON(test);
const result = libBson.toBSON(test);
expect(result).to.have.property('key').to.be.an.instanceof(mongodb.MaxKey);
expect(result).to.have.property('key').to.be.an.instanceof(bson.MaxKey);
});
it('should convert Code to BSON', function () {
const test = '{code: Code(function() { x; }), code2: Code("function() { x; }")}';
const result = bson.toBSON(test);
// it('should convert Code to BSON', function () {
// const test = '{code: Code(function() { x; }), code2: Code("function() { x; }")}';
// const result = libBson.toBSON(test);
expect(result).to.have.property('code').to.be.an.instanceof(mongodb.Code);
expect(result).to.have.property('code2').to.be.an.instanceof(mongodb.Code);
});
it('should not be executable', function () {
const test = 'this.constructor.constructor("return console")().log(this.constructor.constructor("return process")().mainModule.require(\'child_process\').execSync(\'id\').toString())'; // eslint-disable-line max-len
expect(() => bson.toBSON(test)).throws(/Cannot read property 'constructor' of undefined/);
});
// expect(result).to.have.property('code').to.be.an.instanceof(mongodb.Code);
// expect(result).to.have.property('code2').to.be.an.instanceof(mongodb.Code);
// });
});

@@ -112,6 +108,6 @@

};
const result = bson.toString(test);
const test2 = bson.toBSON(result);
const result = libBson.toString(test);
const test2 = libBson.toBSON(result);
expect(test).to.eql(test2);
expect(test2).to.eql(test);
});

@@ -121,9 +117,8 @@

const test = {
id: mongodb.ObjectId(),
id2: mongodb.ObjectId('4fb1299686a989240b000001'),
id: new bson.ObjectId(),
id2: new bson.ObjectId('4fb1299686a989240b000001'),
};
const result = bson.toString(test);
const test2 = bson.toBSON(result);
expect(test).to.eql(test2);
const result = libBson.toString(test);
const test2 = libBson.toBSON(result);
expect(test2).to.eql(test);
});

@@ -135,6 +130,6 @@

};
const result = bson.toString(test);
const test2 = bson.toBSON(result);
const result = libBson.toString(test);
const test2 = libBson.toBSON(result);
expect(test).to.eql(test2);
expect(test2).to.eql(test);
});

@@ -144,7 +139,8 @@

const test = {
ts: mongodb.Timestamp(),
ts2: mongodb.Timestamp(100, 100),
ts: new bson.Timestamp(),
ts2: new bson.Timestamp(100, 100),
};
const result = bson.toString(test);
const test2 = bson.toBSON(result);
const result = libBson.toString(test);
const test2 = libBson.toBSON(result);
expect(test2).to.eql(test);

@@ -155,6 +151,6 @@ });

const test = {
ref: mongodb.DBRef('coll', mongodb.ObjectId('57b80f922128ccef64333288'), ''),
ref2: mongodb.DBRef('coll', mongodb.ObjectId('57b80f922128ccef64333288'), 'db'),
ref: new bson.DBRef('coll', new bson.ObjectId('57b80f922128ccef64333288'), ''),
ref2: new bson.DBRef('coll', new bson.ObjectId('57b80f922128ccef64333288'), 'db'),
};
const result = bson.toString(test);
const result = libBson.toString(test);
const expected = `{\n ref: DBRef('coll', '57b80f922128ccef64333288', ''),\n ref2: DBRef('coll', '57b80f922128ccef64333288', 'db')\n}`;

@@ -165,26 +161,26 @@ expect(result).to.eql(expected);

it('should convert Symbol to string', function () {
const test = { symbol: mongodb.Symbol('test') };
const result = bson.toString(test);
expect(result).to.eql(`{\n symbol: {\n _bsontype: 'Symbol',\n value: 'test'\n }\n}`);
const test = { symbol: new bson.BSONSymbol('test') };
const result = libBson.toString(test);
expect(result).to.eql(`{\n symbol: {\n value: 'test'\n }\n}`);
});
it('should convert MinKey to string', function () {
const test = { key: mongodb.MinKey() };
const result = bson.toString(test);
const test2 = bson.toBSON(result);
const test = { key: new bson.MinKey() };
const result = libBson.toString(test);
const test2 = libBson.toBSON(result);
expect(test).to.eql(test2);
expect(test2).to.eql(test);
});
it('should convert MaxKey to string', function () {
const test = { key: mongodb.MaxKey() };
const result = bson.toString(test);
const test2 = bson.toBSON(result);
const test = { key: new bson.MaxKey() };
const result = libBson.toString(test);
expect(test).to.eql(test2);
const test2 = libBson.toBSON(result);
expect(test2.key._bsontype).to.eql('MaxKey');
});
it('should convert Code to string', function () {
const test = { code: mongodb.Code('function() { x; }') };
const result = bson.toString(test);
const test = { code: new bson.Code('function() { x; }') };
const result = libBson.toString(test);
expect(result).to.eql(`{\n code: Code('function() { x; }')\n}`);

@@ -202,4 +198,4 @@ });

};
const result = bson.toJsonString(doc);
const expected = '{"dateObject":{"$date":"2017-02-11T00:00:00.000Z"},"objectID":{"$oid":"589f79826ea20d18e06b1c36"},"someValue":"someValue","nestedObject":{"level1":{"level2":2}}}'; // eslint-disable-line max-len
const result = libBson.toJsonString(doc);
const expected = '{"dateObject":{"$date":"2017-02-11T00:00:00Z"},"objectID":{"$oid":"589f79826ea20d18e06b1c36"},"someValue":"someValue","nestedObject":{"level1":{"level2":2}}}'; // eslint-disable-line max-len
expect(result).to.equal(expected);

@@ -214,3 +210,3 @@ const parsed = JSON.parse(result);

};
const result = bson.toJsonString(doc);
const result = libBson.toJsonString(doc);
const expected = '{"someString":"))))"}';

@@ -226,4 +222,4 @@ expect(result).to.equal(expected);

const test = '4fb1299686a989240b000001';
const result = bson.parseObjectId(test);
expect(result).to.be.an.instanceof(mongodb.ObjectId);
const result = libBson.parseObjectId(test);
expect(result).to.be.an.instanceof(bson.ObjectId);
expect(result.toHexString()).to.equal(test);

@@ -234,4 +230,4 @@ });

const test = `ObjectId("${objectIdStr}")`;
const result = bson.parseObjectId(test);
expect(result).to.be.an.instanceof(mongodb.ObjectId);
const result = libBson.parseObjectId(test);
expect(result).to.be.an.instanceof(bson.ObjectId);
expect(result.toHexString()).to.equal(objectIdStr);

@@ -238,0 +234,0 @@ });

8

test/lib/routers/collectionSpec.js

@@ -16,7 +16,7 @@ 'use strict';

let close;
let db;
let client;
before(() =>
mongoUtils.initializeDb()
.then((newDb) => {
db = newDb;
.then((newClient) => {
client = newClient;
return httpUtils.createServer();

@@ -52,3 +52,3 @@ }).then((server) => {

after(() => Promise.all([
mongoUtils.cleanAndCloseDb(db),
mongoUtils.cleanAndCloseDb(client),
close(),

@@ -55,0 +55,0 @@ ]));

9

test/testDefaultConfig.js

@@ -7,12 +7,5 @@ 'use strict';

mongodb: {
server: mongoConfig.host,
port: mongoConfig.port,
connectionString: mongoConfig.makeConnectionUrl(),
autoReconnect: true,
poolSize: 4,
admin: true,
auth: [],
adminUsername: '',
adminPassword: '',
whitelist: [mongoConfig.dbName],

@@ -19,0 +12,0 @@ blacklist: [],

10

test/testHttpUtils.js

@@ -9,12 +9,14 @@ 'use strict';

exports.createServer = () => {
const app = middleware(defaultConf());
exports.createServer = async () => {
const app = await middleware(defaultConf());
const httpServer = app.listen();
const request = supertest.agent(httpServer);
// There is currently a race condition with collection registering to mongoDb.
// @TODO fix the race condition and remove me
return testUtils.timeoutPromise(50)
.then(() => ({ request, close: () => testUtils.asPromise(cb => httpServer.close(cb)) }));
await testUtils.timeoutPromise(50);
return ({ request, close: () => testUtils.asPromise(cb => httpServer.close(cb)) });
};
exports.getDocumentUrl = (db, collection, documentId) => `/db/${db}/${collection}/${JSON.stringify(documentId)}`;

20

test/testMongoUtils.js

@@ -26,4 +26,4 @@ 'use strict';

exports.createTestCollection = db =>
asPromise(cb => db.collection(exports.testCollectionName).insertMany(exports.testData, cb))
exports.createTestCollection = client =>
asPromise(cb => client.db().collection(exports.testCollectionName).insertMany(exports.testData, cb))
.then((results) => {

@@ -34,14 +34,14 @@ currentTestData = results.ops;

exports.dropTestCollection = db =>
asPromise(cb => db.collection(exports.testCollectionName).drop(cb));
exports.dropTestCollection = client =>
asPromise(cb => client.db().collection(exports.testCollectionName).drop(cb));
exports.closeDb = db =>
asPromise(cb => db.close(cb));
exports.closeDb = client =>
asPromise(cb => client.close(cb));
exports.initializeDb = () =>
exports.createConnection().then(db =>
exports.createTestCollection(db).then(() => db)
exports.createConnection().then(client =>
exports.createTestCollection(client).then(() => client)
);
exports.cleanAndCloseDb = db =>
exports.dropTestCollection(db).then(() => exports.closeDb(db));
exports.cleanAndCloseDb = client =>
exports.dropTestCollection(client).then(() => exports.closeDb(client));

11

test/testUtils.js
'use strict';
const Bluebird = require('bluebird');
exports.asPromise = function (fct) {
return new Promise((resolve, reject) =>
fct((err, result) => {
if (err) reject(err);
else resolve(result);
})
);
return Bluebird.fromCallback(fct);
};
exports.timeoutPromise = function (delay) {
return new Promise(resolve => setTimeout(resolve, delay));
return Bluebird.delay(delay);
};
patches/mongodb-query-parser+1.4.3.patch
Dockerfile

Sorry, the diff of this file is not supported yet

lib/views/collection.html

Sorry, the diff of this file is not supported yet

lib/views/document.html

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc