mongoose-field-encryption
Advanced tools
mongoose-field-encryption - npm Package Compare versions
Comparing version 1.1.0 to 1.2.0
@@ -127,20 +127,25 @@ "use strict"; | ||
| schema.pre("update", function(_next) { | ||
| function updateHook(_next) { | ||
| const next = getCompatitibleNextFunc(_next); | ||
| for (let field of fieldsToEncrypt) { | ||
| let encryptedFieldName = encryptedFieldNamePrefix + field; | ||
| let encryptedFieldValue = this._update.$set[encryptedFieldName]; | ||
| let plainTextValue = this._update.$set[field]; | ||
| const encryptedFieldName = encryptedFieldNamePrefix + field; | ||
| this._update.$set = this._update.$set || {}; | ||
| const plainTextValue = this._update.$set[field] || this._update[field]; | ||
| const encryptedFieldValue = this._update.$set[encryptedFieldName] || this._update[encryptedFieldName]; | ||
| if (encryptedFieldValue === false && plainTextValue) { | ||
| if (!encryptedFieldValue && plainTextValue) { | ||
| let updateObj = {}; | ||
| if (typeof plainTextValue === "string" || plainTextValue instanceof String) { | ||
| let updateObj = { $set: {} }; | ||
| updateObj.$set[field] = encrypt(plainTextValue, secret); | ||
| updateObj.$set[encryptedFieldName] = true; | ||
| this.update({}, updateObj); | ||
| const encryptedData = encrypt(plainTextValue, secret); | ||
| updateObj[field] = encryptedData; | ||
| updateObj[encryptedFieldName] = true; | ||
| } else { | ||
| return next( | ||
| new Error("Cannot apply mongoose-field-encryption plugin on update to encrypt non string fields") | ||
| ); | ||
| const encryptedFieldData = encryptedFieldName + encryptedFieldDataSuffix; | ||
| updateObj[field] = undefined; | ||
| updateObj[encryptedFieldData] = encrypt(JSON.stringify(plainTextValue), secret); | ||
| updateObj[encryptedFieldName] = true; | ||
| } | ||
| this.update({}, Object.keys(this._update.$set) > 0 ? { $set: updateObj } : updateObj); | ||
| } | ||
@@ -150,4 +155,8 @@ } | ||
| next(); | ||
| }); | ||
| } | ||
| schema.pre("findOneAndUpdate", updateHook); | ||
| schema.pre("update", updateHook); | ||
| schema.methods.stripEncryptionFieldMarkers = function() { | ||
@@ -154,0 +163,0 @@ for (let field of fieldsToEncrypt) { |
| { | ||
| "name": "mongoose-field-encryption", | ||
| "version": "1.1.0", | ||
| "version": "1.2.0", | ||
| "description": "A simple symmetric encryption plugin for individual fields.", | ||
@@ -11,2 +11,3 @@ "main": "lib/mongoose-field-encryption.js", | ||
| "test": "mocha", | ||
| "test:auth": "URI='mongodb://mfe:mfe@127.0.0.1:27017/mongoose-field-encryption-test' npm test", | ||
| "coverage": "URI='mongodb://mfe:mfe@127.0.0.1:27017/mongoose-field-encryption-test' istanbul cover ./node_modules/mocha/bin/_mocha", | ||
@@ -45,3 +46,3 @@ "coverage-report": "URI='mongodb://mfe:mfe@127.0.0.1:27017/mongoose-field-encryption-test' istanbul cover ./node_modules/mocha/bin/_mocha --report lcovonly -- -R spec && cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js && rm -rf ./coverage" | ||
| "devDependencies": { | ||
| "bluebird": "3.5.1", | ||
| "bluebird": "3.5.2", | ||
| "chai": "4.1.2", | ||
@@ -52,4 +53,4 @@ "coveralls": "3.0.2", | ||
| "mocha-lcov-reporter": "1.3.0", | ||
| "mongoose": "5.2.9" | ||
| "mongoose": "5.2.13" | ||
| } | ||
| } |
@@ -70,2 +70,13 @@ # mongoose-field-encryption | ||
| Note that as of `1.2.0` release, support for `findOneAndUpdate` has also been added. Note that you would need to specifically set the encryption field marker for it to be encrypted. For example: | ||
| ```js | ||
| Post.findOneAndUpdate( | ||
| { _id: postId }, | ||
| { $set: { message: "snoop", __enc_message: false } } | ||
| ); | ||
| ``` | ||
| The above also works for non-string fields. See changelog for more details. | ||
| Also note that if you manually set the value `__enc_` prefix field to true then the encryption is not run on the corresponding field and this may result in the plain value being stored in the db. | ||
@@ -111,6 +122,10 @@ | ||
| ### 1.2.0 | ||
| - Added support for `findOneAndUpdate` [https://github.com/wheresvic/mongoose-field-encryption/pull/20](https://github.com/wheresvic/mongoose-field-encryption/pull/20) | ||
| ### 1.1.0 | ||
| - Added support for mongoose 5 [https://github.com/victorparmar/mongoose-field-encryption/pull/16](https://github.com/victorparmar/mongoose-field-encryption/pull/16). | ||
| - Added support for mongoose 5 [https://github.com/wheresvic/mongoose-field-encryption/pull/16](https://github.com/wheresvic/mongoose-field-encryption/pull/16). | ||
| - Removed mongoose dependency, moved to `peerDependencies`. | ||
| - Formatted source code using prettier. |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by7.83%
14840
- Number of package files
- increased by25%
5
- Lines of code
- increased by3.45%
150
- Number of lines in readme file
- increased by13.04%
130