Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
mongoose-query-parser
Advanced tools
Convert url query string to MongooseJs friendly query object including advanced filtering, sorting, population, string template, type casting and many more...
Convert url query string to MongooseJs friendly query object including advanced filtering, sorting, population, string template, type casting and many more...
The library is built highly inspired by api-query-params
$in
, $regexp
, $exists
) and features including skip, sort, limit & MongooseJS populationNumber
, RegExp
, Date
, Boolean
and null
firstName=${my_vip_list}
)npm install mongoose-query-parser --save
import { MongooseQueryParser } from 'mongoose-query-parser';
const parser = new MongooseQueryParser(options?: ParserOptions)
parser.parse(query: string, predefined: any) : QueryOptions
ParserOptions
: object for advanced options (See below) [optional]query
: query string part of the requested API URL (ie, firstName=John&limit=10
). Works with already parsed object too (ie, {status: 'success'}
) [required]predefined
: object for predefined queries/string templates [optional]QueryOptions
: object contains the following properties:
filter
which contains the query criteriapopulate
which contains the query population. Please see Mongoose Populate for more detailsselect
which contains the query projectionsort
, skip
, limit
which contains the cursor modifiers for paging purposeimport { MongooseQueryParser } from 'mongoose-query-parser';
const parser = new MongooseQueryParser();
const predefined = {
vip: { name: { $in: ['Google', 'Microsoft', 'NodeJs'] } },
sentStatus: 'sent'
};
const parsed = parser.parse('${vip}&status=${sentStatus}×tamp>2017-10-01&author.firstName=/john/i&limit=100&skip=50&sort=-timestamp&select=name&populate=children.firstName,children.lastName', predefined);
{
select: { name : 1 },
populate: [{ path: 'children', select: 'firstName lastName' }],
sort: { timestamp: -1 },
skip: 50,
limit: 100,
filter: {
name: {{ $in: ['Google', 'Microsoft', 'NodeJs'] }},
status: 'sent',
timestamp: { '$gt': 2017-09-30T14:00:00.000Z },
'author.firstName': /john/i
}
}
MongoDB | URI | Example | Result |
---|---|---|---|
$eq | key=val | type=public | {filter: {type: 'public'}} |
$gt | key>val | count>5 | {filter: {count: {$gt: 5}}} |
$gte | key>=val | rating>=9.5 | {filter: {rating: {$gte: 9.5}}} |
$lt | key<val | createdAt<2017-10-01 | {filter: {createdAt: {$lt: 2017-09-30T14:00:00.000Z}}} |
$lte | key<=val | score<=-5 | {filter: {score: {$lte: -5}}} |
$ne | key!=val | status!=success | {filter: {status: {$ne: 'success'}}} |
$in | key=val1,val2 | country=GB,US | {filter: {country: {$in: ['GB', 'US']}}} |
$nin | key!=val1,val2 | lang!=fr,en | {filter: {lang: {$nin: ['fr', 'en']}}} |
$exists | key | phone | {filter: {phone: {$exists: true}}} |
$exists | !key | !email | {filter: {email: {$exists: false}}} |
$regex | key=/value/<opts> | email=/@gmail\.com$/i | {filter: {email: /@gmail.com$/i}} |
$regex | key!=/value/<opts> | phone!=/^06/ | {filter: {phone: { $not: /^06/}}} |
For more advanced usage ($or
, $type
, $elemMatch
, etc.), pass any MongoDB query filter object as JSON string in the filter
query parameter, ie:
parser.parse('filter={"$or":[{"key1":"value1"},{"key2":"value2"}]}&name=Telstra');
// {
// filter: {
// $or: [
// { key1: 'value1' },
// { key2: 'value2' }
// ],
// name: 'Telstra'
// },
// }
MongooseJS
. Please see Mongoose Populate for more detailspopulate
parser.parse('populate=class,school.name');
// {
// populate: [{
// path: 'class'
// }, {
// path: 'school',
// select: 'name'
// }]
// }
skip
and limit
parser.parse('skip=5&limit=10');
// {
// skip: 5,
// limit: 10
// }
select
-
prefixes to return all fields except some specific fieldsparser.parse('select=id,url');
// {
// select: { id: 1, url: 1}
// }
parser.parse('select=-_id,-email');
// {
// select: { _id: 0, email: 0 }
// }
sort
-
prefixes to sort in descending orderparser.parse('sort=-points,createdAt');
// {
// sort: { points: -1, createdAt: 1 }
// }
Any operators which process a list of fields ($in
, $nin
, sort and projection) can accept a comma-separated string or multiple pairs of key/value:
country=GB,US
is equivalent to country=GB&country=US
sort=-createdAt,lastName
is equivalent to sort=-createdAt&sort=lastName
.
notationAny operators can be applied on deep properties using .
notation:
parser.parse('followers[0].id=123&sort=-metadata.created_at');
// {
// filter: {
// 'followers[0].id': 123,
// },
// sort: { 'metadata.created_at': -1 }
// }
The following types are automatically casted: Number
, RegExp
, Date
, Boolean
and null
string is also casted:
parser.parse('date=2017-10-01&boolean=true&integer=10®exp=/foobar/i&null=null');
// {
// filter: {
// date: 2017-09-30T14:00:00.000Z,
// boolean: true,
// integer: 10,
// regexp: /foobar/i,
// null: null
// }
// }
If you need to disable or force type casting, you can wrap the values with string()
, date()
built-in casters or by specifying your own custom functions (See below):
parser.parse('key1=string(10)&key2=date(2017-10-01)&key3=string(null)');
// {
// filter: {
// key1: '10',
// key2: 2017-09-30T14:00:00.000Z,
// key3: 'null'
// }
// }
Best to reducing the complexity/length of the query string with the ES template literal delimiter as an "interpolate" delimiter (i.e. ${something}
)
const parser = new MongooseQueryParser();
const preDefined = {
isActive: { status: { $in: ['In Progress', 'Pending'] } },
secret: 'my_secret'
};
parser.parse('${isActive}&secret=${secret}', preDefined);
// {
// filter: {
// status: { $in: ['In Progress', 'Pending'] },
// secret: 'my_secret'
// }
// }
opts
)The following options are useful to change the operator default keys:
populateKey
: custom populate operator key (default is populate
)skipKey
: custom skip operator key (default is skip
)limitKey
: custom limit operator key (default is limit
)selectKey
: custom select operator key (default is select
)sortKey
: custom sort operator key (default is sort
)filterKey
: custom filter operator key (default is filter
)const parser = new MongooseQueryParser({
limitKey: 'max',
skipKey: 'offset'
});
parser.parse('organizationId=123&offset=10&max=125');
// {
// filter: {
// organizationId: 123,
// },
// skip: 10,
// limit: 125
// }
dateFormat
: set date format for auto date casting. Default is ISO_8601 format if no custom datetime format providedconst parser = new MongooseQueryParser({dateFormat: ['yyyyMMdd', 'yyyy-MM-dd']});
parser.parse('date1=20171001&date2=2017-10-01');
// {
// filter: {
// date1: 2017-09-30T14:00:00.000Z
// date2: 2017-09-30T14:00:00.000Z
// }
// }
The following options are useful to specify which keys to use in the filter
object. (ie, avoid that authentication parameter like apiKey
ends up in a mongoDB query). All operator keys are (sort
, limit
, etc.) already ignored.
blacklist
: filter on all keys except the ones specifiedconst parser = new MongooseQueryParser({ blacklist: ['apiKey'] });
parser.parse('id=e9117e5c-c405-489b-9c12-d9f398c7a112&apiKey=foobar');
// {
// filter: {
// id: 'e9117e5c-c405-489b-9c12-d9f398c7a112',
// }
// }
You can specify you own casting functions to apply to query parameter values, either by explicitly wrapping the value in URL with your custom function name (See example below) or by implicitly mapping a key to a function
casters
: object to specify custom casters, key is the caster name, and value is a function which is passed the query parameter value as parameter.const parser = new MongooseQueryParser({
casters: {
lowercase: val => val.toLowerCase(),
int: val => parseInt(val, 10),
},
castParams: {
key3: 'lowercase'
}});
parser.parse('key1=lowercase(VALUE)&key2=int(10.5)&key3=ABC');
// {
// filter: {
// key1: 'value',
// key2: 10,
// key3: 'abc'
// }
// }
MIT
FAQs
Convert url query string to MongooseJs friendly query object including advanced filtering, sorting, population, string template, type casting and many more...
The npm package mongoose-query-parser receives a total of 1,165 weekly downloads. As such, mongoose-query-parser popularity was classified as popular.
We found that mongoose-query-parser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.