mongoosemask

##MongooseMask

Express Middleware to filter out Mongoose model attributes. You pass an array of fields you do not want returned as part of json or jsonp requests.

###Install To install the latest official version, use NPM:

npm install mongoosemask --save

To run the tests and see what is supported run either of the following commands

npm test
grunt

###Usage

app.use(mongoosemask(['_id', '_privatefield']));

The '_id' and the '_privatefield' will then be removed from your json objects before sending to the client.

maksedObj = {
    //ALL fields except _id and _private
};

You can also call the mask explicitly

var maskedModel = mongomask.mask(model, ['_id']);

Additionally there is also a expose method which you can use to expose items instead of excluding them.

Mask all values on a given object except for those that are explicitly exposed through the values array. The value can be a String which will directly be a one-to-one mapping for example

    _id -> _id will expose the _id mongoose value

or an object that maps keys to values for example {_id:'id'} Will expose _id as id on the object. [ '_id', {_id:'id} ] Will expose both id and _id, {'nested.value.here' : 'exposed.at.any.level'} Will create a sub object {exposed:{at:{any:level:'valuehere'}}}]

var exposedModel = mongoosemask.expose(model, [{_id:'id'}, {'email':'username'}, 'name', {'nested.value' : 'user.profile' }]);
 exposedModel = {
 id:12345,
 username:'my@email.com',
 name:'nodejs',
 user:{
        profile:'public ...'
      }
 }

###Notes If you are using 'express-partial-response' you must place this middleware AFTER you place the express-partial-response middleware as this middlware only works with mongoose objects which the express-partial-response middleware does not return

###CHANGELOG

###0.0.5 Quick fix for nested objects.

###0.0.4 Added dot'.' notation support to expose/mask methods. The method will try to walk the chain until it finds the value to expose/mask.

mask( ['this.sub.value'], model ); expose(['this.sub.value', { 'this.sub.value.two' : 'new.position.in.exposed.model' }], model );

If the expose method can not find the value then it will set it as undefined.

One limitation is that the dot notation can not traverse a sub array so model.[ {value:value}, {value:value}] will not be able to mask the model.value of the two sub models.

###0.0.3 Added the ability to pass a function as the mask callback for the express middleware. if you have a complex item that needs masking you can pass a callback funtion that will be invoked before your object is serialized to json.

The callback must have the following signature. function(obj, mask, done);

 express.use(mongooseMask(function(value, mask, done){
         var masked = mask(value, ['_id', '__v']);
         if(masked.data){
             masked.data = mask(value.data, ['_id', '__v']);
         }
         done(null, masked);
     }));

###0.0.6 Fixed NPE when passing nested objects

###0.0.2 Added support for calling mask directly. Added expose() method as an inverse of mask.

###0.0.1 Initial release