You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 7-8.RSVP
Socket
Socket
Sign inDemoInstall

nestjs-mongoose-exclude

Package Overview
Dependencies
0
Maintainers
1
Versions
5
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

nestjs-mongoose-exclude

Exclude selected properties from your mongoose document


Version published
Maintainers
1
Created

Readme

Source

nestjs-mongoose-exclude

Sanitize your nestjs response - Exclude selected properties from a mongoose document

Idea

I wanted to find an easy way to exclude selected properties from my mongoose model. Unfortunately, class-transformer library doesn't work correctly with mongoose models and documents. So I wrote this little package to do this, is it strongly inspired by class-transformer. The package contains a decorator that will let you mark properties to exclude and interceptor which you can use on your routes. See an example. Package it is fully tested

Example

You have the class-based schema User:

@Schema()
export class User implements IUser {
  @Prop({
    unique: true,
  })
  email: string;

  @Prop({ required: true })
  password: string;
}

If you want to exclude password from your response, you can simply add ExcludeProperty decorator:

@Schema()
export class User implements IUser {
  @Prop({
    unique: true,
  })
  email: string;

  @Prop({ required: true })
  @ExcludeProperty()
  password: string;
}

then your need to add an interceptor to your routes. If you have something like this:

@Get('/me')
  currentUser(@CurrentUser() user: User): UserResponse {
    return user;
  }

simply add SanitizeMongooseModelInterceptor to route:

@UseInterceptors(new SanitizeMongooseModelInterceptor())
@Get('/me')
  currentUser(@CurrentUser() user: User): UserResponse {
    return user;
  }

Of course, you can add the interceptor to all routes inside your controller, instead of adding the interceptor before the route add it before the controller:

@UseInterceptors(new SanitizeMongooseModelInterceptor())
@Controller('/users')
export class UsersController {
  @Get('/me')
  currentUser(@CurrentUser() user: User): UserResponse {
    return user;
  }
}

Decorator and model name

You can pass your model name. like a decorator paramter:

@ExcludeProperty(modelName: string)

by default model name it is referent to the class name:

@Schema()
export class User implements IUser {
// for this example it is User.name

Remember that the model name you provided to the decorator must match with the name you registered: your module file:

MongooseModule.forFeature([{ name: User.name, schema: UserSchema }]),

and your schema:

@Schema()
export class User implements IUser {
  @Prop({
    unique: true,
  })
  email: string;

  @Prop({ required: true })
  @ExcludeProperty()
  password: string;
}

or if you want to use a custom model name:

MongooseModule.forFeature([{ name: 'UserModel', schema: UserSchema }]),

and your schema:

@Schema()
export class User implements IUser {
  @Prop({
    unique: true,
  })
  email: string;

  @Prop({ required: true })
  @ExcludeProperty('UserModel')
  password: string;
}

Interceptor options

You can change this, provide it to them transform options object:

TransformOptions {
  excludeMongooseId: boolean;
  excludeMongooseV: boolean;
}

So for example, you don't want to exclude mongoose id from a response then:

@UseInterceptors(new SanitizeMongooseModelInterceptor({excludeMongooseId: false}))

Keywords

FAQs

Package last updated on 10 Jun 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc