Thursday, 30 March 2017

Building a mongodb / mongoose query directly from URL query string?

I've built a couple of APIs using node, express, and mongoose but the one I'm working on right now is a lot more complex and works with more data than the ones I've built in the past. I'd also like to eventually release this API to the public. I'd like to make my endpoints flexible so that users of the API can pass up various parameters in the URL's query string. Possible use cases would be filtering, sorting, and populating mongoose model references. After doing some research I've found some good StackOverflow posts talking about needing to sanitize query input to avoid things like operator injection. I also found some npm packages that look like they were built for helping you take the query string and building a mongo/mongoose query out of it.Here they are:http://ift.tt/2om0ody (github: http://ift.tt/1wvLTlB)http://ift.tt/2odwACO anyone used any of these packages or something else to accomplish what I'm talking about? I wanted to ask on here because the concept seems really powerful but also dangerous if you don't know what to sanitize for. I assumed there would be a go-to package that most of you use for something like this, but none of the above really stick out to me as being incredibly popular on github. The 2nd one is failry popular but I'm not sure I like some of the conventions it uses. Also, with most of the above, it becomes pretty obvious to the API user that you're using mongo/mongoose since the query string params have the same exact name eg. "populate". I guess there's nothing wrong with this but feels kind of strange that it's that obvious to the API user.Have you guys used any of the above, or something else? I'd love for my API users to be able to create flexible mongo/mongoose queries using the URL's query string but not completely sure how to go about this.Thanks for the help cheers!

Submitted March 30, 2017 at 05:52PM by m9js

No comments:

Post a Comment