Skip to content

Commit 2f6de9b

Browse files
jlenon7jlenon7
committed
fix: verify all data in where clauses and transform where is a valid ObjectID
1 parent bd1cd2e commit 2f6de9b

File tree

2 files changed

+38
-72
lines changed

2 files changed

+38
-72
lines changed

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@secjs/database",
3-
"version": "1.1.2",
3+
"version": "1.1.3",
44
"description": "Handle your application database with factories, seeders and query builder in Node.js",
55
"license": "MIT",
66
"author": "João Lenon <lenon@secjs.com.br>",

src/Drivers/MongoDriver.ts

Lines changed: 37 additions & 71 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ import {
1313
Connection,
1414
isValidObjectId,
1515
} from 'mongoose'
16-
import { ObjectID } from 'mongodb'
16+
import { ObjectID } from 'bson'
1717
import { Transaction } from '../Utils/Transaction'
1818
import { DriverFactory } from '../Utils/DriverFactory'
1919
import { InternalServerException } from '@secjs/exceptions'
@@ -86,6 +86,14 @@ export class MongoDriver implements DriverContract {
8686
return pipeline
8787
}
8888

89+
private static stringToObjectId(data: string | ObjectID) {
90+
if (Is.String(data) && isValidObjectId(data)) {
91+
return new ObjectID(data)
92+
}
93+
94+
return data
95+
}
96+
8997
async commit(): Promise<any | any[]> {
9098
const doc = await this.session.commitTransaction()
9199
await this.session.endSession()
@@ -608,20 +616,18 @@ export class MongoDriver implements DriverContract {
608616
statement: string | Record<string, any>,
609617
value?: any,
610618
): DriverContract {
611-
if (typeof statement === 'string') {
612-
if (isValidObjectId(value) && Is.String(value)) {
613-
value = new ObjectID(value)
614-
}
619+
if (Is.String(statement)) {
620+
value = MongoDriver.stringToObjectId(value)
615621

616622
this._where[statement] = value
617623
this._pipeline.push({ $match: this._where })
618624

619625
return this
620626
}
621627

622-
if (statement._id && Is.String(statement._id)) {
623-
statement._id = new ObjectID(statement._id)
624-
}
628+
Object.keys(statement).forEach(key => {
629+
statement[key] = MongoDriver.stringToObjectId(statement[key])
630+
})
625631

626632
this._where = {
627633
...this._where,
@@ -638,19 +644,17 @@ export class MongoDriver implements DriverContract {
638644
value?: any,
639645
): DriverContract {
640646
if (typeof statement === 'string') {
641-
if (isValidObjectId(value) && Is.String(value)) {
642-
value = new ObjectID(value)
643-
}
647+
value = MongoDriver.stringToObjectId(value)
644648

645649
this._where[statement] = { $regex: value }
646650
this._pipeline.push({ $match: this._where })
647651

648652
return this
649653
}
650654

651-
if (statement._id && Is.String(statement._id)) {
652-
statement._id = new ObjectID(statement._id)
653-
}
655+
Object.keys(statement).forEach(key => {
656+
statement[key] = MongoDriver.stringToObjectId(statement[key])
657+
})
654658

655659
this._where = {
656660
...this._where,
@@ -665,19 +669,17 @@ export class MongoDriver implements DriverContract {
665669
value?: any,
666670
): DriverContract {
667671
if (typeof statement === 'string') {
668-
if (isValidObjectId(value) && Is.String(value)) {
669-
value = new ObjectID(value)
670-
}
672+
value = MongoDriver.stringToObjectId(value)
671673

672674
this._where[statement] = { $regex: value, $options: 'i' }
673675
this._pipeline.push({ $match: this._where })
674676

675677
return this
676678
}
677679

678-
if (statement._id && Is.String(statement._id)) {
679-
statement._id = new ObjectID(statement._id)
680-
}
680+
Object.keys(statement).forEach(key => {
681+
statement[key] = MongoDriver.stringToObjectId(statement[key])
682+
})
681683

682684
this._where = {
683685
...this._where,
@@ -694,19 +696,17 @@ export class MongoDriver implements DriverContract {
694696
value?: any,
695697
): DriverContract {
696698
if (typeof statement === 'string') {
697-
if (isValidObjectId(value) && Is.String(value)) {
698-
value = new ObjectID(value)
699-
}
699+
value = MongoDriver.stringToObjectId(value)
700700

701701
this._where[statement] = { $or: value }
702702
this._pipeline.push({ $match: this._where })
703703

704704
return this
705705
}
706706

707-
if (statement._id && Is.String(statement._id)) {
708-
statement._id = new ObjectID(statement._id)
709-
}
707+
Object.keys(statement).forEach(key => {
708+
statement[key] = MongoDriver.stringToObjectId(statement[key])
709+
})
710710

711711
this._where = {
712712
...this._where,
@@ -722,19 +722,17 @@ export class MongoDriver implements DriverContract {
722722
value?: any,
723723
): DriverContract {
724724
if (typeof statement === 'string') {
725-
if (isValidObjectId(value) && Is.String(value)) {
726-
value = new ObjectID(value)
727-
}
725+
value = MongoDriver.stringToObjectId(value)
728726

729727
this._where[statement] = { $not: value }
730728
this._pipeline.push({ $match: this._where })
731729

732730
return this
733731
}
734732

735-
if (statement._id && Is.String(statement._id)) {
736-
statement._id = new ObjectID(statement._id)
737-
}
733+
Object.keys(statement).forEach(key => {
734+
statement[key] = MongoDriver.stringToObjectId(statement[key])
735+
})
738736

739737
this._where = {
740738
...this._where,
@@ -746,15 +744,7 @@ export class MongoDriver implements DriverContract {
746744
}
747745

748746
buildWhereIn(columnName: string, values: any[]): DriverContract {
749-
if (columnName === '_id') {
750-
values = values.map(value => {
751-
if (Is.String(value)) {
752-
return new ObjectID(value)
753-
}
754-
755-
return value
756-
})
757-
}
747+
values = values.map(value => MongoDriver.stringToObjectId(value))
758748

759749
this._where[columnName] = { $in: values }
760750
this._pipeline.push({ $match: this._where })
@@ -763,15 +753,7 @@ export class MongoDriver implements DriverContract {
763753
}
764754

765755
buildWhereNotIn(columnName: string, values: any[]): DriverContract {
766-
if (columnName === '_id') {
767-
values = values.map(value => {
768-
if (Is.String(value)) {
769-
return new ObjectID(value)
770-
}
771-
772-
return value
773-
})
774-
}
756+
values = values.map(value => MongoDriver.stringToObjectId(value))
775757

776758
this._where[columnName] = { $nin: values }
777759
this._pipeline.push({ $match: this._where })
@@ -808,15 +790,8 @@ export class MongoDriver implements DriverContract {
808790
}
809791

810792
buildWhereBetween(columnName: string, values: [any, any]): DriverContract {
811-
if (columnName === '_id') {
812-
if (Is.String(values[0])) {
813-
values[0] = new ObjectID(values[0])
814-
}
815-
816-
if (Is.String(values[1])) {
817-
values[1] = new ObjectID(values[1])
818-
}
819-
}
793+
values[0] = MongoDriver.stringToObjectId(values[0])
794+
values[1] = MongoDriver.stringToObjectId(values[1])
820795

821796
this._where[columnName] = { $gte: values[0], $lte: values[1] }
822797
this._pipeline.push({ $match: this._where })
@@ -825,15 +800,8 @@ export class MongoDriver implements DriverContract {
825800
}
826801

827802
buildWhereNotBetween(columnName: string, values: [any, any]): DriverContract {
828-
if (columnName === '_id') {
829-
if (Is.String(values[0])) {
830-
values[0] = new ObjectID(values[0])
831-
}
832-
833-
if (Is.String(values[1])) {
834-
values[1] = new ObjectID(values[1])
835-
}
836-
}
803+
values[0] = MongoDriver.stringToObjectId(values[0])
804+
values[1] = MongoDriver.stringToObjectId(values[1])
837805

838806
this._where[columnName] = { $not: { $gte: values[0], $lte: values[1] } }
839807
this._pipeline.push({ $match: this._where })
@@ -931,9 +899,7 @@ export class MongoDriver implements DriverContract {
931899
}
932900

933901
buildHaving(column: string, operator: string, value: any): DriverContract {
934-
if (column === '_id' && Is.String(value)) {
935-
value = new ObjectID(value)
936-
}
902+
value = MongoDriver.stringToObjectId(value)
937903

938904
const operatorDictionary = {
939905
'>=': { $gte: value },

0 commit comments

Comments
 (0)