You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For example, a param with name :id could be cast to ObjectId (and if fails, throw 404), or :userId becomes the autoloaded user.
In the particular case of using Mongo/Mongoose that was quite helpful, because if a param does not validate as ObjectId, then findById(id) and findOne(_id: id) methods throw CastError.
To handle the error, we need to either to validate it manually (in try..catch) in every route which uses user-provided id, or just rely on a global agreement (implemented by post-processing params) ":id or :...Id" are ObjectIds" could be helpful.
Express had a way to post-process
app.params.For example, a param with name
:idcould be cast toObjectId(and if fails, throw 404), or:userIdbecomes the autoloaded user.In the particular case of using Mongo/Mongoose that was quite helpful, because if a param does not validate as
ObjectId, thenfindById(id)andfindOne(_id: id)methods throwCastError.To handle the error, we need to either to validate it manually (in try..catch) in every route which uses user-provided id, or just rely on a global agreement (implemented by post-processing params) "
:idor:...Id" are ObjectIds" could be helpful.P.S. This functionality seems to exist for koa-route: https://github.com/segmentio/koa-params
Why not to implement it here, it fits nicely.
The text was updated successfully, but these errors were encountered: