This repository provides a functionality to sanitize the data that going to use for mongoDb operation. This will make sure that, incoming request not includes the bad/wrong formatted data which break or security breach for mongoDb. In short, it's provide some amount of security at code level to avoid any injection over mongoDb.
npm i --save mongodb-sanitize
or
yarn add mongodb-sanitize
Or CDN Reference
Set as the middleware like below example:
By default this package will sanitize the data for req.body
, req.params
, req.query
const express = require('express');
const mongodbSanitize = require('mongodb-sanitize');
const app = express();
app.use(mongodbSanitize());
With typescript
import express from 'express';
import {sanitizeMiddleWare} from 'mongodb-sanitize';
const app = express();
app.use(sanitizeMiddleWare());
If you want to sanitize on custom fields and options then you can configure the middleware as below:
const express = require('express');
const mongodbSanitize = require('mongodb-sanitize');
const app = express();
app.use(mongodbSanitize(['body', 'query'], {replaceBy: '#'}));
With typescript
import express from 'express';
import {sanitizeMiddleWare} from 'mongodb-sanitize';
const app = express()
app.use(sanitizeMiddleWare(['body'], {replaceBy: '#'}))
Note:- Here, sanitize operation should be performed on only two fields(body
, query
) of request.
Here, you can see the example that how to use sanitize method separately without options
const { sanitize } = require('mongodb-sanitize');
const sanitizedObject = sanitize(<OBJECT_OR_ARRAY_TO_SANITIZE>);
With typescript
import {sanitize} from 'mongodb-sanitize';
const sanitizedObject:any = sanitize(<OBJECT_OR_ARRAY_TO_SANITIZE>);
With options
const { sanitize } = require('mongodb-sanitize');
const sanitizedObject = sanitize(<SOME_OBJECT_OR_ARRAY>, {replaceBy: <string>});
With typescript
import {sanitize} from 'mongodb-sanitize';
const sanitizedObject:any = sanitize(<OBJECT_OR_ARRAY_TO_SANITIZE>, {replaceBy: <string>});
isSanitized
method used to check that is the pass object/array in argument is sanitize or not for mongodb operations.
const { isSanitized } = require('mongodb-sanitize');
const isSanitize = isSanitized(<OBJECT_OR_ARRAY_TO_SANITIZE>);
With typescript
import {isSanitized} from 'mongodb-sanitize';
const isSanitize: boolean = isSanitized(<OBJECT_OR_ARRAY_TO_SANITIZE>);