koajs / json-filter Goto Github PK
View Code? Open in Web Editor NEWMiddleware allowing the client to filter the response to only what they need, reducing the amount of traffic over the wire.
Middleware allowing the client to filter the response to only what they need, reducing the amount of traffic over the wire.
Not really an Issue but, why yield *next;
when there is already delegation in koa itself?
There is to my understanding quite a big security risk when using this middleware.
If we use some kind of POJO with a toJSON
function that would have only visible fields returned during JSON stringifying, this toJSON
function will be removed from the object when going through json-filter.
Therefore, let's imagine this case:
class User {
constructor(props) {
this.email = props.email;
this.id = props.id;
this.password = props.password;
}
toJSON() {
return {
email: this.email,
id: this.id,
};
}
}
In toJSON
method, the password property is removed but it exists in the object itself.
Now, if a request such as http://host:port/users/userID?filter=password
is sent, the middleware will see a property password and return it.
My suggestion would be to use something like const hasJSONifier = typeof body.toJSON === 'function';
and if true, apply it before going through the reduce function.
Hi @visionmedia, I've been following the koajs
project, saw this middleware and just wanted to mention that if you'd like to extend json-filter to also be able to filter parts from deep within objects, you may like json-mask:
Here's a simple example:
var mask = require('json-mask');
var body = [
{
name: 'tobi',
packages: 5,
friends: ['abby', 'loki', 'jane'],
location: {
id: '342',
name: 'London'
}
},
{
name: 'loki',
packages: 2,
friends: ['loki', 'jane'],
location: {
id: '62',
name: 'New York'
}
}
];
var filter = 'name,location/name';
console.log(
mask(body, filter)
);
Out:
[ { name: 'tobi', location: { name: 'London' } },
{ name: 'loki', location: { name: 'New York' } } ]
It's a tiny lib; no dependencies.
lolzzz....
TypeError: simpleJSONFilter is not a constructor
//code.jquery.com/jquery-1.11.3.min.js
//require.js
var simpleJSONFilter;
define(function (require) {
simpleJSONFilter = require('index.js');
});
var sjf = new simpleJSONFilter();
var data = {
one: {
id: 1,
name: 'Hiro Protagonist',
age: 27
},
two: {
id: 2,
name: 'Y.T.',
age: 16
},
three: {
id: 3,
name: 'Raven',
age: 40,
},
four: {
id: 4,
name: 'Uncle Enzo',
age: 80
},
five: {
id: 5,
name: 'Fisheye',
age: 50
}
};
var filter = {id: 1};
var result = sjf.exec(filter, data); // Returns {one: {id: 1,name: 'Hiro Protagonist',age: 27}}
console.log(result);
๐
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.