express-restify-mongoose-guard v1.1.2

express-restify-mongoose-guard

Pre / post hooks for express-restify-mongoose that provides configurable protection for Restify interfaces.

This module works by attaching itself late in the load-order to express-restify-mongoose and removing any potencially bad fields from the output.

This module was necessary as there was no method we could find that would omit certain fields without needing to list them all individually. Functionality grew over time to include other handy operations such as the DELETE to UPDATE rewriter.

Usage

Include the module in the usual way and set it as the default outputFn when setting up express-restify-monogoose within your main server.js file:

var restify = require('express-restify-mongoose');
var restifyGuard = require('express-restify-mongoose-guard')();
restify.defaults({
	version: '',
	middleware: restifyGuard.preHook,
	outputFn: restifyGuard.postHook,
});

Configuration

By default express-restify-mongoose-guard will protect any field beginning with _ from being outputted (except for _id and __v which is renamed to _v).

If you wish to tweak this further you can pass options by adding them to the function call.

The below shows some common patterns:

var restify = require('express-restify-mongoose');
var restifyGuard = require('express-restify-mongoose-guard')({

	// Rewrite all DELETE operations into an UPDATE forcing 'model.status = deleted'
	deleteUpdateRemap: {status: 'deleted'},

	removeFields: [

		// Remove all fields beginning with '_'
		/^_/, 

		// Remove all fields beginning with '$'
		/^\$/,

		// Run the fields though a filter and remove anything where the value is 'FIXME'
		function (val, key) {
			return (val == 'FIXME');
		},
	],

});

restify.defaults({
	version: '',
	middleware: restifyGuard.preHook,
	outputFn: restifyGuard.postHook,
});