mongodb-sanitize

Helper or middleware to sanitize json object to prevent query selector injections for MongoDB

Usage no npm install needed!

<script type="module">
  import mongodbSanitize from 'https://cdn.skypack.dev/mongodb-sanitize';
</script>

README

mongodb-sanitize

NPM

npm node-current GitHub branch checks state npm GitHub issues NPM dependencies Status devDependencies Status npm bundle size GitHub contributors

This repository provides a functionality to sanitize the data that going to use for mongoDb operation. This will make sure that, incoming request not includes the bad/wrong formatted data which break or security breach for mongoDb. In short, it's provide some amount of security at code level to avoid any injection over mongoDb.

How to install

npm i --save mongodb-sanitize

or

yarn add mongodb-sanitize

Or CDN Reference

How to use as middleware

Set as the middleware like below example: By default this package will sanitize the data for req.body, req.params, req.query

const express = require('express');
const mongodbSanitize = require('mongodb-sanitize');

const app = express();

app.use(mongodbSanitize());

With typescript

import express from 'express';
import {sanitizeMiddleWare} from 'mongodb-sanitize';

const app = express();

app.use(sanitizeMiddleWare());

If you want to sanitize on custom fields and options then you can configure the middleware as below:

const express = require('express');
const mongodbSanitize = require('mongodb-sanitize');

const app = express();

app.use(mongodbSanitize(['body', 'query'], {replaceBy: '#'}));

With typescript

import express from 'express';
import {sanitizeMiddleWare} from 'mongodb-sanitize';

const app = express()

app.use(sanitizeMiddleWare(['body'], {replaceBy: '#'}))

Note:- Here, sanitize operation should be performed on only two fields(body, query) of request.

How to use as separate method

Here, you can see the example that how to use sanitize method separately without options

const { sanitize } = require('mongodb-sanitize');

const sanitizedObject = sanitize(<OBJECT_OR_ARRAY_TO_SANITIZE>);

With typescript

import {sanitize} from 'mongodb-sanitize';

const sanitizedObject:any = sanitize(<OBJECT_OR_ARRAY_TO_SANITIZE>);

With options

const { sanitize } = require('mongodb-sanitize');

const sanitizedObject = sanitize(<SOME_OBJECT_OR_ARRAY>, {replaceBy: <string>});

With typescript

import {sanitize} from 'mongodb-sanitize';

const sanitizedObject:any = sanitize(<OBJECT_OR_ARRAY_TO_SANITIZE>, {replaceBy: <string>});

How to use isSanitized method

isSanitized method used to check that is the pass object/array in argument is sanitize or not for mongodb operations.

const { isSanitized } = require('mongodb-sanitize');

const isSanitize = isSanitized(<OBJECT_OR_ARRAY_TO_SANITIZE>);

With typescript

import {isSanitized} from 'mongodb-sanitize';

const isSanitize: boolean = isSanitized(<OBJECT_OR_ARRAY_TO_SANITIZE>);