mongodb-secure

Wrapper for mongodb driver implementing security options for injection protection.

Usage no npm install needed!

<script type="module">
  import mongodbSecure from 'https://cdn.skypack.dev/mongodb-secure';
</script>

README

Description

This project provides the official MongoDB driver for Node.js with an integrated protection mechanism against injection attacks.

Resources of the underlying driver

what where
documentation http://mongodb.github.io/node-mongodb-native/
api-doc http://mongodb.github.io/node-mongodb-native/2.2/api/
source https://github.com/mongodb/node-mongodb-native
mongodb http://www.mongodb.org/

Author

Installation

The recommended way to get started using the secured MongoDB driver is by using the NPM (Node Package Manager) to install the dependency in your project.

MongoDB Driver

Given that you have created your own project using npm init we install the mongodb driver and it's dependencies by executing the following NPM command.

npm install mongodb-secure --save

This will download the MongoDB driver and add a dependency entry in your package.json file.

Code Exmaples and Security Features

Connecting to MongoDB

Let's create a new app.js file that we will use to show the basic CRUD operations using the MongoDB driver.

First let's add code to connect to the server and the database myproject.

var MongoClient = require('mongodb-secure').MongoClient
  , assert = require('assert');

// Connection URL
var url = 'mongodb://localhost:27017/myproject';
// Use connect method to connect to the Server
MongoClient.connect(url, function(err, db) {
  assert.equal(null, err);
  console.log("Connected correctly to server");

  db.close();
});

Given that you booted up the mongod process earlier the application should connect successfully and print Connected correctly to server to the console.

Let's Add some code to show the different CRUD operations available.

Authentication Example

db.collection('users').find({
        "user": req.query.user, 
        "password": req.query.password
    }, 
    {"_security_pattern" : [{
    "user": ["string"],
    "password": ["string"]
    }]}
);

The optional security pattern, enables a developer to define allowed structures and types for user-provided data.