Webgoose
A project to make accessing mongoose functions from the browser easy.
Security Use at your own risk
Webgoose is pretty hard to secure. For some applciations this might be fine. There are a few basic problems.
- Webpack sends the source to the server for your model. This could expose the inner workings of your app.
- Some more advanced features such as populations and anything that uses query makes it possible to expose more of your apps.
There is more information below how to secure your application.
Usage
Webgoose uses webpack and friends for the front end components, and express for the server.
Installation
Basic
$ npm i webgoose --save # Do not use this in production $ webgoose-dev-server ./path/to/your/model.js
Example model/blogpost.js
This is (or should be exactly the same as your mongoose, on the server webgoose just exports mongoose. On the client it does special magic. For testing the api is meant to be the same. Not the connect method should not be here.
//on the server webgoose will just return mongoose. On the client // it does magic. var mongoose = ; var Schema = mongooseSchema; var CommentSchema = title: String body: String comment: String date: Date ; var UserSchema = username: type: String match: /^[a-z]+?$/ friends: type: SchemaTypesObjectId ref: 'User' ; var BlogPostSchema = owner: type: SchemaTypesObjectId ref: 'User' editors: ref: 'User' type: SchemaTypesObjectId title: type: String match: '^.{3,}$' body: String buf: Buffer date: Date comments: CommentSchema meta: votes: Number favs: Number ; /** * Note this must return a query object. If it doesn't well, I dunno what it'll do. * @param q * @param term */ BlogPostSchemastatics { if !search return this; return this; } BlogPostSchemamethods { return thisconstructor; } mongoose; mongoose; mongoose; //might as well export mongoose. moduleexports = mongoose;
Setting up the server
Example server.js
var express = ;var bodyParser = ;var mongoose = ;var webgoose = ; //Mongoose needs to connect.mongoose; //Must have body parser app; //use the webgoose express loginapp; console;app;
Setting up the client
If you are not using webpack well good luck. If you are then you can just, use it. See the example below
Example webpack.config.js
There is nothing special but the proxy setup.
moduleexports = devServer: contentBase: "./.build" info: false // --no-info option hot: true inline: true proxy: //we setup a proxy to pass the requests to the server '/rest/mongoose/*': 'http://localhost:3001' entry: app: './public/app.js' ;
Client example of public/app.js
var mongoose = ; //this sets the url to the client and server. mongoose; var BlogPost = mongoose; //create a blogpost //your blogpost ;
Package.json
Starting from package.json is convienent.
"scripts": ,
$ npm start &
Security Configuration
See the top security disclosure. But here are some ways to configure. in your server.js. Everything is available by default.
pass the following options
Key | Type | Description |
---|---|---|
builtin | boolean | false disables all the built in functions including findById |
mquery | boolean | false disables mquery operations. |
populate | boolean | false disables population |
methods | boolean | false disables instance method invocations |
statics | boolean | false disables static method invocations |
models | String | a comma delimented list of allowed models (or an array). |