From 804a8d9ee014f5fab29df3e78b73b0daf3bc1f46 Mon Sep 17 00:00:00 2001 From: mdconaway Date: Sat, 26 Aug 2017 10:23:44 +0100 Subject: [PATCH 1/2] Add meta flag for 'unsafe' queries This closes issue #1489 --- .../utils/query/forge-stage-three-query.js | 26 ++++- .../utils/query/forge-stage-two-query.js | 2 +- .../query/private/is-valid-attribute-name.js | 8 +- .../query/private/normalize-constraint.js | 10 +- .../utils/query/private/normalize-criteria.js | 12 +- .../query/private/normalize-sort-clause.js | 10 +- .../query/private/normalize-where-clause.js | 8 +- test/unit/query/query.find.unsafe.js | 110 ++++++++++++++++++ test/unit/query/query.findOne.unsafe.js | 107 +++++++++++++++++ 9 files changed, 274 insertions(+), 19 deletions(-) create mode 100644 test/unit/query/query.find.unsafe.js create mode 100644 test/unit/query/query.findOne.unsafe.js diff --git a/lib/waterline/utils/query/forge-stage-three-query.js b/lib/waterline/utils/query/forge-stage-three-query.js index caace24ce..975cbe1c0 100644 --- a/lib/waterline/utils/query/forge-stage-three-query.js +++ b/lib/waterline/utils/query/forge-stage-three-query.js @@ -56,7 +56,7 @@ module.exports = function forgeStageThreeQuery(options) { var identity = options.identity; var transformer = options.transformer; var originalModels = options.originalModels; - + var isUnsafeQuery = s3Q.meta && s3Q.meta.unsafe; // ╔═╗╦╔╗╔╔╦╗ ┌┬┐┌─┐┌┬┐┌─┐┬ // ╠╣ ║║║║ ║║ ││││ │ ││├┤ │ @@ -198,7 +198,13 @@ module.exports = function forgeStageThreeQuery(options) { var sort = {}; var attrName = _.first(_.keys(sortClause)); var sortDirection = sortClause[attrName]; - var columnName = model.schema[attrName].columnName; + var schemaAttr = model.schema[attrName]; + if(isUnsafeQuery && !schemaAttr) { + schemaAttr = { + columnName: attrName + }; + } + var columnName = schemaAttr.columnName; sort[columnName] = sortDirection; return sort; }); @@ -245,7 +251,13 @@ module.exports = function forgeStageThreeQuery(options) { var sort = {}; var attrName = _.first(_.keys(sortClause)); var sortDirection = sortClause[attrName]; - var columnName = model.schema[attrName].columnName; + var schemaAttr = model.schema[attrName]; + if(isUnsafeQuery && !schemaAttr) { + schemaAttr = { + columnName: attrName + }; + } + var columnName = schemaAttr.columnName; sort[columnName] = sortDirection; return sort; }); @@ -573,7 +585,13 @@ module.exports = function forgeStageThreeQuery(options) { var sort = {}; var attrName = _.first(_.keys(sortClause)); var sortDirection = sortClause[attrName]; - var columnName = model.schema[attrName].columnName; + var schemaAttr = model.schema[attrName]; + if(isUnsafeQuery && !schemaAttr) { + schemaAttr = { + columnName: attrName + }; + } + var columnName = schemaAttr.columnName; sort[columnName] = sortDirection; return sort; }); diff --git a/lib/waterline/utils/query/forge-stage-two-query.js b/lib/waterline/utils/query/forge-stage-two-query.js index 33038c4e1..e68a897f1 100644 --- a/lib/waterline/utils/query/forge-stage-two-query.js +++ b/lib/waterline/utils/query/forge-stage-two-query.js @@ -473,7 +473,7 @@ module.exports = function forgeStageTwoQuery(query, orm) { // ╝╚╝╚═╝╩╚═╩ ╩╩ ╩╩═╝╩╚═╝╚═╝ └┘ ╚╝ ╩ ╩╩═╝╩═╩╝╩ ╩ ╩ ╚═╝ // Validate and normalize the provided `criteria`. try { - query.criteria = normalizeCriteria(query.criteria, query.using, orm); + query.criteria = normalizeCriteria(query.criteria, query.using, orm, query.meta); } catch (e) { switch (e.code) { diff --git a/lib/waterline/utils/query/private/is-valid-attribute-name.js b/lib/waterline/utils/query/private/is-valid-attribute-name.js index ca825a1cc..f52bab1d2 100644 --- a/lib/waterline/utils/query/private/is-valid-attribute-name.js +++ b/lib/waterline/utils/query/private/is-valid-attribute-name.js @@ -19,11 +19,15 @@ var RX_IS_VALID_ECMASCRIPT_5_1_VAR_NAME = /^(?!(?:do|if|in|for|let|new|try|var|c * Determine whether this value is valid for use as a Waterline attribute name. * --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- * @param {Ref} hypotheticalAttrName + * @param {Boolean} isUnsafeQuery + * The meta.unsafe flag as propagated by parent + * > WARNING: + * > THIS PARAMETER IS OPTIONAL AND MAY BE UNDEFINED * --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- * @returns {Boolean} */ -module.exports = function isValidAttributeName(hypotheticalAttrName) { +module.exports = function isValidAttributeName(hypotheticalAttrName, isUnsafeQuery) { if (!_.isString(hypotheticalAttrName)) { return false; @@ -33,7 +37,7 @@ module.exports = function isValidAttributeName(hypotheticalAttrName) { return false; }//-• - if (!hypotheticalAttrName.match(RX_IS_VALID_ECMASCRIPT_5_1_VAR_NAME)) { + if (!hypotheticalAttrName.match(RX_IS_VALID_ECMASCRIPT_5_1_VAR_NAME) && !isUnsafeQuery) { return false; }//-• diff --git a/lib/waterline/utils/query/private/normalize-constraint.js b/lib/waterline/utils/query/private/normalize-constraint.js index 29e2a28d3..d2b25a48d 100644 --- a/lib/waterline/utils/query/private/normalize-constraint.js +++ b/lib/waterline/utils/query/private/normalize-constraint.js @@ -69,6 +69,10 @@ var MODIFIER_KINDS = { * @param {Ref} orm * The Waterline ORM instance. * > Useful for accessing the model definitions. + * + * @param {Dictionary} meta + * The Waterline meta-data for this query + * > Useful for propagating query options to low-level functions * ------------------------------------------------------------------------------------------ * @returns {Dictionary|String|Number|Boolean|JSON} * The constraint (potentially the same ref), guaranteed to be valid for a stage 2 query. @@ -88,7 +92,7 @@ var MODIFIER_KINDS = { * ------------------------------------------------------------------------------------------ */ -module.exports = function normalizeConstraint (constraint, attrName, modelIdentity, orm){ +module.exports = function normalizeConstraint (constraint, attrName, modelIdentity, orm, meta){ if (_.isUndefined(constraint)) { throw new Error('Consistency violation: The internal normalizeConstraint() utility must always be called with a first argument (the constraint to normalize). But instead, got: '+util.inspect(constraint, {depth:5})+''); } @@ -101,7 +105,7 @@ module.exports = function normalizeConstraint (constraint, attrName, modelIdenti // Look up the Waterline model for this query. var WLModel = getModel(modelIdentity, orm); - + var isUnsafeQuery = meta && meta.unsafe; // Before we look at the constraint, we'll check the key to be sure it is valid for this model. // (in the process, we look up the expected type for the corresponding attribute, // so that we have something to validate against) @@ -137,7 +141,7 @@ module.exports = function normalizeConstraint (constraint, attrName, modelIdenti else if (WLModel.hasSchema === false) { // Make sure this is at least a valid name for a Waterline attribute. - if (!isValidAttributeName(attrName)) { + if (!isValidAttributeName(attrName, isUnsafeQuery)) { throw flaverr('E_CONSTRAINT_NOT_USABLE', new Error( '`'+attrName+'` is not a valid name for an attribute in Waterline. '+ 'Even though this model (`'+modelIdentity+'`) declares `schema: false`, '+ diff --git a/lib/waterline/utils/query/private/normalize-criteria.js b/lib/waterline/utils/query/private/normalize-criteria.js index 7b2afdf22..685811190 100644 --- a/lib/waterline/utils/query/private/normalize-criteria.js +++ b/lib/waterline/utils/query/private/normalize-criteria.js @@ -64,7 +64,11 @@ var NAMES_OF_RECOGNIZED_CLAUSES = ['where', 'limit', 'skip', 'sort', 'select', ' * @param {Ref} orm * The Waterline ORM instance. * > Useful for accessing the model definitions. - * + * + * @param {Dictionary} meta + * The Waterline meta-data for this query + * > Useful for propagating query options to low-level functions + * * -- * * @returns {Dictionary} @@ -85,7 +89,7 @@ var NAMES_OF_RECOGNIZED_CLAUSES = ['where', 'limit', 'skip', 'sort', 'select', ' * * @throws {Error} If anything else unexpected occurs. */ -module.exports = function normalizeCriteria(criteria, modelIdentity, orm) { +module.exports = function normalizeCriteria(criteria, modelIdentity, orm, meta) { // Sanity checks. // > These are just some basic, initial usage assertions to help catch @@ -471,7 +475,7 @@ module.exports = function normalizeCriteria(criteria, modelIdentity, orm) { // try { - criteria.where = normalizeWhereClause(criteria.where, modelIdentity, orm); + criteria.where = normalizeWhereClause(criteria.where, modelIdentity, orm, meta); } catch (e) { switch (e.code) { @@ -636,7 +640,7 @@ module.exports = function normalizeCriteria(criteria, modelIdentity, orm) { // // Validate/normalize `sort` clause. try { - criteria.sort = normalizeSortClause(criteria.sort, modelIdentity, orm); + criteria.sort = normalizeSortClause(criteria.sort, modelIdentity, orm, meta); } catch (e) { switch (e.code) { diff --git a/lib/waterline/utils/query/private/normalize-sort-clause.js b/lib/waterline/utils/query/private/normalize-sort-clause.js index 0bdb395be..913a81837 100644 --- a/lib/waterline/utils/query/private/normalize-sort-clause.js +++ b/lib/waterline/utils/query/private/normalize-sort-clause.js @@ -33,6 +33,10 @@ var isValidAttributeName = require('./is-valid-attribute-name'); * @param {Ref} orm * The Waterline ORM instance. * > Useful for accessing the model definitions. + * + * @param {Dictionary} meta + * The Waterline meta-data for this query + * > Useful for propagating query options to low-level functions * -- * * @returns {Array} @@ -50,12 +54,12 @@ var isValidAttributeName = require('./is-valid-attribute-name'); * @throws {Error} If anything else unexpected occurs. */ -module.exports = function normalizeSortClause(sortClause, modelIdentity, orm) { +module.exports = function normalizeSortClause(sortClause, modelIdentity, orm, meta) { // Look up the Waterline model for this query. // > This is so that we can reference the original model definition. var WLModel = getModel(modelIdentity, orm); - + var isUnsafeQuery = meta && meta.unsafe; // ╔═╗╔═╗╔╦╗╔═╗╔═╗╔╦╗╦╔╗ ╦╦ ╦╔╦╗╦ ╦ // ║ ║ ║║║║╠═╝╠═╣ ║ ║╠╩╗║║ ║ ║ ╚╦╝ // ╚═╝╚═╝╩ ╩╩ ╩ ╩ ╩ ╩╚═╝╩╩═╝╩ ╩ ╩ @@ -301,7 +305,7 @@ module.exports = function normalizeSortClause(sortClause, modelIdentity, orm) { else if (WLModel.hasSchema === false) { // Make sure this is at least a valid name for a Waterline attribute. - if (!isValidAttributeName(sortByKey)) { + if (!isValidAttributeName(sortByKey, isUnsafeQuery)) { throw flaverr('E_SORT_CLAUSE_UNUSABLE', new Error( 'The `sort` clause in the provided criteria is invalid, because, although it '+ 'is an array, one of its items (aka comparator directives) is problematic. '+ diff --git a/lib/waterline/utils/query/private/normalize-where-clause.js b/lib/waterline/utils/query/private/normalize-where-clause.js index 3328bc508..6242692fb 100644 --- a/lib/waterline/utils/query/private/normalize-where-clause.js +++ b/lib/waterline/utils/query/private/normalize-where-clause.js @@ -44,6 +44,10 @@ var PREDICATE_OPERATOR_KINDS = [ * The Waterline ORM instance. * > Useful for accessing the model definitions. * + * @param {Dictionary} meta + * The Waterline meta-data for this query + * > Useful for propagating query options to low-level functions + * * ------------------------------------------------------------------------------------------ * @returns {Dictionary} * The successfully-normalized `where` clause, ready for use in a stage 2 query. @@ -63,7 +67,7 @@ var PREDICATE_OPERATOR_KINDS = [ * * @throws {Error} If anything else unexpected occurs. */ -module.exports = function normalizeWhereClause(whereClause, modelIdentity, orm) { +module.exports = function normalizeWhereClause(whereClause, modelIdentity, orm, meta) { // Look up the Waterline model for this query. // > This is so that we can reference the original model definition. @@ -466,7 +470,7 @@ module.exports = function normalizeWhereClause(whereClause, modelIdentity, orm) // Normalize the constraint itself. // (note that this also checks the key -- i.e. the attr name) try { - branch[soleBranchKey] = normalizeConstraint(branch[soleBranchKey], soleBranchKey, modelIdentity, orm); + branch[soleBranchKey] = normalizeConstraint(branch[soleBranchKey], soleBranchKey, modelIdentity, orm, meta); } catch (e) { switch (e.code) { diff --git a/test/unit/query/query.find.unsafe.js b/test/unit/query/query.find.unsafe.js new file mode 100644 index 000000000..f610797fd --- /dev/null +++ b/test/unit/query/query.find.unsafe.js @@ -0,0 +1,110 @@ +var assert = require('assert'); +var _ = require('@sailshq/lodash'); +var Waterline = require('../../../lib/waterline'); + +describe('Collection Query ::', function() { + describe('.find()', function() { + describe('with meta unsafe flag', function(){ + var query; + + before(function(done) { + var waterline = new Waterline(); + var Model = Waterline.Model.extend({ + identity: 'user', + connection: 'foo', + primaryKey: 'id', + schema: false, + attributes: { + id: { + type: 'number' + }, + name: { + type: 'string', + defaultsTo: 'Foo Bar' + }, + nested: { + type: 'json' + } + } + }); + + waterline.registerModel(Model); + + // Fixture Adapter Def + var adapterDef = { find: function(con, query, cb) { return cb(null, [{id: 1, criteria: query.criteria}]); }}; + + var connections = { + 'foo': { + adapter: 'foobar' + } + }; + + waterline.initialize({ adapters: { foobar: adapterDef }, datastores: connections }, function(err, orm) { + if(err) { + return done(err); + } + query = orm.collections.user; + return done(); + }); + }); + + it('should allow meta to be optional', function(done) { + query.find({}, function(err) { + if(err) { + return done(err); + } + + return done(); + }); + }); + + it('should block a query not explicitly unsafe', function(done) { + query.find({ + 'nested.key': 'foobar' + }, function(err) { + if(err) { + return done(); + } + + return done(new Error('Unsafe query allowed through by default!')); + }); + }); + + it('should allow a mongo-style query to pass through to the adapter with meta.unsafe', function(done) { + query.find() + .where({ 'nested.key': 'Foo Bar' }) + .sort([{ 'nested.key': 'desc' }]) + .meta({unsafe: true}) + .exec(function(err, results) { + if (err) { + return done(err); + } + + assert(_.isArray(results)); + assert.equal(results[0].criteria.where['nested.key'], 'Foo Bar'); + assert.equal(results[0].criteria.sort[0]['nested.key'], 'DESC'); + + return done(); + }); + }); + + it('should still normalize mongo-style waterline queries with meta.unsafe', function(done) { + query.find() + .where({ 'nested.key': ['Foo Bar'] }) + .sort([{ 'nested.key': 'desc' }]) + .meta({unsafe: true}) + .exec(function(err, results) { + if (err) { + return done(err); + } + + assert(_.isArray(results)); + assert.equal(results[0].criteria.where['nested.key'].in[0], 'Foo Bar'); + assert.equal(results[0].criteria.sort[0]['nested.key'], 'DESC'); + + return done(); + }); + }); + }); + }); +}); diff --git a/test/unit/query/query.findOne.unsafe.js b/test/unit/query/query.findOne.unsafe.js new file mode 100644 index 000000000..fd3bdf912 --- /dev/null +++ b/test/unit/query/query.findOne.unsafe.js @@ -0,0 +1,107 @@ +var assert = require('assert'); +var _ = require('@sailshq/lodash'); +var Waterline = require('../../../lib/waterline'); + +describe('Collection Query ::', function() { + describe('.findOne()', function() { + describe('with meta unsafe flag', function() { + var query; + + before(function(done) { + var waterline = new Waterline(); + var Model = Waterline.Model.extend({ + identity: 'user', + connection: 'foo', + primaryKey: 'id', + schema: false, + attributes: { + id: { + type: 'number' + }, + name: { + type: 'string', + defaultsTo: 'Foo Bar' + }, + nested: { + type: 'json' + } + } + }); + + waterline.registerModel(Model); + + // Fixture Adapter Def + var adapterDef = { find: function(con, query, cb) { return cb(null, [{id: 1, criteria: query.criteria}]); }}; + + var connections = { + 'foo': { + adapter: 'foobar' + } + }; + + waterline.initialize({ adapters: { foobar: adapterDef }, datastores: connections }, function(err, orm) { + if(err) { + return done(err); + } + query = orm.collections.user; + return done(); + }); + }); + + it('should allow meta to be optional', function(done) { + query.findOne({ + foo: 'bar' + }) + .exec(function(err) { + if(err) { + return done(err); + } + + return done(); + }); + }); + + it('should block a query not explicitly unsafe', function(done) { + query.findOne({ + 'nested.key': 'foobar' + }, function(err) { + if(err) { + return done(); + } + + return done(new Error('Unsafe query allowed through by default!')); + }); + }); + + it('should allow a mongo-style query to pass through to the adapter with meta.unsafe', function(done) { + query.findOne({ 'nested.key': 'Foo Bar' }) + .meta({unsafe: true}) + .exec(function(err, results) { + if (err) { + return done(err); + } + + assert(_.isPlainObject(results)); + assert.equal(results.criteria.where['nested.key'], 'Foo Bar'); + + return done(); + }); + }); + + it('should still normalize mongo-style waterline queries with meta.unsafe', function(done) { + query.findOne({ 'nested.key': ['Foo Bar'] }) + .meta({unsafe: true}) + .exec(function(err, results) { + if (err) { + return done(err); + } + + assert(_.isPlainObject(results)); + assert.equal(results.criteria.where['nested.key'].in[0], 'Foo Bar'); + + return done(); + }); + }); + }); + }); +}); From 82de6ab3c3eda66c1dfb774921c7cd22a6c92fee Mon Sep 17 00:00:00 2001 From: mdconaway Date: Sun, 1 Oct 2017 22:14:45 +0100 Subject: [PATCH 2/2] Remove all changes except tests --- .../utils/query/forge-stage-three-query.js | 26 +++---------------- .../utils/query/forge-stage-two-query.js | 2 +- .../query/private/is-valid-attribute-name.js | 8 ++---- .../query/private/normalize-constraint.js | 10 +++---- .../utils/query/private/normalize-criteria.js | 12 +++------ .../query/private/normalize-sort-clause.js | 10 +++---- .../query/private/normalize-where-clause.js | 8 ++---- 7 files changed, 19 insertions(+), 57 deletions(-) diff --git a/lib/waterline/utils/query/forge-stage-three-query.js b/lib/waterline/utils/query/forge-stage-three-query.js index 975cbe1c0..caace24ce 100644 --- a/lib/waterline/utils/query/forge-stage-three-query.js +++ b/lib/waterline/utils/query/forge-stage-three-query.js @@ -56,7 +56,7 @@ module.exports = function forgeStageThreeQuery(options) { var identity = options.identity; var transformer = options.transformer; var originalModels = options.originalModels; - var isUnsafeQuery = s3Q.meta && s3Q.meta.unsafe; + // ╔═╗╦╔╗╔╔╦╗ ┌┬┐┌─┐┌┬┐┌─┐┬ // ╠╣ ║║║║ ║║ ││││ │ ││├┤ │ @@ -198,13 +198,7 @@ module.exports = function forgeStageThreeQuery(options) { var sort = {}; var attrName = _.first(_.keys(sortClause)); var sortDirection = sortClause[attrName]; - var schemaAttr = model.schema[attrName]; - if(isUnsafeQuery && !schemaAttr) { - schemaAttr = { - columnName: attrName - }; - } - var columnName = schemaAttr.columnName; + var columnName = model.schema[attrName].columnName; sort[columnName] = sortDirection; return sort; }); @@ -251,13 +245,7 @@ module.exports = function forgeStageThreeQuery(options) { var sort = {}; var attrName = _.first(_.keys(sortClause)); var sortDirection = sortClause[attrName]; - var schemaAttr = model.schema[attrName]; - if(isUnsafeQuery && !schemaAttr) { - schemaAttr = { - columnName: attrName - }; - } - var columnName = schemaAttr.columnName; + var columnName = model.schema[attrName].columnName; sort[columnName] = sortDirection; return sort; }); @@ -585,13 +573,7 @@ module.exports = function forgeStageThreeQuery(options) { var sort = {}; var attrName = _.first(_.keys(sortClause)); var sortDirection = sortClause[attrName]; - var schemaAttr = model.schema[attrName]; - if(isUnsafeQuery && !schemaAttr) { - schemaAttr = { - columnName: attrName - }; - } - var columnName = schemaAttr.columnName; + var columnName = model.schema[attrName].columnName; sort[columnName] = sortDirection; return sort; }); diff --git a/lib/waterline/utils/query/forge-stage-two-query.js b/lib/waterline/utils/query/forge-stage-two-query.js index e68a897f1..33038c4e1 100644 --- a/lib/waterline/utils/query/forge-stage-two-query.js +++ b/lib/waterline/utils/query/forge-stage-two-query.js @@ -473,7 +473,7 @@ module.exports = function forgeStageTwoQuery(query, orm) { // ╝╚╝╚═╝╩╚═╩ ╩╩ ╩╩═╝╩╚═╝╚═╝ └┘ ╚╝ ╩ ╩╩═╝╩═╩╝╩ ╩ ╩ ╚═╝ // Validate and normalize the provided `criteria`. try { - query.criteria = normalizeCriteria(query.criteria, query.using, orm, query.meta); + query.criteria = normalizeCriteria(query.criteria, query.using, orm); } catch (e) { switch (e.code) { diff --git a/lib/waterline/utils/query/private/is-valid-attribute-name.js b/lib/waterline/utils/query/private/is-valid-attribute-name.js index f52bab1d2..ca825a1cc 100644 --- a/lib/waterline/utils/query/private/is-valid-attribute-name.js +++ b/lib/waterline/utils/query/private/is-valid-attribute-name.js @@ -19,15 +19,11 @@ var RX_IS_VALID_ECMASCRIPT_5_1_VAR_NAME = /^(?!(?:do|if|in|for|let|new|try|var|c * Determine whether this value is valid for use as a Waterline attribute name. * --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- * @param {Ref} hypotheticalAttrName - * @param {Boolean} isUnsafeQuery - * The meta.unsafe flag as propagated by parent - * > WARNING: - * > THIS PARAMETER IS OPTIONAL AND MAY BE UNDEFINED * --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- * @returns {Boolean} */ -module.exports = function isValidAttributeName(hypotheticalAttrName, isUnsafeQuery) { +module.exports = function isValidAttributeName(hypotheticalAttrName) { if (!_.isString(hypotheticalAttrName)) { return false; @@ -37,7 +33,7 @@ module.exports = function isValidAttributeName(hypotheticalAttrName, isUnsafeQue return false; }//-• - if (!hypotheticalAttrName.match(RX_IS_VALID_ECMASCRIPT_5_1_VAR_NAME) && !isUnsafeQuery) { + if (!hypotheticalAttrName.match(RX_IS_VALID_ECMASCRIPT_5_1_VAR_NAME)) { return false; }//-• diff --git a/lib/waterline/utils/query/private/normalize-constraint.js b/lib/waterline/utils/query/private/normalize-constraint.js index d2b25a48d..29e2a28d3 100644 --- a/lib/waterline/utils/query/private/normalize-constraint.js +++ b/lib/waterline/utils/query/private/normalize-constraint.js @@ -69,10 +69,6 @@ var MODIFIER_KINDS = { * @param {Ref} orm * The Waterline ORM instance. * > Useful for accessing the model definitions. - * - * @param {Dictionary} meta - * The Waterline meta-data for this query - * > Useful for propagating query options to low-level functions * ------------------------------------------------------------------------------------------ * @returns {Dictionary|String|Number|Boolean|JSON} * The constraint (potentially the same ref), guaranteed to be valid for a stage 2 query. @@ -92,7 +88,7 @@ var MODIFIER_KINDS = { * ------------------------------------------------------------------------------------------ */ -module.exports = function normalizeConstraint (constraint, attrName, modelIdentity, orm, meta){ +module.exports = function normalizeConstraint (constraint, attrName, modelIdentity, orm){ if (_.isUndefined(constraint)) { throw new Error('Consistency violation: The internal normalizeConstraint() utility must always be called with a first argument (the constraint to normalize). But instead, got: '+util.inspect(constraint, {depth:5})+''); } @@ -105,7 +101,7 @@ module.exports = function normalizeConstraint (constraint, attrName, modelIdenti // Look up the Waterline model for this query. var WLModel = getModel(modelIdentity, orm); - var isUnsafeQuery = meta && meta.unsafe; + // Before we look at the constraint, we'll check the key to be sure it is valid for this model. // (in the process, we look up the expected type for the corresponding attribute, // so that we have something to validate against) @@ -141,7 +137,7 @@ module.exports = function normalizeConstraint (constraint, attrName, modelIdenti else if (WLModel.hasSchema === false) { // Make sure this is at least a valid name for a Waterline attribute. - if (!isValidAttributeName(attrName, isUnsafeQuery)) { + if (!isValidAttributeName(attrName)) { throw flaverr('E_CONSTRAINT_NOT_USABLE', new Error( '`'+attrName+'` is not a valid name for an attribute in Waterline. '+ 'Even though this model (`'+modelIdentity+'`) declares `schema: false`, '+ diff --git a/lib/waterline/utils/query/private/normalize-criteria.js b/lib/waterline/utils/query/private/normalize-criteria.js index 685811190..7b2afdf22 100644 --- a/lib/waterline/utils/query/private/normalize-criteria.js +++ b/lib/waterline/utils/query/private/normalize-criteria.js @@ -64,11 +64,7 @@ var NAMES_OF_RECOGNIZED_CLAUSES = ['where', 'limit', 'skip', 'sort', 'select', ' * @param {Ref} orm * The Waterline ORM instance. * > Useful for accessing the model definitions. - * - * @param {Dictionary} meta - * The Waterline meta-data for this query - * > Useful for propagating query options to low-level functions - * + * * -- * * @returns {Dictionary} @@ -89,7 +85,7 @@ var NAMES_OF_RECOGNIZED_CLAUSES = ['where', 'limit', 'skip', 'sort', 'select', ' * * @throws {Error} If anything else unexpected occurs. */ -module.exports = function normalizeCriteria(criteria, modelIdentity, orm, meta) { +module.exports = function normalizeCriteria(criteria, modelIdentity, orm) { // Sanity checks. // > These are just some basic, initial usage assertions to help catch @@ -475,7 +471,7 @@ module.exports = function normalizeCriteria(criteria, modelIdentity, orm, meta) // try { - criteria.where = normalizeWhereClause(criteria.where, modelIdentity, orm, meta); + criteria.where = normalizeWhereClause(criteria.where, modelIdentity, orm); } catch (e) { switch (e.code) { @@ -640,7 +636,7 @@ module.exports = function normalizeCriteria(criteria, modelIdentity, orm, meta) // // Validate/normalize `sort` clause. try { - criteria.sort = normalizeSortClause(criteria.sort, modelIdentity, orm, meta); + criteria.sort = normalizeSortClause(criteria.sort, modelIdentity, orm); } catch (e) { switch (e.code) { diff --git a/lib/waterline/utils/query/private/normalize-sort-clause.js b/lib/waterline/utils/query/private/normalize-sort-clause.js index 913a81837..0bdb395be 100644 --- a/lib/waterline/utils/query/private/normalize-sort-clause.js +++ b/lib/waterline/utils/query/private/normalize-sort-clause.js @@ -33,10 +33,6 @@ var isValidAttributeName = require('./is-valid-attribute-name'); * @param {Ref} orm * The Waterline ORM instance. * > Useful for accessing the model definitions. - * - * @param {Dictionary} meta - * The Waterline meta-data for this query - * > Useful for propagating query options to low-level functions * -- * * @returns {Array} @@ -54,12 +50,12 @@ var isValidAttributeName = require('./is-valid-attribute-name'); * @throws {Error} If anything else unexpected occurs. */ -module.exports = function normalizeSortClause(sortClause, modelIdentity, orm, meta) { +module.exports = function normalizeSortClause(sortClause, modelIdentity, orm) { // Look up the Waterline model for this query. // > This is so that we can reference the original model definition. var WLModel = getModel(modelIdentity, orm); - var isUnsafeQuery = meta && meta.unsafe; + // ╔═╗╔═╗╔╦╗╔═╗╔═╗╔╦╗╦╔╗ ╦╦ ╦╔╦╗╦ ╦ // ║ ║ ║║║║╠═╝╠═╣ ║ ║╠╩╗║║ ║ ║ ╚╦╝ // ╚═╝╚═╝╩ ╩╩ ╩ ╩ ╩ ╩╚═╝╩╩═╝╩ ╩ ╩ @@ -305,7 +301,7 @@ module.exports = function normalizeSortClause(sortClause, modelIdentity, orm, me else if (WLModel.hasSchema === false) { // Make sure this is at least a valid name for a Waterline attribute. - if (!isValidAttributeName(sortByKey, isUnsafeQuery)) { + if (!isValidAttributeName(sortByKey)) { throw flaverr('E_SORT_CLAUSE_UNUSABLE', new Error( 'The `sort` clause in the provided criteria is invalid, because, although it '+ 'is an array, one of its items (aka comparator directives) is problematic. '+ diff --git a/lib/waterline/utils/query/private/normalize-where-clause.js b/lib/waterline/utils/query/private/normalize-where-clause.js index 6242692fb..3328bc508 100644 --- a/lib/waterline/utils/query/private/normalize-where-clause.js +++ b/lib/waterline/utils/query/private/normalize-where-clause.js @@ -44,10 +44,6 @@ var PREDICATE_OPERATOR_KINDS = [ * The Waterline ORM instance. * > Useful for accessing the model definitions. * - * @param {Dictionary} meta - * The Waterline meta-data for this query - * > Useful for propagating query options to low-level functions - * * ------------------------------------------------------------------------------------------ * @returns {Dictionary} * The successfully-normalized `where` clause, ready for use in a stage 2 query. @@ -67,7 +63,7 @@ var PREDICATE_OPERATOR_KINDS = [ * * @throws {Error} If anything else unexpected occurs. */ -module.exports = function normalizeWhereClause(whereClause, modelIdentity, orm, meta) { +module.exports = function normalizeWhereClause(whereClause, modelIdentity, orm) { // Look up the Waterline model for this query. // > This is so that we can reference the original model definition. @@ -470,7 +466,7 @@ module.exports = function normalizeWhereClause(whereClause, modelIdentity, orm, // Normalize the constraint itself. // (note that this also checks the key -- i.e. the attr name) try { - branch[soleBranchKey] = normalizeConstraint(branch[soleBranchKey], soleBranchKey, modelIdentity, orm, meta); + branch[soleBranchKey] = normalizeConstraint(branch[soleBranchKey], soleBranchKey, modelIdentity, orm); } catch (e) { switch (e.code) {