Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exclude fields using config #28

Open
jonathon-m opened this issue Jun 7, 2021 · 4 comments
Open

Exclude fields using config #28

jonathon-m opened this issue Jun 7, 2021 · 4 comments

Comments

@jonathon-m
Copy link

Hey,

I'd like to be able to mark fields for exclusion from the generated schema.
Some of my models have sensitive data which is not sent to end users via my API. Adding excludeFromJSONSchema: true or something similar in my model definitions would cover this use case 👍

If you can provide a hint about how you'd want this implemented I'm happy to make a pull request.

Cheers!
@jonathon-m jonathon-m mentioned this issue Jun 8, 2021
Open
@DScheglov
Copy link
Owner

Hey, @jonathon-m

Interesting idea. But I suggest don't do it in so direct way.
The first reason is that your api can have a several consumers some of them could have an access to the sensitive data.

The Library allows to build schema for each single query:

See examples:

In many cases it is more correct approach to generate a schema.

The second reason is that "to exclude from the JSONSchema" is an effect, but is not a cause. So it is more correct approach to mark sensitive fields with something like: private: true.

So, what do you think?

@jonathon-m
Copy link
Author

Hey @DScheglov thanks for the response 😄
The query schema builder doesn't work for my use case, unfortunately. I'm using the library to generate OpenAPI documentation and the relevant queries are only available at runtime.

I agree with your approach of private: true over an explicit exclude field. Would it make sense to have a a config option to toggle the behavior of excluding private fields (similar to the populate parameter to jsonSchema())?

@DScheglov
Copy link
Owner

@jonathon-m

I'm going to add required functionality with some "post-processing" utilities.

const { Schema } = require('mongoose-schema-jsonschema')(require('mongoose'));
const { postProcess } = require('mongoose-schema-jsonschema/post-process');

const BookSchema = new Schema({
  title: { type: String, required: true }, 
  year: Number,
  author: { type: Schema.Types.ObjectId, required: true, ref: 'Person' },
});

const jsonSchema = postProcess(BookSchema.jsonSchema())
  .exclude('title', 'author')
  .select('year')
  .map((path, schema) => replaceSchema(path, schema))
  .done();

// also will be available the curried api:
// see: https://babeljs.io/docs/en/babel-plugin-proposal-pipeline-operator

const { select, exclude, map } = require('mongoose-schema-jsonschema/post-process');

const jsonSchema2 = BookSchema.jsonSchema()
  |> exclude('title', 'author')
  |> select('year')
  |> map((path, schema) => replaceSchema(path, schema));

Have any thoughts around that?

@jonathon-m
Copy link
Author

This is perfect.
To add more context, I'm building a plugin for serverless that builds documentation from mongoose schemas & api templates. A post processor will add heaps of useful flexibility!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DScheglov @jonathon-m