Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: hide password of mongo url #32

Merged
merged 9 commits into from
May 4, 2019
Merged

fix: hide password of mongo url #32

merged 9 commits into from
May 4, 2019

Conversation

trylovetom
Copy link
Collaborator

@trylovetom trylovetom commented Mar 26, 2019
edited
Loading

Checklist
  • npm test passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
Description of change

/package.json: add url mask (https://github.com/tanzim/url-mask)
/lib/mongoose.js: setup url mask with logger

@trylovetom trylovetom changed the title Enhance hide mongo url password Enhance: Hide Password Of Mongo URL Mar 26, 2019
@trylovetom trylovetom requested a review from atian25 March 26, 2019 13:29
@codecov
Copy link

codecov bot commented Mar 26, 2019
edited
Loading

Codecov Report

Merging #32 into master will not change coverage.
The diff coverage is 100%.

Impacted file tree graph

@@          Coverage Diff          @@
##           master    #32   +/-   ##
=====================================
  Coverage     100%   100%           
=====================================
  Files           5      6    +1     
  Lines          46     60   +14     
=====================================
+ Hits           46     60   +14
Impacted Files Coverage Δ
lib/filterURLPassword.js 100% <100%> (ø)
lib/mongoose.js 100% <100%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0c15d08...598662c. Read the comment docs.

@trylovetom
Copy link
Collaborator Author

trylovetom commented Mar 26, 2019
edited
Loading

@atian25 Snyk blocks this PR, I think url-mask has vulnerable dependency
But I am not in the organisation of synk. I can't see any message about this.

螢幕快照 2019-03-26 下午9 36 20

@trylovetom trylovetom mentioned this pull request Mar 26, 2019
Closed
@trylovetom trylovetom changed the title Enhance: Hide Password Of Mongo URL enhance: hide password of mongo url Mar 26, 2019
atian25
atian25 requested changes Mar 27, 2019
View reviewed changes
lib/mongoose.js Outdated Show resolved Hide resolved
lib/mongoose.js Outdated Show resolved Hide resolved
lib/mongoose.js Outdated Show resolved Hide resolved
lib/mongoose.js Outdated Show resolved Hide resolved
package.json Outdated Show resolved Hide resolved
@atian25 atian25 changed the title enhance: hide password of mongo url fix: hide password of mongo url Mar 27, 2019
@atian25
Copy link
Member

atian25 commented Mar 27, 2019

@atian25 Snyk blocks this PR, I think url-mask has vulnerable dependency
But I am not in the organisation of synk. I can't see any message about this.

yes, it use lodash-merge

image

maybe we do not use this lib, but write it ourself. just using url.parse then remove auth then url.format

@trylovetom trylovetom added the 🚧 wip Work In Progress label Mar 27, 2019
@trylovetom
Add New Feature filterURLPassword
ecf08dc 
/lib/filterURLPassword.js add new .js file
/lib/mongoose.js replace the url-mask to filterURLPassword
/test/mongoose.test.js add testing
@trylovetom
Lint Code
5c08fc7
@trylovetom trylovetom force-pushed the enhance-hide-mongo-url-password branch from b9b91ce to 5c08fc7 Compare March 30, 2019 13:42
@trylovetom trylovetom requested a review from atian25 March 30, 2019 13:54
atian25
atian25 approved these changes Mar 30, 2019
View reviewed changes
lib/filterURLPassword.js Outdated Show resolved Hide resolved
atian25
atian25 approved these changes Mar 30, 2019
View reviewed changes
lib/filterURLPassword.js Show resolved Hide resolved
@trylovetom trylovetom added 🚧 wip Work In Progress and removed 🚧 wip Work In Progress labels Mar 31, 2019
@trylovetom trylovetom requested a review from atian25 May 2, 2019 07:46
@trylovetom trylovetom removed the 🚧 wip Work In Progress label May 2, 2019
@trylovetom trylovetom merged commit 441b6fc into master May 4, 2019
@trylovetom trylovetom deleted the enhance-hide-mongo-url-password branch May 4, 2019 15:53
@atian25
Copy link
Member

atian25 commented May 5, 2019

3.1.2

@atian25
Copy link
Member

atian25 commented May 5, 2019

@dead-horse @fengmk2 我没权限发,给个 npm 权限我下。

$ npm owner add atian25 egg-mongoose

@atian25
Copy link
Member

atian25 commented May 5, 2019

done @trylovetom

@atian25
Copy link
Member

atian25 commented May 5, 2019
edited
Loading

@trylovetom I had rollback this version due to eggjs/egg#3675

the full mongoose connection string format is : https://docs.mongodb.com/manual/reference/connection-string/

and the url parser is so complex: https://github.com/mongodb-js/mongodb-core/blob/70a7d947bc1f8568c347d882914cc335fe68ab81/lib/uri_parser.js#L487

so maybe we should use the old way - string replace. sorry for your time.

@atian25 atian25 mentioned this pull request May 5, 2019
Merged
4 tasks
fengmk2 pushed a commit that referenced this pull request Aug 12, 2023
@semantic-release-bot
Release 1.0.0
b3c6ffc 
[skip ci]

## 1.0.0 (2023-08-12)

### ⚠ BREAKING CHANGES

* Drop Node.js < 14 and egg < 3 support

### Features

* [BREAKING_CHANGE] add unregular model judgement ([#7](#7)) ([ffde348](ffde348))
* bump mongoose version to 5.0 ([#20](#20)) ([a3405d6](a3405d6))
* first implement ([#2](#2)) ([45419ad](45419ad))
* support mongoose global plugin ([#35](#35)) ([1f450fb](1f450fb))
* support multi client ([#15](#15)) ([22d134b](22d134b))
* support plugins for special clients ([#41](#41)) ([67f8f1f](67f8f1f))
* update mongoose's version to be compatable with typescript schemas (Nodejs >=14.x), with Egg>=3.x ([#54](#54)) ([c87f19d](c87f19d))

### Bug Fixes

* doc typo. ([#40](#40)) ([8ef2ebc](8ef2ebc))
* fix __mongoose refer ([#16](#16)) ([b281b15](b281b15))
* hide password of mongo url ([#32](#32)) ([441b6fc](441b6fc))
* remove heartbeat ([#4](#4)) ([343cc78](343cc78))
* replace auth with string replace ([#34](#34)) ([5b9f8ba](5b9f8ba))
* shall re-throw errors on first connect ([#18](#18)) ([dde9037](dde9037))
* **typescript:** types of mongoose should be dependencies ([#24](#24)) ([de7e54e](de7e54e))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@atian25 atian25 Awaiting requested review from atian25

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@trylovetom @atian25