Meteor Community Logo

Meteor Community

Packosphere

undefined's Avatar

chatra:safe-update

v3.0.0Published 7 months ago

chatra:safe-update

Version License

Make Meteor’s collection.update/collection.updateAsync safer by preventing unintended updates and enforcing best practices.

Table of Contents

Introduction

The chatra:safe-update package enhances the safety of MongoDB update operations in Meteor applications by:

  • Preventing updates with empty selectors unless explicitly allowed.
  • Ensuring that updates use modifier operators (e.g., $set, $inc) unless the replace option is specified.
  • Providing configuration options to include or exclude specific collections.

Installation

meteor add chatra:safe-update

Compatibility

  • Meteor Version 3 and Above: Fully compatible, using the new asynchronous Meteor collections’ methods.
  • Meteor Version 2: Maintains compatibility with synchronous methods.

Usage

Prevent Empty Selector Updates

By default, the package throws an error if you attempt to perform an update with an empty selector:

1// Throws an error
2MyCollection.update({}, { $set: { field: 'value' } });

To allow updates with an empty selector, pass allowEmptySelector: true in the options:

1// Allowed
2MyCollection.update({}, { $set: { field: 'value' } }, { allowEmptySelector: true });

Enforce Modifier Operators

The package ensures that you use modifier operators (e.g., $set, $inc) in your updates:

1// Throws an error
2MyCollection.update({ _id: 'docId' }, { field: 'value' });

To replace a document entirely, pass replace: true in the options:

1// Allowed
2MyCollection.update({ _id: 'docId' }, { field: 'value' }, { replace: true });

Configuration

To configure the package behavior, use the setSafeUpdateConfig function provided by the package:

1import { setSafeUpdateConfig } from 'meteor/chatra:safe-update';
2
3setSafeUpdateConfig({
4  except: ['logs'], // Collections to exclude from safety checks
5  only: ['users', 'posts'], // Only apply safety checks to these collections
6});
  • except: An array of collection names to exclude from the safety checks.
  • only: An array of collection names to include in the safety checks (all others are excluded).

Examples

1import { Mongo } from 'meteor/mongo';
2
3const Messages = new Mongo.Collection('messages');
4
5// Safe update with modifier
6Messages.update({ _id: 'msgId' }, { $set: { text: 'Updated message' } });
7await Messages.updateAsync({ _id: 'msgId' }, { $set: { text: 'Updated message' } });
8
9// Unsafe update without modifier (throws error)
10Messages.update({ _id: 'msgId' }, { text: 'Updated message' }); // Throws error
11await Messages.updateAsync({ _id: 'msgId' }, { text: 'Updated message' }); // Throws error
12
13// Replacing document with replace option
14Messages.update({ _id: 'msgId' }, { text: 'Updated message' }, { replace: true });
15await Messages.updateAsync({ _id: 'msgId' }, { text: 'Updated message' }, { replace: true });

Tests

The package includes a comprehensive test suite. To run the tests:

meteor test-packages ./

License

This package is licensed under the MIT License.