使用 NodeJS 评估 MongoDB 查询
我有一个 MongoDB 查询接口,我正在通过 HTTP 请求从浏览器向 NodeJS 发送查询.查询以字符串形式发送,可以是这样的:
I have a querying interface for MongoDB and am sending queries from a browser to NodeJS through a HTTP request. The query is is sent as a string and can be something like this:
var query = '{_id: ObjectId(\'536b07935c89be214c000009\'), "date": ISODate("2012-12-19T06:01:17.171Z"), mail: /test/i}'
我的问题是,如何安全地评估此字符串以将其发送到 MongoDB NodeJS 客户端?
My question, how can I safely evaluate this string in order to send it to the MongoDB NodeJS client?
eval 不是一个选项(在 MongoDB 和 NodeJS 上),因为它是面向消费者的应用程序的一部分.
eval is not an option (both on MongoDB and NodeJS) as this is part of a consumer faced application.
对于通过 HTTP 传递查询并在服务器上正确执行它们的其他安全解决方案,我持开放态度.
I'm open to other safe solutions for passing a query through HTTP and properly execute them on the server.
您提供的字符串是一个 mongodb shell 查询.该字符串包含 mongodb shell 特定的数据类型,因此只能在 mongodb shell 内使用.您无法在不同的 (javascript) 环境中解析或评估这些查询,因为它们不是有效的 JSON.因此,由于特定的数据类型,eval 或 JSON.parse 甚至不起作用.
The string you are presenting is a mongodb shell query.
This string contains mongodb shell specific datatypes, and as such is only usable inside the mongodb shell.
You can not parse or evaluate these queries in a different (javascript) enviroment, because they are not valid JSON. Hence, eval, or JSON.parse wouldn't even work, because of the specific datatypes.
如果您想序列化 mongodb 查询以在不同环境中使用,您可以使用 MongoDB Extended JSON.
If you want to serialize mongodb queries for usage in different enviroments, you could use MongoDB Extended JSON.
https://docs.mongodb.org/v3.0/reference/mongodb-extended-json/
这是可以包含 mongodb 数据类型的标准 JSON.您的查询需要在 MongoDB 扩展 JSON 中进行.
This is standard JSON which can contain mongodb datatypes. Your query would like this in MongoDB extended JSON.
{
"_id": {
"$oid": "536b07935c89be214c000009"
},
"date": {
"$date": "2012-12-19T06:01:17.171Z"
},
"mail": {
"$regex": "test",
"$options": "i"
}
}
如果您想解析或评估这样的字符串以将其传递给 node.js mongodb 驱动程序,则需要使用库将其反序列化为适当的 Node.js MongoDB 驱动程序对象.
If you want to parse or evaluate a string like this to pass it along to the node.js mongodb driver, you would need to use a library to deserialize this to a proper Node.js MongoDB Driver object.
你可以使用这个库来做到这一点:
https://www.npmjs.com/package/mongodb-extended-json
You could use this library to do that:
https://www.npmjs.com/package/mongodb-extended-json
您还可以在浏览器中使用此库来构建查询.或者您可以手动构建 mongodb 查询.
You can also use this library in your browser to build the queries. Or you could build the mongodb queries by hand.
我不知道允许您将 mongodb shell 查询自动转换为 MongoDB 扩展 JSON 的插件/npm 包.您可以尝试通过实现您自己的一些类型( ISODate, ObjectId )来自动转换它们.但是,您永远不会在 mongodb shell 和 mongodb nodejs 驱动程序之间完全兼容,许多方法具有不同的签名和返回类型,游标的工作方式不同等...
I'm not aware of plugin / npm package that would allow you to convert mongodb shell queries to MongoDB Extended JSON automatically. You could try to convert them automatically by implementing some of the types your self ( ISODate, ObjectId ). However you will never have a full compatibility between the mongodb shell and the mongodb nodejs driver, many methods have different signatures and return types, cursors work differently, etc...
还有这个项目,它是官方支持的 mongodb nodejs 驱动程序的替代品,如果您真的很重视它,它会尝试更多地模仿 shell,但它不会帮助您进行特定的查询,您仍然会需要转换它.
https://docs.mongodb.org/ecosystem/drivers/node-js/一个>
There also is this project, an alternative to the officially supported mongodb nodejs driver, which tries to mimic the shell a bit more if you really value that, but it won't help you with your specific query, you'll still need to convert it.
https://docs.mongodb.org/ecosystem/drivers/node-js/