-3

Since Express 5.x, the query parser option defaults to 'simple'. This seems to be due to some security issues, see https://github.com/expressjs/express/issues/3361. This caused previous queries to not be parsed correctly. I want to use the lt keyword in Mongoose to filter the ratingsQuantity field in the database. Because the default options of the query parser have changed, ratingsQuantity[lt]=50 cannot be correctly parsed into ratingsQuantity: { lt: '50' }

const express = require("express");

const app = express();

app.listen(3000, "127.0.0.1", () => {
  console.log("listing");
});

app.use("/api/v1/tours", (req, res) => {
  res.json({
    status: "success",
    debug: {
      query: req.query,
    },
  });
});

Use the GET method to 127.0.0.1:3000/api/v1/tours?ratingsQuantity[lt]=50

{
    "status": "success",
    "debug": {
        "query": {
            "ratingsQuantity[lt]": "50"
        }
    }
}

I want to parse ratingsQuantity[lt]=50 as ratingsQuantity: { lt: '50' }. How can I do this safely and conveniently? If I directly use app.set("query parser", "extended") to toggle the option, wouldn't that also lead to the security issue mentioned in the issue?

After using app.set("query parser", "extended")

{
    "status": "success",
    "debug": {
        "query": {
            "ratingsQuantity": {
                "lt": "50"
            }
        }
    }
}
Improve this question
Related questions
8
Node emitters with express
0
How to post and parse data to node express
3
How do I connect a react frontend and express backend?
Load 1 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.