10. In MongoDB < 2.4, it is possible to perform all operations
on a database from an injection (including dropDatabase).
11. VALIDATE WHAT GETS INSIDE
YOUR APPLICATION
hapi
on a route, use config.validate
express
add a data validation middleware
It can be a custom one
It can use a third party library
See tutorial online
12. </> EXPRESS: CUSTOM DATA VALIDATION MIDDLEWARE
app.post('/documents/find', validate, (req, res) => ...);
const validate = function (req, res, next) {
const body = req.body;
if (body.desiredType && !(typeof body.desiredType==='string')){
return next(new Error('title must be a string'));
}
next();
};
1
2
3
4
5
6
7
13. </> EXPRESS: USING JOI AND CELEBRATE TO VALIDATE DATA
app.post('/documents/find', validate, (req, res) => ...);
const validate = Celebrate({
body: Joi.object.keys({
desiredType: Joi.string().optional()
})
});
1
2
3
4
5
14. THANKS FOR YOUR ATTENTION !
Contact me at
vladimir@sqreen.io