Open Rua-Yuki opened 4 years ago
@Rua-Yuki Thanks for posting! We'll take a look as soon as possible.
In the mean time, there are a few ways you can help speed things along:
Please remember: never post in a public forum if you believe you've found a genuine security vulnerability. Instead, disclose it responsibly.
For help with questions about Sails, click here.
(The following is mostly snipped from Rua-Yuki/waterline-mongo-objectid-comparison-funk, for posterity's sake)
Regarding one use case which this issue prevents, we are left unable to page based on document IDs or use said IDs as tie-breakers when paging on fields that may not be unique.
Given the following model:
/**
* @file Post.js
*/
module.exports = {
attributes: {
content: {
type: 'string',
required: true,
maxLength: 280,
minLength: 1,
},
},
};
And a dataset like so:
_id | content | createdAt | updatedAt |
---|---|---|---|
ObjectId("5e9a49923a48025cccdaee43") |
Hello World! | 1587169682656 | 1587169682656 |
ObjectId("5e9a49923a48025cccdaee44") |
Testing 123. | 1587169682656 | 1587169682656 |
ObjectId("5e9a49923a48025cccdaee45") |
Testing 456. | 1587169682656 | 1587169682656 |
ObjectId("5e9a49923a48025cccdaee46") |
Testing 789. | 1587169682656 | 1587169682656 |
The following query will not return results as expected:
// Try and find the next item after our input.
Post.find({
id: {
'>': '5e9a49923a48025cccdaee43',
},
}).sort('id ASC').limit(1).then((res) => {
// Logs "Found []"
sails.log.debug('Found', res);
});
The expected result of this query is to return the item directly after our input ID, if any:
[{
id: '5e9a49923a48025cccdaee44',
createdAt: 1587169682656,
updatedAt: 1587169682656,
content: 'Testing 123.'
}]
We instead receive only an empty array, regardless of whether a match exists or not:
[]
Node version: v8.17.0 Sails version (sails): 1.2.3 ORM hook version (sails-hook-orm): 2.1.1 DB adapter & version: sails-mongo@1.1.0
No additional top-level dependencies present. Confirmed with merely
sails
,sails-hook-orm
andsails-mongo
.There appears to be an issue where the
sails-mongo
Waterline adapter fails to transform input query filter values to MongoObjectId
instances where appropriate, instead leaving such values as simple strings.This occurs in cases where the target field appears to be an appropriate candidate (a primary key) for normalisation to
ObjectId
and only affects the following operators:<
<=
>
>=
For instance, the following Waterline query:
Will ultimately issue this to MongoDB:
Rather than the expected query of:
This results in an inability to perform a number of useful queries against PK fields (such as paging on document IDs) and feels inconsistent with the behaviour of the other Waterline query operators supported by
sails-mongo
, as well as other adapters.I've built a mostly minimal test case at Rua-Yuki/waterline-mongo-objectid-comparison-funk, which also contains more information about this issue.
A quick fix exists in the fpm-git/sails-mongo fork.