balderdashy / sails

Realtime MVC Framework for Node.js
https://sailsjs.com
MIT License
22.84k stars 1.95k forks source link

Waterline/sails 1.x does not allow anymore an attribute name like 'class' #7192

Open benoitbzl opened 2 years ago

benoitbzl commented 2 years ago

With sails version 0.12, it was possible to create records (mongo adapter) with waterline that contained javascript reserved keywords like 'class'. This is not the case anymore with sails 1.x (at least 1.4+). It reports the error:

{ UsageError: Invalid new record. Details: Could not use specified class. This is not a valid name for an attribute. .... }

See code at https://github.com/balderdashy/waterline/blob/98e4b7cf2f16611c56a2542ddb2b92a56928ad94/lib/waterline/utils/query/private/is-valid-attribute-name.js#L12

This is an issue for upgrading our existing application to sails 1.5. What are the reasons to forbid javascript reserved keywords for database attributes? As a workaround, I will have to use directly the mongo driver to create the record.

Node version: 10.x Sails version (sails): 1.5 ORM hook version (sails-hook-orm): Sockets hook version (sails-hook-sockets): Organics hook version (sails-hook-organics): Grunt hook version (sails-hook-grunt): Uploads hook version (sails-hook-uploads): DB adapter & version (e.g. sails-mysql@5.55.5): Skipper adapter & version (e.g. skipper-s3@5.55.5):


sailsbot commented 2 years ago

@benoitbzl Thanks for posting! We'll take a look as soon as possible.

In the mean time, there are a few ways you can help speed things along:

Please remember: never post in a public forum if you believe you've found a genuine security vulnerability. Instead, disclose it responsibly.

For help with questions about Sails, click here.

eashaw commented 2 years ago

Hi @benoitbzl, This restriction was added as a potential safeguard from confusion and prototype attacks.

benoitbzl commented 2 years ago

Hello @eashaw. Thanks for the answer. Could there be a per model option that would disable this restriction? This may ease in some cases the use of sails 1.x with existing database collection.

eashaw commented 2 years ago

@benoitbzl Thank you for the constructive feedback. Unfortunately, we can’t take on the maintenance of that at this time.

cincodenada commented 2 years ago

Hello @benoitbzl, I'm not sure if this is helpful or not, but can you use the columnName option in the attribute definition to avoid having to change the existing database? You should be able to use class as the internal column name while using something else that isn't a reserved keyword as the attribute name.

You'd still have to change anywhere that references that attribute in code, but it seems better than using the mongo driver directly.

benoitbzl commented 2 years ago

Hello @cincodenada . Yes indeed it would have ease the transition, I just forgot about this possible option. This may help other users who will have to deal with such a case. Thanks.

eashaw commented 2 years ago

Thank you @cincodenada!