search

wheresvic / mongoose-field-encryption

A simple symmetric encryption plugin for individual fields. Dependency free, only mongoose peer dependency.
MIT License
74 stars 32 forks source link

Mongoose 7.X support #101

Closed Harm-Nullix closed 1 year ago

Harm-Nullix commented 1 year ago

Just updated to mongoose@7.3.0

Model:

import { fieldEncryption } from 'mongoose-field-encryption'

export interface User {
    name: string
    email: string
    address: string
    settings: any
}

const UserSchema: mongoose.Schema = new mongoose.Schema({
    name: { type: String, required: true },
    email: { type: String },
    address:  {type: String},
    settings: {type: Mixed, default:() => ({})}
})
userSchema.plugin(fieldEncryption, {
      ['email', 'address', 'settings'],
      secret: 'MyVery$3cretKey',
      saltGenerator: (_secret: string) => _secret + '-' + crypto.randomBytes(16),
})

export default mongoose.model<User>('User', UserSchema);

Executed code

  const settings = Object.assign({}, {color: 'red'}, user.settings)
  await UserModel.updateOne({ email: user.email }, { settings })

Error:

[DEV_SERVER] Error: Wed Jun 21 2023 15:24:58 GMT+0200 (Central European Summer Time)  Caught Unhandled Error :: TypeError: this.update is not a function
[DEV_SERVER]     at model.Query.updateHook (/my-awesome-machine/../node_modules/mongoose-field-encryption/lib/mongoose-field-encryption.js:199:14)
[DEV_SERVER]     at callMiddlewareFunction (/my-awesome-machine/../node_modules/kareem/index.js:628:27)
[DEV_SERVER]     at next (/my-awesome-machine/../node_modules/kareem/index.js:93:7)
[DEV_SERVER]     at Kareem.execPre (/my-awesome-machine/../node_modules/kareem/index.js:122:8)
[DEV_SERVER]     at /my-awesome-machine/../node_modules/mongoose/lib/query.js:4479:28
[DEV_SERVER]     at new Promise (<anonymous>)
[DEV_SERVER]     at _executePreHooks (/my-awesome-machine/../node_modules/mongoose/lib/query.js:4478:10)
[DEV_SERVER]     at model.Query.exec (/my-awesome-machine/../node_modules/mongoose/lib/query.js:4403:11)
[DEV_SERVER]     at processTicksAndRejections (node:internal/process/task_queues:95:5)
[DEV_SERVER]     at async file:///my-awesome-machine/../my-executed-line-of-code.ts:777:7

Working:

    "mongoose": "6.11.2",
    "mongoose-field-encryption": "6.1.0",

Not working:

    "mongoose": "7.3.0",
    "mongoose-field-encryption": "6.1.0",

Must be related to https://mongoosejs.com/docs/migrating_to_7.html#removed-update

Harm-Nullix commented 1 year ago

I'm not familliar with this package or the hook executed at line 199 but it feels like this.update should be updated to this.updateOne

Harm-Nullix commented 1 year ago

Opened a PR (#102) of what I think is the easiest fix for this.

nevenhsu commented 1 year ago

Before the PR is merged, I manage to bypass the bug by following example.

  const temp = new Model({ pwd })
  temp.encryptFieldsSync()
  const $set = { pwd: encrypted, __enc_pwd: true }
  await Model.findOneAndUpdate({ id }, { $set }).exec()