Skip to content

public / sequelize

Go to a project

不要怂,就是干,撸起袖子干!

Commit f164535f by Sushant
Options

docs: cleanup operators / legal docs

1 parent a71a019f
Inline Side-by-side
Showing with 68 additions and 46 deletions
.esdoc.json
......@@ -46,7 +46,7 @@
],
"faq": [
"./docs/whos-using.md",
"./docs/imprint.md"
"./docs/legal.md"
]
}
}
docs/hooks.md
......@@ -113,7 +113,7 @@ const sequelize = new Sequelize(..., {
define: {
hooks: {
beforeCreate: () => {
// Do stuff
// Do stuff
}
}
}
......@@ -145,7 +145,6 @@ sequelize.addHook('beforeCreate', () => {
This hooks is always run before create, regardless of whether the model specifies its own `beforeCreate` hook:
```js
const User = sequelize.define('user');
const Project = sequelize.define('project', {}, {
......@@ -162,7 +161,6 @@ Project.create() // Runs its own hook, followed by the global hook
Local hooks are always run before global hooks.
### Instance hooks
The following hooks will emit whenever you're editing a single object
......
docs/imprint.md deleted 100644 → 0
# Imprint
- Boring legal stuff for the rest of us.
As there are people who are suing for fun and glory, you can find the respective information about the author of the page right here. Have fun reading ...
## AUTHOR(S)
```
Main author:
Sascha Depold
Uhlandstr. 160
10719 Berlin
sascha [at] depold [dot] com
[plus] 49 152 [slash] 03878582
```
## INHALTLICHE VERANTWORTUNG
```
Ich übernehme keine Haftung für ausgehende Links.
Daher musst du dich bei Problemen an deren Betreiber wenden!
```
docs/legal.md 0 → 100644
# Legal Notice
## License
Sequelize library is distributed with MIT license. You can find original license [here.](https://github.com/sequelize/sequelize/blob/master/LICENSE)
```
MIT License
Copyright (c) 2014-present Sequelize contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
```
## AUTHOR(S)
```
Main author:
Sascha Depold
Uhlandstr. 160
10719 Berlin
sascha [at] depold [dot] com
[plus] 49 152 [slash] 03878582
```
## INHALTLICHE VERANTWORTUNG
```
Ich übernehme keine Haftung für ausgehende Links.
Daher musst du dich bei Problemen an deren Betreiber wenden!
```
docs/models-definition.md
......@@ -49,7 +49,7 @@ const Foo = sequelize.define('foo', {
// autoIncrement can be used to create auto_incrementing integer columns
incrementMe: { type: Sequelize.INTEGER, autoIncrement: true },
// You can specify a custom field name via the 'field' attribute:
// You can specify a custom column name via the 'field' attribute:
fieldWithUnderscores: { type: Sequelize.STRING, field: 'field_with_underscores' },
// It is possible to create foreign keys:
......@@ -193,7 +193,7 @@ Usage in object notation:
// for enums:
sequelize.define('model', {
states: {
type: Sequelize.ENUM,
type: Sequelize.ENUM,
values: ['active', 'pending', 'deleted']
}
})
......@@ -269,7 +269,6 @@ Timeline.create({ range: [null, new Date(Date.UTC(2016, 0, 1))] });
// Infinite range:
// range = '[-infinity,"2016-01-01 00:00:00+00:00")'
Timeline.create({ range: [-Infinity, new Date(Date.UTC(2016, 0, 1))] });
```
## Deferrable
......@@ -334,7 +333,9 @@ Employee
### Defining as part of the model options
Below is an example of defining the getters and setters in the model options. The `fullName` getter, is an example of how you can define pseudo properties on your models - attributes which are not actually part of your database schema. In fact, pseudo properties can be defined in two ways: using model getters, or by using a column with the [`VIRTUAL` datatype](/variable/index.html#static-variable-DataTypes). Virtual datatypes can have validations, while getters for virtual attributes cannot.
Below is an example of defining the getters and setters in the model options.
The `fullName` getter, is an example of how you can define pseudo properties on your models - attributes which are not actually part of your database schema. In fact, pseudo properties can be defined in two ways: using model getters, or by using a column with the [`VIRTUAL` datatype](/variable/index.html#static-variable-DataTypes). Virtual datatypes can have validations, while getters for virtual attributes cannot.
Note that the `this.firstname` and `this.lastname` references in the `fullName` getter function will trigger a call to the respective getter functions. If you do not want that then use the `getDataValue()` method to access the raw value (see below).
......@@ -345,7 +346,7 @@ const Foo = sequelize.define('foo', {
}, {
getterMethods: {
fullName() {
return this.firstname + ' ' + this.lastname
return this.firstname + ' ' + this.lastname;
}
},
......@@ -355,7 +356,7 @@ const Foo = sequelize.define('foo', {
this.setDataValue('firstname', names.slice(0, -1).join(' '));
this.setDataValue('lastname', names.slice(-1).join(' '));
},
}
}
});
```
......
docs/querying.md
......@@ -232,7 +232,9 @@ const Op = Sequelize.Op;
```
#### Operators Aliases
Sequelize allows setting specific strings as aliases for operators -
Sequelize allows setting specific strings as aliases for operators. With v5 this will give you deprecation warning.
```js
const Op = Sequelize.Op;
const operatorsAliases = {
......@@ -244,18 +246,11 @@ const connection = new Sequelize(db, user, pass, { operatorsAliases })
$gt: 6 // same as using Op.gt (> 6)
```
#### Operators security
Using Sequelize without any aliases improves security.
Some frameworks automatically parse user input into js objects and if you fail to sanitize your input it might be possible to inject an Object with string operators to Sequelize.
Not having any string aliases will make it extremely unlikely that operators could be injected but you should always properly validate and sanitize user input.
For backward compatibility reasons Sequelize sets the following aliases by default -
$eq, $ne, $gte, $gt, $lte, $lt, $not, $in, $notIn, $is, $like, $notLike, $iLike, $notILike, $regexp, $notRegexp, $iRegexp, $notIRegexp, $between, $notBetween, $overlap, $contains, $contained, $adjacent, $strictLeft, $strictRight, $noExtendRight, $noExtendLeft, $and, $or, $any, $all, $values, $col
By default Sequelize will use Symbol operators. Using Sequelize without any aliases improves security. Not having any string aliases will make it extremely unlikely that operators could be injected but you should always properly validate and sanitize user input.
Currently the following legacy aliases are also set but are planned to be fully removed in the near future -
ne, not, in, notIn, gte, gt, lte, lt, like, ilike, $ilike, nlike, $notlike, notilike, .., between, !.., notbetween, nbetween, overlap, &&, @>, <@
Some frameworks automatically parse user input into js objects and if you fail to sanitize your input it might be possible to inject an Object with string operators to Sequelize.
For better security it is highly advised to use `Sequelize.Op` and not depend on any string alias at all. You can limit alias your application will need by setting `operatorsAliases` option, remember to sanitize user input especially when you are directly passing them to Sequelize methods.
......@@ -316,7 +311,7 @@ const connection = new Sequelize(db, user, pass, { operatorsAliases });
### JSON
The JSON data type is supported by the PostgreSQL, SQLite and MySQL dialects only.
The JSON data type is supported by the PostgreSQL, SQLite and MySQL dialects only.
#### PostgreSQL
......@@ -324,7 +319,7 @@ The JSON data type in PostgreSQL stores the value as plain text, as opposed to b
#### MSSQL
MSSQL does not have a JSON data type, however it does provide support for JSON stored as strings through certain functions since SQL Server 2016. Using these functions, you will be able to query the JSON stored in the string, but any returned values will need to be parsed seperately.
MSSQL does not have a JSON data type, however it does provide support for JSON stored as strings through certain functions since SQL Server 2016. Using these functions, you will be able to query the JSON stored in the string, but any returned values will need to be parsed seperately.
```js
// ISJSON - to test if a string contains valid JSON
......@@ -471,7 +466,7 @@ Subtask.findAll({
## Table Hint
`tableHint` can be used to optionally pass a table hint when using mssql. The hint must be a value from `Sequelize.TableHints` and should only be used when absolutely necessary. Only a single table hint is currently supported per query.
`tableHint` can be used to optionally pass a table hint when using mssql. The hint must be a value from `Sequelize.TableHints` and should only be used when absolutely necessary. Only a single table hint is currently supported per query.
Table hints override the default behavior of mssql query optimizer by specifing certain options. They only affect the table or view referenced in that clause.
......
lib/dialects/abstract/query-generator/helpers/quote.js
......@@ -16,6 +16,8 @@ const Utils = require('../../../../utils');
/**
* list of reserved words in PostgreSQL 10
* source: https://www.postgresql.org/docs/10/static/sql-keywords-appendix.html
*
* @private
*/
const postgresReservedWords = 'all,analyse,analyze,and,any,array,as,asc,asymmetric,authorization,binary,both,case,cast,check,collate,collation,column,concurrently,constraint,create,cross,current_catalog,current_date,current_role,current_schema,current_time,current_timestamp,current_user,default,deferrable,desc,distinct,do,else,end,except,false,fetch,for,foreign,freeze,from,full,grant,group,having,ilike,in,initially,inner,intersect,into,is,isnull,join,lateral,leading,left,like,limit,localtime,localtimestamp,natural,not,notnull,null,offset,on,only,or,order,outer,overlaps,placing,primary,references,returning,right,select,session_user,similar,some,symmetric,table,tablesample,then,to,trailing,true,union,unique,user,using,variadic,verbose,when,where,window,with'.split(',');
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!