docs: cleanup operators / legal docs

Sushant
Commit f164535f authored May 05, 2018 by Sushant
Showing with 63 additions and 41 deletions
.esdoc.json
docs/hooks.md
docs/imprint.md
docs/legal.md
docs/models-definition.md
docs/querying.md
lib/dialects/abstract/query-generator/helpers/quote.js
--- a/.esdoc.json
+++ b/.esdoc.json
@@ -46,7 +46,7 @@
    ],
    "faq": [
      "./docs/whos-using.md",
-      "./docs/imprint.md"
+      "./docs/legal.md"
    ]
  }
 }
--- a/docs/hooks.md
+++ b/docs/hooks.md
@@ -145,7 +145,6 @@ sequelize.addHook('beforeCreate', () => {

 This hooks is always run before create, regardless of whether the model specifies its own `beforeCreate` hook:

-
 ```js
 const User = sequelize.define('user');
 const Project = sequelize.define('project', {}, {
@@ -162,7 +161,6 @@ Project.create() // Runs its own hook, followed by the global hook

 Local hooks are always run before global hooks.

-
 ### Instance hooks

 The following hooks will emit whenever you're editing a single object

--- a/docs/imprint.md
+++ b/docs/imprint.md
-# Imprint 
-
- Boring legal stuff for the rest of us.
-As there are people who are suing for fun and glory, you can find the respective information about the author of the page right here. Have fun reading ...
-
-## AUTHOR(S)
-
-```
-Main author:
-
-Sascha Depold
-Uhlandstr. 160
-10719 Berlin
-sascha [at] depold [dot] com
-[plus] 49 152 [slash] 03878582
-```
-
-## INHALTLICHE VERANTWORTUNG
-
-```
-Ich übernehme keine Haftung für ausgehende Links. 
-Daher musst du dich bei Problemen an deren Betreiber wenden!
-```
--- a/docs/legal.md
+++ b/docs/legal.md
+# Legal Notice
+
+## License
+
+Sequelize library is distributed with MIT license. You can find original license [here.](https://github.com/sequelize/sequelize/blob/master/LICENSE)
+
+```
+MIT License
+
+Copyright (c) 2014-present Sequelize contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+```
+
+## AUTHOR(S)
+
+```
+Main author:
+
+Sascha Depold
+Uhlandstr. 160
+10719 Berlin
+sascha [at] depold [dot] com
+[plus] 49 152 [slash] 03878582
+
+```
+
+## INHALTLICHE VERANTWORTUNG
+
+```
+Ich übernehme keine Haftung für ausgehende Links.
+Daher musst du dich bei Problemen an deren Betreiber wenden!
+```
--- a/docs/models-definition.md
+++ b/docs/models-definition.md
@@ -49,7 +49,7 @@ const Foo = sequelize.define('foo', {
 // autoIncrement can be used to create auto_incrementing integer columns
 incrementMe: { type: Sequelize.INTEGER, autoIncrement: true },

- // You can specify a custom field name via the 'field' attribute:
+ // You can specify a custom column name via the 'field' attribute:
 fieldWithUnderscores: { type: Sequelize.STRING, field: 'field_with_underscores' },

 // It is possible to create foreign keys:
@@ -269,7 +269,6 @@ Timeline.create({ range: [null, new Date(Date.UTC(2016, 0, 1))] });
 // Infinite range:
 // range = '[-infinity,"2016-01-01 00:00:00+00:00")'
 Timeline.create({ range: [-Infinity, new Date(Date.UTC(2016, 0, 1))] });
-
 ```

 ## Deferrable
@@ -334,7 +333,9 @@ Employee

 ### Defining as part of the model options

-Below is an example of defining the getters and setters in the model options. The `fullName` getter,  is an example of how you can define pseudo properties on your models - attributes which are not actually part of your database schema. In fact, pseudo properties can be defined in two ways: using model getters, or by using a column with the [`VIRTUAL` datatype](/variable/index.html#static-variable-DataTypes). Virtual datatypes can have validations, while getters for virtual attributes cannot.
+Below is an example of defining the getters and setters in the model options.
+
+The `fullName` getter, is an example of how you can define pseudo properties on your models - attributes which are not actually part of your database schema. In fact, pseudo properties can be defined in two ways: using model getters, or by using a column with the [`VIRTUAL` datatype](/variable/index.html#static-variable-DataTypes). Virtual datatypes can have validations, while getters for virtual attributes cannot.

 Note that the `this.firstname` and `this.lastname` references in the `fullName` getter function will trigger a call to the respective getter functions. If you do not want that then use the `getDataValue()` method to access the raw value (see below).

@@ -345,7 +346,7 @@ const Foo = sequelize.define('foo', {
 }, {
  getterMethods: {
    fullName() {
-      return this.firstname + ' ' + this.lastname
+      return this.firstname + ' ' + this.lastname;
    }
  },

@@ -355,7 +356,7 @@ const Foo = sequelize.define('foo', {

      this.setDataValue('firstname', names.slice(0, -1).join(' '));
      this.setDataValue('lastname', names.slice(-1).join(' '));
-    },
+    }
  }
 });
 ```

--- a/docs/querying.md
+++ b/docs/querying.md
@@ -232,7 +232,9 @@ const Op = Sequelize.Op;
 ```

 #### Operators Aliases
-Sequelize allows setting specific strings as aliases for operators -
+
+Sequelize allows setting specific strings as aliases for operators. With v5 this will give you deprecation warning.
+
 ```js
 const Op = Sequelize.Op;
 const operatorsAliases = {
@@ -244,18 +246,11 @@ const connection = new Sequelize(db, user, pass, { operatorsAliases })
 $gt: 6 // same as using Op.gt (> 6)
 ```

-
 #### Operators security
-Using Sequelize without any aliases improves security.
-Some frameworks automatically parse user input into js objects and if you fail to sanitize your input it might be possible to inject an Object with string operators to Sequelize.
-
-Not having any string aliases will make it extremely unlikely that operators could be injected but you should always properly validate and sanitize user input.

-For backward compatibility reasons Sequelize sets the following aliases by default -
-$eq, $ne, $gte, $gt, $lte, $lt, $not, $in, $notIn, $is, $like, $notLike, $iLike, $notILike, $regexp, $notRegexp, $iRegexp, $notIRegexp, $between, $notBetween, $overlap, $contains, $contained, $adjacent, $strictLeft, $strictRight, $noExtendRight, $noExtendLeft, $and, $or, $any, $all, $values, $col
+By default Sequelize will use Symbol operators. Using Sequelize without any aliases improves security. Not having any string aliases will make it extremely unlikely that operators could be injected but you should always properly validate and sanitize user input.

-Currently the following legacy aliases are also set but are planned to be fully removed in the near future -
-ne, not, in, notIn, gte, gt, lte, lt, like, ilike, $ilike, nlike, $notlike, notilike, .., between, !.., notbetween, nbetween, overlap, &&, @>, <@
+Some frameworks automatically parse user input into js objects and if you fail to sanitize your input it might be possible to inject an Object with string operators to Sequelize.

 For better security it is highly advised to use `Sequelize.Op` and not depend on any string alias at all. You can limit alias your application will need by setting `operatorsAliases` option, remember to sanitize user input especially when you are directly passing them to Sequelize methods.


--- a/lib/dialects/abstract/query-generator/helpers/quote.js
+++ b/lib/dialects/abstract/query-generator/helpers/quote.js
@@ -16,6 +16,8 @@ const Utils = require('../../../../utils');
 /**
 * list of reserved words in PostgreSQL 10
 * source: https://www.postgresql.org/docs/10/static/sql-keywords-appendix.html
+ *
+ * @private
 */
 const postgresReservedWords = 'all,analyse,analyze,and,any,array,as,asc,asymmetric,authorization,binary,both,case,cast,check,collate,collation,column,concurrently,constraint,create,cross,current_catalog,current_date,current_role,current_schema,current_time,current_timestamp,current_user,default,deferrable,desc,distinct,do,else,end,except,false,fetch,for,foreign,freeze,from,full,grant,group,having,ilike,in,initially,inner,intersect,into,is,isnull,join,lateral,leading,left,like,limit,localtime,localtimestamp,natural,not,notnull,null,offset,on,only,or,order,outer,overlaps,placing,primary,references,returning,right,select,session_user,similar,some,symmetric,table,tablesample,then,to,trailing,true,union,unique,user,using,variadic,verbose,when,where,window,with'.split(',');