Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add $field operator to compare fields #23

Merged
merged 5 commits into from
Aug 27, 2024
Merged

Add $field operator to compare fields #23

merged 5 commits into from
Aug 27, 2024

Conversation

erikdubbelboer
Copy link
Member

@erikdubbelboer erikdubbelboer commented Aug 9, 2024
edited
Loading

Currently you can only compare fields to constants. This new operator allows you to compare fields with fields.

For example playerCount < maxPlayers

This is an exception to the mongodb syntax as mongodb doesn't support this without $expr which we don't support because it's not JSON compatible.

@erikdubbelboer
Add $field operator to compare fields
9915e3e 
Currently you can only compare fields to constants. This new operator
allows you to compare fields with fields.

For example playerCount < maxPlayers

This is an exception to the mongodb syntax as mongodb doesn't support
this.
ErikSom
ErikSom approved these changes Aug 9, 2024
View reviewed changes
integration/setup_test.go Outdated Show resolved Hide resolved
koenbollen
koenbollen reviewed Aug 9, 2024
View reviewed changes
Copy link
Collaborator

@koenbollen koenbollen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Some comments tho.

Security concern: Does this allow a client to probe a field you don't what them to? (e.g. creating a lobby with name "A" and comparing lobby name to password or something)

We haven't thought at all about access management in this library, maybe we could introduce an option to specify fields allowed. Or fields disallowed. (this would be for a different PR ofc).

README.md Show resolved Hide resolved
integration/postgres_test.go Show resolved Hide resolved
filter/converter.go Outdated Show resolved Hide resolved
@erikdubbelboer
Copy link
Member Author

These changes don't add any new security issues. The main security issue is tracked here: #24

koenbollen
koenbollen previously approved these changes Aug 25, 2024
View reviewed changes
Copy link
Collaborator

@koenbollen koenbollen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One more nitpick, but looks good!

README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
@erikdubbelboer @koenbollen
Update README.md
c057ac9 
Co-authored-by: Koen Bollen <[email protected]>
@erikdubbelboer @koenbollen
Update README.md
885fa8f 
Co-authored-by: Koen Bollen <[email protected]>
@erikdubbelboer erikdubbelboer merged commit a8c95e4 into main Aug 27, 2024
5 checks passed
@erikdubbelboer erikdubbelboer deleted the field-to-field-comparison branch August 27, 2024 13:20
@erikdubbelboer erikdubbelboer mentioned this pull request Aug 30, 2024
Merged
erikdubbelboer added a commit to poki/netlib that referenced this pull request Aug 30, 2024
@erikdubbelboer
Bump mongodb-filter-to-postgres to v1.0.2 (#141)
fcdf896 
This will enable the new `$field` operator, which will allow you to
filter lobbies like:
```json
{
  "playerCount": { "$lt": { "$field": "maxPlayers" } }
}
```

See: poki/mongodb-filter-to-postgres#23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ErikSom ErikSom ErikSom approved these changes

@koenbollen koenbollen koenbollen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@erikdubbelboer @koenbollen @ErikSom