Giters

pshaddel / no-sql-injection

Examples of (No-)SQL Injections in Nodejs

Home Page:https://p-shaddel.medium.com/how-to-prevent-no-sql-injection-in-node-js-e743cf7d3771

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

nodejsnosql-injection

Maintenance Maintaner Ask Me Anything ! codecov GitHub license PRs Welcome

TS Express Prisma

A Boilerplate for Express Apps with Prisma

Prerequisites

Nodejs and NPM: You can install the latest version here

docker: Install docker engine from here.

Quick Start

First install dependencies:

npm install

And then start the project:

npm run start:dev

Now the service is up and is listening on: http://127.0.0.1:3001

Be aware that you need DATABASE_URL as a env variable on your system for running the project or tests. You can create a .env file in Prisma folder to do that.

Testing

We are using Jest as both test library and test runner. For running ts test files we are using SWC which is a lot faster than TS-NODE. This issue of detecting open handles on tests is open on jest: prisma/prisma#18146

Available scripts in package.json file:

npm run test
npm run test:watch
npm run test:ci

Be aware that you need DATABASE_URL as a env variable on your system for running the project or tests. You can create a .env file in Prisma folder to do that.

Test Coverage Badge

For using your own coverage badge you need to do 3 things:

  • Register in CodeCov
  • Copy the Secret CODECOV_TOKEN value and add it to your project secrets.
  • Copy the Badge address from CodeCov dashboard to README file.

Linter

For Linting we are using ESLint

npm run lint

Formatter

For Formatting we are using Prettier.

npm run prettier

Git Commit Message

It is forced to commit Conventional Commit to this repository. For commiting in this style you can use this VSCode Extension or use this CLI Tool that I implemented.

How to Disable it?

Got to .husky/commit-msg and comment the line that checks commit message. You can also remove these two packagees if you do not want to have a standard on commit messages: "@commitlint/cli": "^17.4.4", "@commitlint/config-conventional": "^17.4.4"

Documents

Add your documents as TS comments in your project and then run this command for generating .MD files in docs folder:

npm run docs

Validation

We are using Zod for validation of requests. Check out src/user.service.ts to see the example.

Pipeline

Pipeline has these steps:

  • Installing Dependencies
  • Lint
  • Run Test Containers
  • Wait
  • Test

About

Examples of (No-)SQL Injections in Nodejs

https://p-shaddel.medium.com/how-to-prevent-no-sql-injection-in-node-js-e743cf7d3771

nodejsnosql-injection

License:MIT License

Languages

Language:TypeScript 96.6%Language:Shell 2.5%Language:JavaScript 0.9%