Skip to content
This repository has been archived by the owner on Jan 3, 2023. It is now read-only.

Include operatorsAliases in sequelize connection. #307

Closed
DesignByOnyx opened this issue Nov 22, 2017 · 2 comments
Closed

Include operatorsAliases in sequelize connection. #307

DesignByOnyx opened this issue Nov 22, 2017 · 2 comments

Comments

@DesignByOnyx
Copy link
Contributor

Sequelize now recommends that operator aliases be defined so as to prevent known security issues (read more here).

Sequelize now emits a warning if aliases are not defined. In order to suppress this warning and "follow the rules", the generator should include known aliases:

const operatorsAliases = {
    $in: Op.in,
    $notIn: Op.notIn,
    $lt: Op.lt,
    $lte: Op.lte,
    $gt: Op.gt,
    $gte: Op.gte,
    $ne: Op.ne,
    $or: Op.or
  };
const sequelize = new Sequelize(connectionString, {
    dialect: 'postgres',
    logging: false,
    operatorsAliases,
    define: {
      freezeTableName: true
    }
  });
@daffl
Copy link
Member

daffl commented Nov 28, 2017

Makes sense. We'll probably have to update the adapter to use this as well right?

@DesignByOnyx
Copy link
Contributor Author

I don't think the adaptor needs to do anything - the only operator being referenced is $notIn. However, if we want we can create an alias for $nin and get rid of that section of code:

const operatorsAliases = {
    ...
    $notIn: Op.notIn,
    $nin: Op.notIn, // this makes the non-standard $nin operator recognized by sequelize
    ...
};

@daffl daffl mentioned this issue Jan 14, 2018
Closed
@daffl daffl mentioned this issue Jan 26, 2018
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daffl @DesignByOnyx