Skip to content

Projections

Projections are the most powerfull tool when it comes to security and best practices and its lets you fetch only fields you need to fetch from DB but in addtion to than we impliment a robust black-list system via projection to avoid expose sensitive fields via fetch data.

projection in crud-router has two types: * default projections (block-list) * query based projections (selection)

Default Projections

Default projection is a block-list mechanishm to specify which fields to not expose on get methods. This default projection is applied by pass hide option object into the options parameter of createCrud function.

Hide the Password Field
import User from './app/models/user.model.js';
import createCrud from '@api-craft/crud-router';
import { Router } from 'express';

app = Router();

router.user('/users',createCrud(User,{
    hide: {
        getAll: ["password"],
        getOne: ["password"]
    }
}))

Query Based Projection

This projection type work as selecter of specific fields. Users can fetch only the needed fields from collection by pass the needed field's names in fields query parameter

Fetch only Username and Email from Users
GET /users?fields=username,email