Ported native MongoDB to minimongo

data/datacreator.js

@@ -509,15 +509,6 @@ function createChallenges () {
   }).success(function (challenge) {
     challenges.noSqlInjectionChallenge = challenge
   })
-  models.Challenge.create({
-    name: 'NoSql Direct Access',
-    category: 'NoSQL Injections',
-    description: 'Write any Message in the Secrets Collection of the MongoDB',
-    difficulty: 4,
-    solved: false
-  }).success(function (challenge) {
-    challenges.noSqlDirectAccess = challenge
-  })
   models.Challenge.create({
     name: 'Retrieve Blueprint',
     category: 'Forgotten Content',
@@ -529,7 +520,7 @@ function createChallenges () {
   }).success(function (challenge) {
     challenges.retrieveBlueprintChallenge = challenge
     for (var i = 0; i < config.get('products').length; i++) { // TODO remove this workaround default before v5.0 release
-      var product = config.get('products')[ i ]
+      var product = config.get('products')[i]
       if (product.fileForRetrieveBlueprintChallenge) {
         models.sequelize.query('UPDATE Challenges SET hint = \'The product you might want to give a closer look is the ' + product.name + '.\' WHERE id = ' + challenge.id)
         break
@@ -621,7 +612,7 @@ function makeRandomString (length) {
 function createProducts () {
   function softDeleteIfConfigured (product) {
     for (var i = 0; i < config.get('products').length; i++) {
-      var configuredProduct = config.get('products')[ i ]
+      var configuredProduct = config.get('products')[i]
       if (product.name === configuredProduct.name) {
         if (configuredProduct.deletedDate) {
           models.sequelize.query('UPDATE Products SET deletedAt = \'' + configuredProduct.deletedDate + '\' WHERE id = ' + product.id)

mongodb/datacreator.js

@@ -0,0 +1,17 @@
+var db = require('./index')
+
+var reviews = [
+  { product: 1, message: 'One of my favorites!', author: '[email protected]' },
+  { product: 17, message: 'Has a nice flavor!', author: '[email protected]' },
+  { product: 3, message: 'I bought it, would buy again. 5/7', author: '[email protected]' },
+  { product: 14, message: 'Fresh out of a replicator.', author: '[email protected]' },
+  { product: 6, message: 'Fry liked it too.', author: '[email protected]' },
+  { product: 19, message: 'A vital ingredient for a succesful playthrough.', author: '[email protected]' }
+]
+
+module.exports = function datacreator () {
+  db.reviews.upsert(reviews, {}, function (reviews) {
+    console.log('Created some reviews!')
+    console.log('Reviews', reviews)
+  })
+}

mongodb/index.js

@@ -0,0 +1,8 @@
+var minimongo = require('minimongo')
+
+var LocalDb = minimongo.MemoryDb
+
+var db = new LocalDb()
+db.addCollection('reviews')
+
+module.exports = db

package.json

@@ -43,8 +43,8 @@
     "cookie-parser": "~1.4",
     "cors": "~2.8",
     "dottie": "~2.0",
-    "errorhandler": "~1.5",
     "epilogue-js": "~0.7",
+    "errorhandler": "~1.5",
     "express": "~4.15",
     "express-jwt": "~5.3",
     "fs-extra": "^3.0.0",
@@ -63,10 +63,7 @@
     "js-yaml": "3.8.2",
     "jsonwebtoken": "~7.4",
     "jssha": "~2.3",
-    "mongodb": "^2.2.22",
-    "mongodb-prebuilt": "^4.6.0",
-    "mongoose": "^4.8.1",
-    "mongoose-auto-increment": "^5.0.1",
+    "minimongo": "^4.5.0",
     "morgan": "~1.8",
     "multer": "~1.3",
     "pdfkit": "~0.8",
@@ -181,4 +178,4 @@
       "/bower_components/"
     ]
   }
-}
+}

routes/createProductReviews.js

@@ -2,20 +2,18 @@
 
 var utils = require('../lib/utils')
 
-var Review = require('../mongoose/reviews').Review
+var db = require('../mongodb/index')
 
 exports = module.exports = function productReviews () {
   return function (req, res, next) {
-    var review = new Review()
-
-    review.product = req.params.id
-    review.message = req.body.message
-    review.author = req.body.author
-
-    review.save().then(function (result) {
+    db.reviews.upsert({
+      product: req.params.id,
+      message: req.body.message,
+      author: req.body.author
+    }, {}, function (result) {
       res.json(utils.queryResultToJson(result))
     }, function (err) {
-      res.json({error: 'Could not connect to MongoDB', trace: err})
+      res.status(500).json(err)
     })
   }
 }

routes/showProductReviews.js

@@ -3,28 +3,32 @@
 var utils = require('../lib/utils')
 var challenges = require('../data/datacache').challenges
 
-var connection = require('mongoose').connection
-var Review = require('../mongoose/reviews').Review
+var db = require('../mongodb/index')
 
-exports = module.exports = function productReviews () {
+// Blocking sleep function as in native MongoDB
+global.sleep = function (time) {
+  var stop = new Date().getTime();
+  while (new Date().getTime() < stop + time) {
+    ;
+  }
+}
+
+exports = module.exports = function productReviews() {
   return function (req, res, next) {
     var id = req.params.id
 
-    if (connection.readyState === 1) {
-      // Messure how long the query takes to find out if an there was a nosql dos attack
-      var t0 = new Date().getTime()
-      Review.find({'$where': 'this.product == ' + id}).then(function (reviews) {
-        if ((new Date().getTime() - t0) > 2000) {
-          if (utils.notSolved(challenges.noSqlCommandChallenge)) {
-            utils.solve(challenges.noSqlCommandChallenge)
-          }
+    // Messure how long the query takes to find out if an there was a nosql dos attack
+    var t0 = new Date().getTime()
+    db.reviews.find({ '$where': 'this.product == ' + id }).fetch(function (reviews) {
+      var t1 = new Date().getTime()
+      if ((t1 - t0) > 2000) {
+        if (utils.notSolved(challenges.noSqlCommandChallenge)) {
+          utils.solve(challenges.noSqlCommandChallenge)
         }
-        res.json(utils.queryResultToJson(reviews))
-      }, function () {
-        res.status(400).json({error: 'Wrong Params'})
-      })
-    } else {
-      res.json({msg: 'No NoSQL Database availible'})
-    }
+      }
+      res.json(utils.queryResultToJson(reviews))
+    }, function () {
+      res.status(400).json({ error: 'Wrong Params' })
+    })
   }
 }

routes/updateProductReviews.js

@@ -5,33 +5,33 @@ var challenges = require('../data/datacache').challenges
 
 var insecurity = require('../lib/insecurity')
 
-var connection = require('mongoose').connection
-var Review = require('../mongoose/reviews').Review
+var db = require('../mongodb/index')
 
-exports = module.exports = function productReviews () {
+exports = module.exports = function productReviews() {
   return function (req, res, next) {
     var id = req.body.id
 
     if (!insecurity.isAuthorized()) {
-      res.status(401).json({msg: 'You need to be authorized to do this!'})
-    } else if (connection.readyState === 1) {
+      res.status(401).json({ msg: 'You need to be authorized to do this!' })
+    } else {
       // Updates the comments
       // insecurity as it updates all the comments and doesnt filter for the user
       // also updateOne() or findOneAndUpdate() would be more suitible here
-      Review.updateMany({_id: id}, {message: req.body.message}, {runValidators: false})
-        .then(function (result) {
-          if (result.nModified > 1) {
-            // More then one Review was modified => challange solved
-            if (utils.notSolved(challenges.noSqlInjectionChallenge)) {
-              utils.solve(challenges.noSqlInjectionChallenge)
-            }
+      db.reviews.upsert({ _id: id, message: req.body.message }, { _id: id }, function (result) {
+        if (result.nModified > 1) {
+          // More then one Review was modified => challange solved
+          if (utils.notSolved(challenges.noSqlInjectionChallenge)) {
+            utils.solve(challenges.noSqlInjectionChallenge)
           }
-          res.json(result)
-        }, function (err) {
-          res.status(500).json(err)
+        }
+        res.json(result)
+
+        db.reviews.find({}).fetch(function (res) {
+          console.log(res);
         })
-    } else {
-      res.json({msg: 'No NoSQL Database availible'})
+      }, function (err) {
+        res.status(500).json(err)
+      })
     }
   }
 }