MongoDB Summary

In MongoDB Like "SQL injection"

Use express-mongo-sanitize package to prevent it

            {        
              "email": {"$gt":""},
              "password": "156456"
            }

SQL injection
Insert xxx OR 1=1

It gives a list of the users in the table

MongoDB advanced filtering

GET /api/bootcamps?averageCost[lte]=10000

  exports.getBootcamps = asyncHandler(async (req, res, next)) => {
    console.log(req.query) // { averageCost: { lte: '10000' }}

    let query;
    let queryStr = JSON.stringify(req.query)
    queryStr = queryStr.replace(/\b(gt|gte|lt|lte|in)\b/g, match => `$${match}`)

    console.log(queryStr); // { "averageCost":{"$lte":"10000" }}

    query = Bootcamp.find(JSON.parse(queryStr))

    const bootcamps = await query;

    res.status(200).json({ success: true, count: bootcamps.length, data: bootcamps })
  }

  db.movies.findOne()   <-- get the oldest document depends on order in the database. By default is by _id field 
  db.movies.findOne({"title": "MyMovie"})
  db.movies.findOne({"_id": ObjectId("63736c84025d1bb5a7ccc708e")})

ID structure: <timestamp> <random value (process)> <random value (counter)>

MongoDB select specific fields in the results

GET /api/bootcamps?select=name,description <-- return only name and description fields

  exports.getBootcamps = asyncHandler(async (req, res, next)) => {
    let query;

    // Copy req.query
    const reqQuery = { ...req.query };

    // Create query string
    let queryStr = JSON.stringify(reqQuery)

    // Fields to exclude
    const removeFields = ['select']
    
    // Loop over removeFields and delete them from reqQuery
    removeFields.forEach(param => delete reqQuery[param])

    console.log(reqQuery); // GET /api/bootcamps?select=name -- gives {}

    // Create operators like ($gt, $gte, ...)
    queryStr = queryStr.replace(/\b(gt|gte|lt|lte|in)\b/g, match => `$${match}`)

    console.log(queryStr); // { "averageCost":{"$lte":"10000" }}

    // Finding resource
    query = Bootcamp.find(JSON.parse(queryStr))

    // Select fields 
    if (req.query.select) {
      const fields = req.query.select.split(',').join(' ') // name,description ==> name description
      query = query.select(fields); // return object with id, name,description only. other fields are not included
    } 

    // GET /api/bootcamps?select=name,description,housing&housing=true
    // will return object were housing=true and only name,description,housing fields
    
    // Executing query
    const bootcamps = await query;

    res.status(200).json({ success: true, count: bootcamps.length, data: bootcamps })
  }

MongoDB sorting

GET /api/bootcamps?select=name,description&sort=-name --> Sort by name in descending order

GET /api/bootcamps?select=name,description&sort=name --> Sort by name in ascending order

  exports.getBootcamps = asyncHandler(async (req, res, next)) => {
    let query;

    // Copy req.query
    const reqQuery = { ...req.query };

    // Create query string
    let queryStr = JSON.stringify(reqQuery)

    // Fields to exclude
    const removeFields = ['select', 'sort']
    
    // Loop over removeFields and delete them from reqQuery
    removeFields.forEach(param => delete reqQuery[param])

    console.log(reqQuery); // GET /api/bootcamps?select=name -- gives {}

    // Create operators like ($gt, $gte, ...)
    queryStr = queryStr.replace(/\b(gt|gte|lt|lte|in)\b/g, match => `$${match}`)

    console.log(queryStr); // { "averageCost":{"$lte":"10000" }}

    // Finding resource
    query = Bootcamp.find(JSON.parse(queryStr))

    // Select fields 
    if (req.query.select) {
      const fields = req.query.select.split(',').join(' ') // name,description ==> name description
      query = query.select(fields); // return object with id, name,description only. other fields are not included
    } 

    // GET /api/bootcamps?select=name,description,housing&housing=true
    // will return object were housing=true and only name,description,housing fields

    // Sort
    if (req.query.select) {
      sortBy = req.query.sort.split(',').join(' ')
      query.sort(sortBy);
    } else {
      // default sort is by createdAt
      query = query.sort('-createdAt') // descending order of createdAt
    }

    // Executing query
    const bootcamps = await query;

    res.status(200).json({ success: true, count: bootcamps.length, data: bootcamps })
  }

Find all the movies and sort them db.movies.find().sort({"year": 1}) <-- order by year ascending db.movies.find().sort({"year": -1}) <-- order by year descending

MongoDB pagination

GET /api/bootcamps?page=2&limit=2

GET /api/bootcamps?limit=2

  db.movies.find().skip(1).limit(1)

  exports.getBootcamps = asyncHandler(async (req, res, next)) => {
    let query;

    // Copy req.query
    const reqQuery = { ...req.query };

    // Create query string
    let queryStr = JSON.stringify(reqQuery)

    // Fields to exclude
    const removeFields = ['select', 'sort', 'page', 'limit']
    
    // Loop over removeFields and delete them from reqQuery
    removeFields.forEach(param => delete reqQuery[param])

    console.log(reqQuery); // GET /api/bootcamps?select=name -- gives {}

    // Create operators like ($gt, $gte, ...)
    queryStr = queryStr.replace(/\b(gt|gte|lt|lte|in)\b/g, match => `$${match}`)

    console.log(queryStr); // { "averageCost":{"$lte":"10000" }}

    // Finding resource
    query = Bootcamp.find(JSON.parse(queryStr))

    // Select fields 
    if (req.query.select) {
      const fields = req.query.select.split(',').join(' ') // name,description ==> name description
      query = query.select(fields); // return object with id, name,description only. other fields are not included
    } 

    // GET /api/bootcamps?select=name,description,housing&housing=true
    // will return object were housing=true and only name,description,housing fields

    // Sort
    if (req.query.select) {
      sortBy = req.query.sort.split(',').join(' ')
      query.sort(sortBy);
    } else {
      // default sort is by createdAt
      query = query.sort('-createdAt') // descending order of createdAt
    }

    // Pagination
    const page = parseInt(req.query.page, 10) || 1   // 10 is a base,  1 is a default page
    const limit = parseInt(req.query.limit, 10) || 10   // default is 10 per page
    const startIndex = (page -1) * limit;
    const endIndex = page * limit;
    const totalItems = await Bootcamp.countDocuments()   // count all the documents


    query.skip(startIndex).limit(limit)  // GET /api/bootcamps?limit=2 OR // GET /api/bootcamps?limit=2&select=name
    // GET /api/bootcamps?page=2&limit=2&select=name

    // Executing query
    const bootcamps = await query;

    // Pagination result
    const pagination = {}
    if (endIndex < totalItems) {
      pagination.next = {
        page: page + 1,
        limit
      }
    }

    if (startIndex > 0) {
      pagination.prev = {
        page: page - 1,
        limit
      }
    }

    res.status(200).json({ success: true, count: bootcamps.length, pagination, data: bootcamps })
  }

Projection - get selected fields

Find all the movies and give only the title and the year

  db.movies.find({}, {"title": 1, "year": 1})  <-- find all the movies, specify projection argument - return the title and the year

Find all the movies and give all the fields except the title
```
  db.movies.find({}, {"title": 0})
```

Update

 db.movies.updateOne({"_id": ObjectId("63736c84025d1bb5a7ccc708e")}, {
  $set: {
    "watched": true    <-- update the value
  }
 })

 db.movies.updateOne({"_id": ObjectId("63736c84025d1bb5a7ccc708e")}, {
  $inc: {
    "year": 1     <-- increment the year by one
  }
 })

 db.movies.updateOne({"_id": ObjectId("63736c84025d1bb5a7ccc708e")}, {
  $inc: {
    "year": -1     <-- decrement the year by one
  }
 })

MongoDB Summary

Update

Delete

Count