Skip to content

don't include __v when using .toObject() or .toString() #2675

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jonathanong opened this issue Feb 12, 2015 · 10 comments
Closed

don't include __v when using .toObject() or .toString() #2675

jonathanong opened this issue Feb 12, 2015 · 10 comments
Labels
new feature This change adds new functionality, like a new method or class
Milestone
4.0.0-rc3

Comments

@jonathanong
Copy link

any reason it's included? i don't want to delete obj.__v every time i send it down the client.
@vkarpov15
Copy link
Collaborator

No particularly good reason that I can think of. It is a little strange that there's no good way to turn this off. Thanks for the suggestion.

@vkarpov15 vkarpov15 added the new feature This change adds new functionality, like a new method or class label Feb 17, 2015
@jonathanong
Copy link
Author

can we make it not sent as default?

@vkarpov15
Copy link
Collaborator

Don't want to add backwards breaking changes unnecessarily since we're in rc's. I can add the ability to turn it off at the schema level - would that work?

@jonathanong
Copy link
Author

yup that would work!

@vkarpov15 vkarpov15 added this to the 4.0.0-rc3 milestone Feb 20, 2015
@mathieumg
Copy link

I can add the ability to turn it off at the schema level

👍

@vkarpov15
Copy link
Collaborator

Done. Specify { versionKey: false } in toObject() options to disable. Can also write a plugin to do that in a one-liner.

@poisa
Copy link

poisa commented Jul 15, 2018

@vkarpov15 setting { versionKey: false } will disable versioning all together. What I want to do is just not expose __v in my API while keeping the versioning functionality. Also on another -very minor- note, this could be used by an attacker to sniff out if a system is using mongoose. Not that I really care but there is even a security argument for being able to exclude __v.

@ghost
Copy link

ghost commented Jul 15, 2018

@poisa it's meant to be set in the toObject options, not the schema options so versioning is still intact.

2675.js

#!/usr/bin/env node
'use strict';

const assert = require('assert');
const mongoose = require('mongoose');
mongoose.connect('mongodb://localhost:27017/test', { useNewUrlParser: true });
const conn = mongoose.connection;
const Schema = mongoose.Schema;

const schema = new Schema({
  name: String
}, { toObject: { versionKey: false } });

const Test = mongoose.model('test', schema);

const test = new Test({ name: 'TEST' });

async function run() {
  await conn.dropDatabase();
  let doc = await test.save();
  assert.strictEqual(doc.__v, 0);
  assert.strictEqual(doc.toObject().__v, undefined);
  console.log(`version: ${mongoose.version}: All tests pass!`);
  return conn.close();
}

run();

Output:

issues: ./2675.js
version: 5.2.3: All tests pass!
issues:

@poisa
Copy link

poisa commented Jul 15, 2018

@lineus That's great thanks! I didn't catch that from the docs the first time.

(By the way, as far as I'm concerned this can be closed)

@vkarpov15
Copy link
Collaborator

👍 I missed this option too, check out versionKey option in toObject() options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new feature This change adds new functionality, like a new method or class
Projects
None yet
Milestone
4.0.0-rc3
Development

No branches or pull requests
4 participants
@poisa @jonathanong @vkarpov15 @mathieumg