On Thu, Dec 07, 2023 at 01:06:57AM +0000, Hamid Maadani wrote:
> >> However, I am concerned about the use of `bson_new_from_json()` and its
> >> need to quote the MongoDB operators. This feels completely unnatural.
> >> How is there then a distinction between:
> >>
> >> $or: [...]
> >>
> >> and
> >>
> >> "$or": [...]
> >>
> >> the latter should be a verbatim key called "$or", not a MongoDB
> >> operator. How do we avoid having issues with inputs that contain a
> >> leading "$", or are the leading "$" signs only special in the JSON
> >> object key, rather than the value? This needs to be understood and
> >> documented. As well as clarifying any potential confusion around
> >> projections...
> > ...
> > I am still uneasy about this. What if one really wanted a key that
> > starts with "$"? Ideally the API would have supported operators without
> > overloading already quoted strings.
>
> Using 'bson_new_from_json' seems to be the easiest way to give admins
> flexibility on what queries/projections they want to have. I actually
> initially wanted to use aggregations, but decided against that to keep
> simplicity.
>
> Mongo 5.0 and above support keys that start with dollar signs according to
> this:
> https://www.mongodb.com/docs/manual/core/dot-dollar-considerations
>
I am somewhat reassured by the fact that that document consistently only
talks about dollar-prefixed *keys*, and makes no mention of special
concerns for dollar-prefixed values. So I guess, the user will have to
know that despite the formal MongoDB syntax not needing quotes for $or,
the Postfix dictionary driver will require quotes, and the operator will
still work.
Provided "%s", "%u", and the like always appear on the *value* side of a
MongoDB query, there are no related issues. Anyone using external input
to set a *key* in the JSON query would be asking for trouble...
We probably don't need to go as far as parsing the JSON query to ensure
that '%x' substitutions happen only in values and not in keys...
--
Viktor.
_______________________________________________
Postfix-devel mailing list -- postfix-devel@postfix.org
To unsubscribe send an email to postfix-devel-le...@postfix.org
