jsonQueryParser inaccurate parse value in JSON when value[0] is '!','<','>'...

[johnzhou2011]

The jsonQueryParser should parser the key not value[0]
eg:
{messageId: "70666280047D7CD@front04.ibpmail.net\>A(addedAbyApostmaster@ibpmail.com)"}
will convert to
Mongoose: emails.find({"messageId":{"$lt":"570666280047D7CD@front04.ibpmail.net>A(addedAbyApostmaster@ibpmail.com)"}})
not
Mongoose: emails.find({"messageId": "<570666280047D7CD@front04.ibpmail.net>A(addedAbyApostmaster@ibpmail.com)"})

We need recursive parse keys to operators , currently jsonQueryParser is needless, all JSON should accrate to provide operators such as "$lt" as a key in JSON string.

// H+ - JSON query param parser
  // TODO - improve to serve recursive logical operators
  function jsonQueryParser (key, value) {
    if (_.isString(value)) {
      if (value[0] === '~') { // parse RegExp
        return new RegExp(value.substring(1), 'i')
      } else if (value[0] === '>') {
        if (value[1] === '=') {
          return {$gte: value.substr(2)}
        } else {
          return {$gt: value.substr(1)}
        }
      } else if (value[0] === '<') {
        if (value[1] === '=') {
          return {$lte: value.substr(2)}
        } else {
          return {$lt: value.substr(1)}
        }
      } else if (value[0] === '!' && value[1] === '=') {
        return {$ne: value.substr(2)}
      } else if (value[0] === '=') {
        return {$eq: value.substring(1)}
      }
    } else if (_.isArray(value)) {
      if (model.schema.paths.hasOwnProperty(key)) {
        return {$in: value}
      }
    }
    return value
  }

[Zertz]

This behavior is documented, though I do agree that there should at least be a way to turn it off.

As a side note, I see that you're using v0.7 or v1.x, which are unlikely to be patched.

[johnzhou2011]

v1.1.1

[johnzhou2011]

GET /Customer?query={"name":"<Zertz>"}
something like that is so risky that db will result almost all collections.

It's not a good way use JSON key-value of value to parse operators. Operators must be a key in JSON key-value.

[Zertz]

Like I said, I agree. We can't just remove it though because it's a breaking change, it would have to be behind an option. queryParser or something along those lines.

You're welcome to submit a PR :)

[johnzhou2011]

ok, thanks . :)
Could u set the label as enhancement?

[Zertz]

I'm not sure how useful this is so it could probably be removed for 5.0 and @johnzhou2011 raised a good point, running a query like "name": "<Zertz" will, in most cases, match pretty much the entire collection. Of course, we have a default limit in place, but it's still awkward (impossible?) to query for the actual < character.

@florianholzapfel Thoughts?

[florianholzapfel]

actually it should be possible by explicitly specifying the operator. e.g. to query for "name": "<Zertz" by using the query name==<Zertz, but i agree: this is a little bit awkward.