feat(model): expose collections via read-only OAuth2Server getter #27#28
Open
alloalexandre wants to merge 1 commit into
Open
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds a public, read-only way to access the underlying Meteor/Mongo collections used by the default OAuth model via an OAuth2Server.collections getter, primarily to support custom queries and indexing.
Changes:
- Added
OAuth2Server.collectionsgetter that returns a frozen collections object. - Exposed model collections on
OAuthMeteorModelinstances. - Added a test to verify the getter returns
Mongo.Collectioninstances and prevents mutation.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| tests/model-tests.js | Adds a test covering the new OAuth2Server.collections getter and attempted mutation behavior. |
| lib/oauth.js | Introduces the collections getter on OAuth2Server and freezes the returned object. |
| lib/model/model.js | Assigns the model’s collections object onto OAuthMeteorModel instances for external access. |
Comments suppressed due to low confidence (1)
lib/model/model.js:28
this.collections = collectionsmakes it easy for consumers to treatmodel.collectionsas an instance-specific, mutable property, but it is actually a module-level singleton object (lib/model/meteor-model.jsexportscollections) and the property itself is reassignable. Consider defining the instance property as read-only after the collections are initialized to better match the PR’s “read-only exposure” intent and avoid accidental reassignment.
this.debug = modelConfig.debug
this.collections = collections
collections.AccessTokens = createCollection(modelConfig.accessTokensCollection, modelConfig.accessTokensCollectionName)
collections.RefreshTokens = createCollection(modelConfig.refreshTokensCollection, modelConfig.refreshTokensCollectionName)
collections.AuthCodes = createCollection(modelConfig.authCodesCollection, modelConfig.authCodesCollectionName)
collections.Clients = createCollection(modelConfig.clientsCollection, modelConfig.clientsCollectionName)
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+229
to
+234
| get collections () { | ||
| if (!this.model || !this.model.collections) { | ||
| throw new Error('Model collections not initialized. Ensure model is properly configured.') | ||
| } | ||
| return Object.freeze({ ...this.model.collections }) | ||
| } |
Comment on lines
+256
to
+260
| // Test read-only: attempting to mutate should throw | ||
| assert.throws(() => { | ||
| collections.AccessTokens = {} | ||
| }, /Cannot assign to read only property/, 'Should throw when attempting to mutate collections') | ||
| }) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Exposes the MongoDB collections (
AccessTokens,RefreshTokens,AuthCodes,Clients) via a read-onlycollectionsgetter onOAuth2Server. The getter returns a frozen object to prevent mutations, ensuring OAuth2 compliance while allowing custom queries/indexing.Changes
collectionsfromlib/model/meteor-model.js.this.collectionsinOAuthMeteorModelconstructor (lib/model/model.js).get collections()getter toOAuth2Server(lib/oauth.js) usingObject.freezefor read-only access.API.mdviameteor npm run build:docs.tests/model-tests.jsto verify getter and read-only behavior.Motivation
Users need direct access to collections for custom logic (e.g., querying expired tokens or creating indexes). This provides a safe, controlled way without exposing internal model details or requiring low-level MongoDB driver APIs.
Testing
meteor npm run test).collectionsgetter returnsMongo.Collectioninstances and enforces read-only behavior.meteor npm run lint).Example Usage
Notes
developmentBranch: TheCONTRIBUTING.mdmentioningdevelopmentseems outdated.