Mongoose Schema secured field

Define the field as a virtual getter instead of a traditional field.

For example, say you wanted to make the pop field of your collection read-only when accessed via Mongoose:

var schema = new Schema({
    city: String,
    state: String
});

schema.virtual('pop').get(function() {
    return this._doc.pop;
});

By accessing the private _doc member of your model instance it's possible this may break in the future, but this worked fine when I tested it just now.


Since mongoose 5.6 you can do: immutable: true

var schema = new Schema({
  securedField: {
    type: String,
    default: 'Forever',
    immutable: true
  }
});

An alternative if you want to set a default value that can never be changed:

var schema = new Schema({
  securedField: {
    type: String,
    default: 'Forever',
    set: function (val) { return this.securedField; }
});

Tags:

Mongoose