Hi @Pradip_Speaks,
You can use the Text Index and the $text query.
See this for an example.
Wildcard indexes cannot support queries using the $text operator, so you cannot use this approach to achieve your goal.
A suggestion for solution to your problem is to save the whole record field’s value as a string using JSON.stringify when saving the data and JSON.parse when retrieving the data. That way, you can create a text index on the record’s field.
Alternatively, if text’s index doesn’t fit your task, you can use the $regex operator.
Does $text query poses any security risk (script injection etc.) to be passed inside the APIs?
Many places I was reading people propose to use mongo-sanitizer npm module to sanitize the payload, options, queries etc. That will remove anything with dollar($).
It depends on how you’re using the input in your server code.
If you’re using it inside db.runCommand(command) and command is a string, then script injection is an issue.
If you run this for example:
db.collection.findOne({name: nameVariable})
where nameVariable is a string you got from API, then script injection is not an issue.
See this for more information.
There is no NoSql attack in the list but it’s similar to other injection attacks.
Search injection attacks in the list.
Just to be clear: My purpose is not to search for regex star. Rather I want to search a string across all the fields of the documents in my collection.
Basically it’s like:
?query_fields=*&query=search_val
Where query fields are the name of the fields of the document and search_val is the value to be searched.
The $text is showing MongoError: $text not supported.
Cosmos’ emulated API is not the same product as MongoDB:
Text search (introduced in MongoDB 2.4, March 2013) is not currently supported by Cosmos’ emulated API and apparently is not on their roadmap per Add support for “Search text” ($text Operator).
If full MongoDB feature support is important to your use case, I would consider using MongoDB Atlas on Azure for a managed data service.
I’m honestly not sure what is supported or efficient in Cosmos’ API. Unfortunately my knowledge of the MongoDB server doesn’t provide any insight into Cosmos’ implementation or behaviour.
However, I would note that regular expressions are designed for pattern matching, which is a different use case than full text search based on language heuristics (eg stemming and stop words). From what you’ve described so far (searching all fields in highly nested documents), I expect you want a text search implementation rather than regex.
In the Cosmos feedback item I linked in my previous post, an Azure Product Manager suggested Azure Search is their recommended solution.