0
我有以下架構。它的用戶和文檔有幾個字段。我需要的是,一旦用戶註冊密碼變得隱藏,無論哪個數據庫查詢(例如查找,更新等),我運行密碼始終保持隱藏狀態。隱藏所有MongoDB查詢的密碼
我知道在mongo查詢中排除/製作密碼:0截至目前我排除密碼使用以下方法:
User.find({} , {password: 0}).populate('favoriteListings').populate('myListings').populate('profilePicture').limit(size).skip(itemsToSkip)
.exec(function (err, result) { // LIMIT THE RESULT TO 5 DOCUMENTS PER QUERY
if (err) return next(err)
return res.json(result)
})
即我排除密碼從json結果單獨在所有查詢。我需要的是做一些類似密碼:{hidden:true}並且每當我做任何查詢密碼不返回。
var mongoose = require('mongoose');
var Schema = mongoose.Schema; // creating schema
var Listing = require('../listing/listingModel');
var Media = require('../media/mediaModel');
var UserSchema = new Schema({
email: {type: String,default: null}, // EMAIL ID AND PASSWORD ARE TO BE KEPT ON MAIN OF SCHEMA
password: {type: String,default: null},
personal: { // personal information
firstName: {type: String,default: null},
lastName: {type: String,default: null},
dateOfBirth: { type: Date, default: Date.now },
description: {type: String,default: null},
contactNo: {type: String,default: '0000-0000-0000'},
gender: {
male: {type: Boolean,default: true},
female: {type: Boolean,default: false}
}
},
preferences: {
budget: {type: Number,default: 0},
moveInDate: { type: Date, default: Date.now },
profileViewable: {type: Boolean,default: true}
},
background: { // Has an array of work experiences
workExperience: [{ // can have multiple experiences so it is an array
employer: {type: String,default: null},
position: {type: String,default: null},
descrpiton: {type: String,default: null},
startDate: {type: Date,default: Date.now},
endDate: {type: Date,default: Date.now}
}]
},
profilePicture: { type: Schema.Types.ObjectId, ref: 'Media' },
favoriteListings: [{ type: Schema.Types.ObjectId, ref: 'Listing' }],
myListings: [{ type: Schema.Types.ObjectId, ref: 'Listing' }],
status: {type: Boolean,default: true} // STATUS OF ENTRY, BY DEFAULT ACTIVE=TRUE
},
{
// MAKING VIRTUALS TRUE
toObject: {
virtuals: true
},
toJSON: {
virtuals: true
},
timestamps: true, // FOR createdAt and updatedAt
versionKey: false,
id: false // because toObject virtuals true creates another id field in addition to _id so making it false
}
)
UserSchema
.virtual('fullName')
.get(function() {
// console.log(this.createdAt)
if (this.firstName != null && this.lastName != null) {return this.name.firstName + ' ' + this.name.lastName}
else
return null
})
var User = mongoose.model('User', UserSchema)
module.exports = User
以下爲登錄用戶
User.findOne({
email: req.body.email
}).select('+hash +salt').exec(function (err, validadmin) {
if (err) return next(err)
if (!validadmin) {
res.json({ success: false, message: 'Authentication failed. User not found.' })
} else if (validadmin) {
var decryptedPassword = CryptoJS.AES.decrypt(validadmin.password, myPasswordKey) // DECRYPTING PASSWORD
// OBTAINED FROM DB TO MATCH WITH PASSWORD GIVEN BY USER
decryptedPassword = decryptedPassword.toString(CryptoJS.enc.Utf8)
console.log(decryptedPassword)
console.log(req.body.password)
// check if password matches
if (decryptedPassword != req.body.password) {
return res.json({ success: false, message: 'Authentication failed. Wrong password.' })
} else {
// CREATES TOKEN UPON SUCCESSFUL LOGIN
var token = jwt.sign(validadmin, app.get('superSecret'), {
expiresIn: 24 * 60 * 60
})
// LOGIN SUCCESSFUL
return res.json({
success: true,
message: 'LOGIN SUCCESSFUL!',
token: token
})
}
}
});
在這種情況下,密碼從查詢結果中隱藏起來。但是當我使用密碼和電子郵件進行登錄時,出現以下錯誤:TypeError:無法讀取未定義的屬性「salt」。順便說一句我使用jwt的密碼加密 – SyedAliRazaSherazi
在你的登錄策略,你必須檢索數據庫的用戶,並檢查它對試圖登錄正確的用戶?在查找用戶的查詢中,在find方法之後添加.select('+ hash + salt')。 –
如果您不想在查詢數據庫以顯示用戶配置文件時獲取散列和salt,還可以執行以下操作:User.find(id).. select(' - hash - 鹽') 我認爲這將工作 –