拨开荷叶行,寻梦已然成。仙女莲花里,翩翩白鹭情。
IMG-LOGO
主页 文章列表 如何在API回应中隐藏我的客户密码

如何在API回应中隐藏我的客户密码

白鹭 - 2022-02-24 2129 0 0

我只是 Javascript 和 MERN 的初学者。我正在尝试创建一个小型社交媒体应用程序,并且在我的注册 api 中,我给出了用户信息的回应。我无法隔离和隐藏密码。

这是代码

userRouter.post("/signUp", async (req, res) => {
    
    const {name, userName, email, password} = req.body

    const existingUser = await userSchema.findOne({email: email})
    const SameUserName = await userSchema.findOne({userName: userName})
    if (existingUser) {
        return res.status(406).send({
            message: `sorry, an account with email: ${email} has already been created.`
        })
    } else if (SameUserName) {
        return res.status(406).send({
            message: `sorry, user name taken. Try another one...`
        })
    }

    const newUser = new userSchema({
        name,
        userName,
        email,
        password
    })
    console.log(newUser)

    try {
        await newUser.save()
        res.status(201).send({
            message: `Account successfully created!`,
            user: newUser
        })
    } catch (err) {
        res.send({
            message:`Something went wrong`,
        })
    }
})

那么,如何在没有密码的情况下发送用户信息?

uj5u.com热心网友回复:

跟进我在下面留下的评论,这就是你可以做的。

你必须重构你的代码

try {
 const userSaved = await newUser.save();
 delete userSaved.password // assuming this is the property name
 return res.status(201).send({ message: 'Account created successfully', user: userSaved })
}

你也可以:

try {
 const userSaved = await newUser.save();
 delete userSaved.password // assuming this is the property name
 return userSaved;
}

在这种情况下,您在前端处理讯息和所有内容。

uj5u.com热心网友回复:

您需要在架构上实作toJSONtransform方法。这将允许您在创建模式物件以及将它们序列化并发送到客户端时“拦截”它们。

这是一个例子:

架构:

import { Schema, model } from 'mongoose';

const schema = new Schema(
    {
        name: {
            required: true,
            type: String
        },
        userName: {
            required: true,
            type: String
        },
        email: {
            required: true,
            type: String
        },
        password: {
            required: true,
            type: String
        }
    },
    {
        // here, we implement the `toJSON` method to serialize the user object sans password, __v;
        // we'll also convert the mongo-specific `_id` property to a db-agnostic format
        toJSON: {
            transform(_, ret) {
                ret.id = ret._id;

                delete ret.password;
                delete ret._id;
                delete ret.__v;
            }
        }
    }
);

// this is our user schema, used to initialize new user objects before we persist them in the db
const User = model('User', schema);

userRouter.post('/signUp', async (req, res) => {
    // grab the inputs - we do *not* at this time know whether any of these are valid - they must be validated
    const { name, userName, email, password } = req.body;

    // validate the email format, performing checks for any requirements you wish to enforce
    if (!email) {
        // error response
    }

    // now, we check if the email is already in-use
    const existingUser = await User.findOne({ email });
    if (existingUser) {
        return res.status(400).send({
            message: `sorry, an account with email: ${email} has already been created.`
        });
    }

    // validate userName format here
    if (!userName) {
        // error response
    }

    // notice we don't bother making this query until `existingUser` check has passed
    // this way we don't incur needless computation
    const sameUserName = await User.findOne({ userName });
    if (sameUserName) {
        return res.status(400).send({
            message: `sorry, user name taken. Try another one...`
        });
    }

    // validate name and password and handle accordingly here
    if (!name || ...) {
        // error response
    }

    // assuming all is well, we create a new user with the schema
    // think of the schema as a template
    const newUser = new User({ name, userName, email, password });

    // save the new user
    await newUser.save().catch((ex) => {
        // error response
    });

    res.status(201).send({
        message: `Account successfully created!`,
        user: newUser
    });
});

您还可以查看express-validator,这是一个为您处理大部分请求正文验证的中间件。

标签:

0 评论

发表评论

您的电子邮件地址不会被公开。 必填的字段已做标记 *