使用 NodeJs Mongo 和 Express 更新哈希密码
Keep hashed password on update using NodeJs Mongo and Express
我正在尝试使用 MEAN 构建应用程序。在注册时,一切正常,用户将使用字段密码和验证哈希值被引入数据库。但是在更新时,密码和验证将不再被散列,它们将作为纯文本添加到数据库中。我该如何解决这个问题? (我还没有前端代码,我用Postman发送请求)
这是我现在拥有的:
model.js
var mongoose = require('mongoose');
var Schema = mongoose.Schema;
var bcrypt = require('bcrypt');
var schema = new Schema({
firstname: { type: String, required: true },
lastname: { type: String, required: true },
email: { type: String, required: true },
password: { type: String, required: true },
verify: { type: String, required: true },
});
schema.pre('save', function (next) {
var user = this;
bcrypt.hash(user.password, 10, function (err, hash) {
if (err) {
return next(err);
}
user.password = hash;
user.verify = hash;
next();
});
});
module.exports = mongoose.model('User', schema);
controller.js
var router = express.Router();
// register user
router.post('/register', function (req, res, next) {
addToDB(req, res);
});
async function addToDB(req, res) {
var user = new User({
firstname: req.body.firstname,
lastname: req.body.lastname,
email: req.body.email,
password: req.body.password,
verify: req.body.verify
});
try {
doc = await user.save();
return res.status(201).json(doc);
}
catch (err) {
return res.status(501).json(err);
}
}
// update user
router.put('/:id', function (req, res, next) {
User.findByIdAndUpdate(req.params.id, req.body, function (err, post) {
if (err) {
console.log('Error in user update: ' + JSON.stringify(err, undefined, 2));
return next(err);
}
res.json(post);
});
});
更新您的 Mongoose 中间件以仅在密码已被修改(或新的)时对密码进行哈希处理,例如
schema.pre('save', function(next) {
var user = this;
// only hash the password if it has been modified (or is new)
if (!user.isModified('password')) return next();
// generate a salt
bcrypt.genSalt(10, function(err, salt) {
if (err) return next(err);
// hash the password along with our new salt
bcrypt.hash(user.password, salt, function(err, hash) {
if (err) return next(err);
// override the cleartext password with the hashed one
user.password = hash;
user.verify = hash
next();
});
});
});
因为 findByIdAndUpdate 是 findOneAndUpdate 的包装器,最好使用 save 以便调用预保存钩子
var _ = require('lodash');
// update user
router.put('/:id', function (req, res, next) {
// fetch user
User.findById(req.params.id, function(err, post) {
if (err) return next(err);
_.assign(post, req.body); // update user
post.save(function(err) {
if (err) return next(err);
return res.json(200, post);
})
});
});
我正在尝试使用 MEAN 构建应用程序。在注册时,一切正常,用户将使用字段密码和验证哈希值被引入数据库。但是在更新时,密码和验证将不再被散列,它们将作为纯文本添加到数据库中。我该如何解决这个问题? (我还没有前端代码,我用Postman发送请求)
这是我现在拥有的:
model.js
var mongoose = require('mongoose');
var Schema = mongoose.Schema;
var bcrypt = require('bcrypt');
var schema = new Schema({
firstname: { type: String, required: true },
lastname: { type: String, required: true },
email: { type: String, required: true },
password: { type: String, required: true },
verify: { type: String, required: true },
});
schema.pre('save', function (next) {
var user = this;
bcrypt.hash(user.password, 10, function (err, hash) {
if (err) {
return next(err);
}
user.password = hash;
user.verify = hash;
next();
});
});
module.exports = mongoose.model('User', schema);
controller.js
var router = express.Router();
// register user
router.post('/register', function (req, res, next) {
addToDB(req, res);
});
async function addToDB(req, res) {
var user = new User({
firstname: req.body.firstname,
lastname: req.body.lastname,
email: req.body.email,
password: req.body.password,
verify: req.body.verify
});
try {
doc = await user.save();
return res.status(201).json(doc);
}
catch (err) {
return res.status(501).json(err);
}
}
// update user
router.put('/:id', function (req, res, next) {
User.findByIdAndUpdate(req.params.id, req.body, function (err, post) {
if (err) {
console.log('Error in user update: ' + JSON.stringify(err, undefined, 2));
return next(err);
}
res.json(post);
});
});
更新您的 Mongoose 中间件以仅在密码已被修改(或新的)时对密码进行哈希处理,例如
schema.pre('save', function(next) {
var user = this;
// only hash the password if it has been modified (or is new)
if (!user.isModified('password')) return next();
// generate a salt
bcrypt.genSalt(10, function(err, salt) {
if (err) return next(err);
// hash the password along with our new salt
bcrypt.hash(user.password, salt, function(err, hash) {
if (err) return next(err);
// override the cleartext password with the hashed one
user.password = hash;
user.verify = hash
next();
});
});
});
因为 findByIdAndUpdate 是 findOneAndUpdate 的包装器,最好使用 save 以便调用预保存钩子
var _ = require('lodash');
// update user
router.put('/:id', function (req, res, next) {
// fetch user
User.findById(req.params.id, function(err, post) {
if (err) return next(err);
_.assign(post, req.body); // update user
post.save(function(err) {
if (err) return next(err);
return res.json(200, post);
})
});
});