在node.js中的猫鼬用户上使用_.omit [英] using _.omit on mongoose User in node.js

问题描述

我有一个像这样的猫鼬用户架构:

var UserSchema = new Schema({
    username: { type: String, required: true, index: { unique: true } },
    password: { type: String, required: true },
    salt: { type: String, required: true}
});

我希望能够将此用户对象发送到我的应用程序的客户端，但是我不想设置密码或盐字段.

所以我将他的以下代码添加到了我的用户模型模块中

U

serSchema.methods.forClientSide = function() {
    console.log('in UserSchema.methods.forClientSide');
    console.log(this);
    //var userForClientSide=_.omit(this,'passsword','salt');
    var userForClientSide={_id:this._id, username:this.username };
    console.log(userForClientSide);

    return userForClientSide;
}

我有required下划线模块(通过package.js中的依赖项在本地安装).

不是注释行-我期望它忽略用户对象的密码和盐字段，但它什么也没做:(记录的对象具有完整的属性集.

当替换为当前使用的类似var userForClientSide={_id:this._id, username:this.username };时，它会得到我想要的结果，但是:

1)我想知道为什么_.omit无法正常工作. 2)我不太喜欢当前的解决方法，因为它实际上选择了一些属性，而不是忽略了一些我不喜欢的属性，因此，如果我要向scema添加任何新属性，我也必须在此处添加它们. /p>

这是我第一次尝试使用node.js/express/mongodb/mongoose等编写东西.因此很可能我缺少针对此问题的其他更好的解决方案(可能是mongoose的某些功能)，可以随时进行学习我有做这种事情的正确方法.

所以基本上我想知道这样做的正确方法以及为什么我的方法行不通.

谢谢

解决方案

1)我想知道_.omit为什么不起作用.

猫鼬使用defineProperty和一些繁重的元编程.如果要使用下划线，请首先调用user.toJSON()以获取一个普通的旧javascript对象，该对象可以更好地使用下划线，而无需所有元编程的幻想，功能等.

更好的解决方案是使用mongo/mongoose的fields对象并传递字符串"-password -salt"，因此根本就不打算从mongo取回它们.

另一种方法是使用猫鼬变换(在该页面上搜索变换") .您的用例就是文档中用作示例的EXACT用例.

您还可以通过在查询中调用.lean()使猫鼬查询精简"，在这种情况下，您将获得普通的javascript对象而不是猫鼬模型实例.

但是，在尝试了所有这些方法之后，我个人认为应该为Account提供一个单独的集合，该集合具有登录详细信息和一个User集合，这将极大地泄漏哈希值即使是偶然也不太可能，但是以上任何一种都可以.

I have a mongoose User schema built like this:

var UserSchema = new Schema({
    username: { type: String, required: true, index: { unique: true } },
    password: { type: String, required: true },
    salt: { type: String, required: true}
});

I want to be able to send this user object to the client side of my application but I don't want to sned the password or salt fields.

So I added he following code to my user model module

U

serSchema.methods.forClientSide = function() {
    console.log('in UserSchema.methods.forClientSide');
    console.log(this);
    //var userForClientSide=_.omit(this,'passsword','salt');
    var userForClientSide={_id:this._id, username:this.username };
    console.log(userForClientSide);

    return userForClientSide;
}

I have required the underscore module (its installed locally via a dependency in my package.js).

not the commented out line - I was expecting it to omit the password and salt fields of the user object but it did not do anything :( the logged object had the full set of properties.

when replaced with the currently used like var userForClientSide={_id:this._id, username:this.username }; it gets the results I want but:

1) I want to know why does the _.omit not work. 2) I don't like my current workaround very much because it actually selects some properties instead of omitting the ones I don't like so if I will add any new propertes to the scema I will have to add them here as well.

This is my first attempt at writing something using node.js/express/mongodb/mongoose etc. so It is very possible hat I am missing some other better solution to this issue (possibly some feature of mongoose ) feel free to educate me of the right way to do things like this.

so basically I want to know both what is the right way to do this and why did my way not work.

thanks

解决方案

1) I want to know why does the _.omit not work.

Mongoose uses defineProperty and some heavy metaprogramming. If you want to use underscore, first call user.toJSON() to get a plain old javascript object that will work better with underscore without all the metaprogramming fanciness, functions, etc.

A better solution is to use mongo/mongoose's fields object and pass the string "-password -salt" and therefore just omit getting these back from mongo at all.

Another approach is to use the mongoose Transform (search for "tranform" on that page). Your use case is the EXACT use case the documentation uses as an example.

You can also make your mongoose queries "lean" by calling .lean() on your query, in which case you will get back plain javascript objects instead of mongoose model instances.

However, after trying each of these things, I'm personally coming to the opinion that there should be a separate collection for Account that has the login details and a User collection, which will make leaking the hashes extremely unlikely even by accident, but any of the above will work.

这篇关于在node.js中的猫鼬用户上使用_.omit的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！