使用Node Express猫鼬,我希望已登录的用户能够更新其个人资料,而不必在更新表单上再次提供密码。他们在登录时提供了它,并收到了JWT。
我遇到的问题是我设置了Mongoose要求输入密码。 因此,当用户更新表单被提交且不包含密码时,我正在构建的API会产生错误的请求错误。
JWT不包含密码,所以我不能从那里获取密码。
const config = require("config");
const jwt = require("jsonwebtoken");
const Joi = require("@hapi/joi");
const mongoose = require("mongoose");
const userSchema = new mongoose.Schema({
username: {
type: String,
required: true,
minlenghth: 5,
maxlength: 255,
unique: true,
trim: true,
},
password: {
type: String,
required: true,
minlength: 3,
maxlength: 1024,
trim: true,
},
name: {
type: String,
required: true,
minlength: 3,
maxlength: 30,
trim: true,
}
});
userSchema.methods.generateAuthToken = function () {
const token = jwt.sign(
{
_id: this._id,
username: this.username,
name: this.name,
isAdmin: this.isAdmin,
},
config.get("jwtPrivateKey")
);
return token;
};
const User = mongoose.model("User", userSchema);
function validateUser(req) {
const schema = Joi.object({
username: Joi.string().min(5).max(255).required().email(),
password: Joi.string()
.regex(/^[a-zA-Z0-9]{3,255}$/)
.required(),
name: Joi.string().min(3).max(30).required(),
});
return schema.validate(req);
}
exports.User = User;
exports.validateUser = validateUser;
路线如下:
router.post("/", validate(validateUser), async (req, res) => {
let user = await User.findOne({ username: req.body.username });
if (user) return res.status(400).send("User already registered.");
user = new User(_.pick(req.body, ["username", "password", "name"]));
const salt = await bcrypt.genSalt(10);
user.password = await bcrypt.hash(user.password, salt);
await user.save();
const token = user.generateAuthToken();
res
.header("x-auth-token", token)
.send(_.pick(user, ["_id", "username", "name"]));
});
router.put("/:id", [auth, validate(validateUser)], async (req, res) => {
const user = await User.findByIdAndUpdate(
req.params.id,
{
username: req.body.username,
password: req.body.password, // This is what I DON'T want
name: req.body.name,
}
);
if (!user)
return res.status(404).send("The user with the given ID was not found.");
res.send(user);
});