我目前有一个用户系统,用户可以互相添加为朋友。这是我的路线:
app.post("/addFriend", function(req, res) {
var conditions = {
$or: [
{$and: [
{username: req.body.globalUserName},
{$or: [
{'pendingFriends._id': {$ne: req.user._id}},
{'friends._id': {$ne: req.user._id}}
]}
]},
{$and: [
{username: req.user.username},
{$or: [
{'pendingFriends._id': {$ne: req.body.globalUserId}},
{'friends._id': {$ne: req.body.globalUserId}}
]}
]}
]
}
var update = {
$addToSet: {pendingFriends: { _id: req.user._id, username: req.user.username, language: req.user.language, profilePicture: req.user.profilePicture}}
}
User.findOneAndUpdate(conditions, update, function(error, doc) {
if(error) {
console.log(currentTime + " - FRIEND_REQUEST_SEND_ERROR: '" + req.user.username + "' TRIED TO SEND A FRIEND REQUEST TO '" + req.body.globalUserName + "'");
}
else {
console.log(currentTime + " - FRIEND_REQUEST_SENT: '" + req.user.username + "' SENT A FRIEND REQUEST TO '" + req.body.globalUserName + "'");
}
res.redirect("/talk");
});
});
这就是它的工作原理。
U1向U2发送好友请求。
U1被添加到U2的pendingFriends。
如果U2接受,U1会去U2的朋友,U2会去U1的朋友。
但是,我现在知道有两个错误。
如果U1向U2发送好友请求,而U1在U2的pendingFriends中,则U2可以向U1发送好友请求。
此外,如果U1向U2发送好友请求,则在U2接受后,U1和U2都可以向对方发送好友请求。
我该如何解决这个问题?顺便说一下,req.user是执行操作的用户(发送表单等)。 req.body.globalUserId是执行操作的用户尝试添加的用户的ID。
EDIT(用户请求的用户架构):
UserSchema = new mongoose.Schema({
username: String,
email: String,
password: String,
language: { type: String, default: "English" },
profilePicture: { type: String, default: "/images/talk/blank-profile-picture.png" },
status: String,
pendingFriends: [this],
friends: [this]
})
答案 0 :(得分:0)
U1 =用户名=>的用户req.body.globalUserName
U2 =已登录用户
查询查找:
U1 IF U2 is not a pending friend OR U2 is not a friend
OR
U2 IF U1 is not a pending friend OR U1 is not a friend
更新只会找到其中一个用户,并将U1添加到其pendingFriends中 例如,如果U2向U1发送请求,并且系统中不存在U1,则U2会将自己添加到自己的待处理好友中
我们实际上并不想找到U2,我们只是想确保U1不是U2的朋友/待定的朋友。
正确的查询将与
一致let U2PendingFriendIds = array of all U2's pending friends ids
let U2FriendIds = array of all U2's friends ids
var conditions = {
$or: [
{$and: [
{_id: {$nin: U2PendingFriendIds}, // not a pending friend of U2
{_id: {$nin: U2FriendIds}, // not a friend of U2
{username: req.body.globalUserName},
{'pendingFriends._id': {$ne: req.user._id}}, // U2 is not a pending friend
{'friends._id': {$ne: req.user._id}} // U2 is not a friend
]}
]
}
答案 1 :(得分:0)
终于修好了!这是我的代码:
app.post("/addFriend", function(req, res) {
var pendingIds, friendIds;
if (req.user.pendingFriends.length > 0) {
pendingIds = new Array(req.user.pendingFriends.length - 1);
req.user.pendingFriends.forEach(function (pendingFriend) {
pendingIds.push(pendingFriend._id);
console.log("Pending friend id: " + pendingFriend._id);
})
}
if (req.user.friends.length > 0) {
friendIds = new Array(req.user.friends.length - 1);
req.user.friends.forEach(function (friend) {
friendIds.push(friend._id);
console.log("Friend id: " + friend._id);
})
}
var conditions = {
$or: [
{$and: [
{_id: {$nin: pendingIds}}, // not a pending friend of U2
{_id: {$nin: friendIds}}, // not a friend of U2
{username: req.body.globalUserName},
{'pendingFriends._id.toString()': {$ne: req.user._id.toString()}}, // U2 is not a pending friend
{'friends._id.toString()': {$ne: req.user._id.toString()}} // U2 is not a friend
]}
]
}
var update = {
$addToSet: {pendingFriends: { _id: req.user._id.toString(), username: req.user.username, language: req.user.language, profilePicture: req.user.profilePicture}}
}
User.findOneAndUpdate(conditions, update, function(error, doc) {
if(error) {
console.log(currentTime + " - FRIEND_REQUEST_SEND_ERROR: '" + req.user.username + "' TRIED TO SEND A FRIEND REQUEST TO '" + req.body.globalUserName + "'");
}
else {
console.log(currentTime + " - FRIEND_REQUEST_SENT: '" + req.user.username + "' SENT A FRIEND REQUEST TO '" + req.body.globalUserName + "'");
}
res.redirect("/talk");
});
});
答案 2 :(得分:0)
我刚刚发现的一个资源是一个npm模块,它可以促进所有友谊功能。您可以在此处找到它:https://www.npmjs.com/package/mongoose-friends
我意识到你已经有了添加朋友的代码设置,但是这个模块可能是一种替代的攻击方法,可以帮助你减少代码处理和简化阅读的麻烦。只有你感兴趣的时候才会这样。