我是后端的新手,当用户POST /register时,有一项任务来验证注册电子邮件地址。因此,在 user.controller.js 文件中,我正在使用哈希将 user.email 地址设为秘密密钥。
const secret = crypto.randomBytes(20);
const hash = crypto.createHmac('sha256', secret)
.update(secret + user.email)
.digest('hex');
console.log(hash);
var expires = new Date();
expires.setHours(expires.getHours() + 6);
user.emailResetToken = hash;
user.emailExpires = expires;
所以,注册后,我有以下值:-
{
"isVerified": false,
"_id": "5c3db78774d8ad1124e6056f",
"fullName": "ABC",
"email": "abc@xyz.com",
"password": "$2a$10$7JBeboru2xORj6d8wyR0W.Ulm/7JQs1dyP7H.Mr4lq8FcSP6KVnBa",
"phoneNumber": "000631",
"emailResetToken": "c4af02d40b31e6882692e75f85dab9198fbdcc2f132ee7a0ab0bd94420e4dd",
"emailExpires": "2019-01-15T16:35:51.457Z",
"saltSecret": "$2a$10$JBeboru2xORj6d8wyR0W.",
"__v": 0
}
所以现在我面临两个问题
我能够通过Nodemailer发送令牌emailResetToken的电子邮件,但不知道我是否能够正确传递令牌。
let mailOptions = {
from: '"XYZ" <xyz@gmail.com>',
to: user.email,
subject: "User verification ✔",
html: 'Click the following link to confirm your account:</p><p><a href="+user.emailResetToken+">Click here to verify</a></p>'
};
点击电子邮件链接后,我收到重定向消息:The page you were on is trying to send you to an invalid URL (http://+user.emailResetToken+)
第二,我不知道如何单击上面的链接,将emailResetToken令牌与数据库emailResetToken匹配,以便使此isVerified": false变成true。