验证来自nodejs的电子邮件

时间:2019-01-15 11:16:22

标签: javascript node.js nodemailer email-verification

我是后端的新手,当用户POST /register时,有一项任务来验证注册电子邮件地址。因此,在 user.controller.js 文件中,我正在使用哈希 user.email 地址设为秘密密钥。

const secret = crypto.randomBytes(20);
const hash = crypto.createHmac('sha256', secret)
                   .update(secret + user.email)
                   .digest('hex');
console.log(hash);

var expires = new Date();
expires.setHours(expires.getHours() + 6);

    user.emailResetToken = hash;
    user.emailExpires = expires;

所以,注册后,我有以下值:-

{
    "isVerified": false,
    "_id": "5c3db78774d8ad1124e6056f",
    "fullName": "ABC",
    "email": "abc@xyz.com",
    "password": "$2a$10$7JBeboru2xORj6d8wyR0W.Ulm/7JQs1dyP7H.Mr4lq8FcSP6KVnBa",
    "phoneNumber": "000631",
    "emailResetToken": "c4af02d40b31e6882692e75f85dab9198fbdcc2f132ee7a0ab0bd94420e4dd",
    "emailExpires": "2019-01-15T16:35:51.457Z",
    "saltSecret": "$2a$10$JBeboru2xORj6d8wyR0W.",
    "__v": 0
}

所以现在我面临两个问题

  • 我能够通过Nodemailer发送令牌emailResetToken的电子邮件,但不知道我是否能够正确传递令牌。

    let mailOptions = { from: '"XYZ" <xyz@gmail.com>', to: user.email, subject: "User verification ✔", html: 'Click the following link to confirm your account:</p><p><a href="+user.emailResetToken+">Click here to verify</a></p>' };

    点击电子邮件链接后,我收到重定向消息:The page you were on is trying to send you to an invalid URL (http://+user.emailResetToken+)

  • 第二,我不知道如何单击上面的链接,将emailResetToken令牌与数据库emailResetToken匹配,以便使此isVerified": false变成true

0 个答案:

没有答案