我有两个模型User
和Email
。 Email
具有来自User
的外键。
电子邮件在数据库中保存之前,其值已加密。并在检索电子邮件时将其解密。因此,电子邮件在数据库中绝不会采用纯文本格式,但是在API中使用时,它们可以采用纯文本格式。我正在使用hooks来实现该功能。
我指定的钩子如下:
hooks: {
/**
* The query will have plain text email,
* The database has encrypted email.
* Thus, encrypt the query email (if any) BEFORE the query is fired
**/
beforeFind: query => {
if (query && query.where && query.where.email) {
const email = query.where.email;
const AESHash = AES.encrypt(email, KEY, { iv: IV });
const encrypted = AESHash.toString();
query.where.email = encrypted;
console.log(`[hook beforeFind] email "${email}" was changed to "${encrypted}"`);
} else {
console.log(`[hook beforeFind] skipped "${query ? JSON.stringify(query) : query}"`);
}
},
/**
* Once the result is retrieved, the emails (if any) would be encrypted.
* But, the API expects plain text emails.
* Thus, decrypt them BEFORE the query response is returned.
*/
afterFind: query => {
if (query && (query.dataValues || query.email)) {
const email = query.dataValues || query.email;
const decrypt = AES.decrypt(email, KEY, { iv: IV });
const decrypted = decrypt.toString(enc.Utf8);
if (query.dataValues) {
query.dataValues.email = decrypted;
} else {
query.email = decrypted;
}
console.log(`[hook afterFind] email "${email}" was changed to "${decrypted}"`);
} else {
console.log(`[hook afterFind] skipped "${query ? JSON.stringify(query) : query}"`);
}
},
/**
* The API provides plain text email when creating an instance.
* But emails in database have to be encrypted.
* Thus, we need to encrypt the email BEFORE it gets saved in database
*/
beforeCreate: model => {
const email = model.dataValues.email;
if (email.includes("@")) {
const AESHash = AES.encrypt(email, KEY, { iv: IV });
const encrypted = AESHash.toString();
model.dataValues.email = encrypted;
console.log(`[hook beforeCreate] email "${email}" was changed to "${encrypted}"`);
} else {
console.log(`[hook beforeCreate] skipped "${email}"`);
}
},
/**
* Once they are created, the create() response will have the encrypted email
* As API uses plain text email, we will need to decrypt them.
* Thus, Decrypt the email BEFORE the create() response is returned.
*/
afterCreate: model => {
const email = model.dataValues.email;
if (!email.includes("@")) {
const decrypt = AES.decrypt(email, KEY, { iv: IV });
const decrypted = decrypt.toString(enc.Utf8);
model.dataValues.email = decrypted;
console.log(`[hook afterCreate] email "${email}" was changed to "${decrypted}"`);
} else {
console.log(`[hook afterCreate] skipped "${email}"`);
}
}
}
当我需要创建/查询Email
模型时,它们可以完美工作。例如:
async function findEmail() {
console.log("[function findEmail] Executing");
const existingEmail = await Email.findOne({
raw: true
});
console.log("[function findEmail] Result:", existingEmail);
}
并输出:
[function findEmail] Executing
[hook beforeFind] skipped "{"raw":true,"limit":1,"plain":true,"rejectOnEmpty":false,"hooks":true}"
[hook afterFind] email "ZxJlbVDJ9MNdCTreKUHPDW6SiNCTslSPCZygnfxE9n0=" was changed to "someone@example.com"
[function findEmail] Result: { id: 1, email: 'someone@example.com', user_id: 1 }
但是,当我查询User
模型并包含Email
模型时,它们不起作用。
例如:
async function findUser() {
console.log("[function findUser] Executing");
const existingUser = await User.findOne({
include: [{ model: Email }],
raw: true
});
console.log("[function findUser] Result:", existingUser);
}
输出为:
[function findUser] Executing
[hook afterFind] skipped "null"
[hook beforeCreate] email "someone@example.com" was changed to "QuLr/hi7QaJ4vKmxneW0jqwyqQdwhQDQbp+qW1vGpPE="
[hook afterCreate] email "QuLr/hi7QaJ4vKmxneW0jqwyqQdwhQDQbp+qW1vGpPE=" was changed to "someone@example.com"
[function findUser] Result: { id: 1,
name: 'John Doe',
'Email.id': 1,
'Email.email': 'QuLr/hi7QaJ4vKmxneW0jqwyqQdwhQDQbp+qW1vGpPE=',
'Email.user_id': 1 }
我的问题是: 为什么在查询其他模型时包含指定了钩子的模型时未执行钩子?
这是我使用的完整代码:-在codesandbox
const Sequelize = require("sequelize");
const cryptoJS = require("crypto-js");
const crypto = require("crypto");
const AES = cryptoJS.AES;
const enc = cryptoJS.enc;
const KEY = enc.Utf8.parse(crypto.randomBytes(64).toString("base64"));
const IV = enc.Utf8.parse(crypto.randomBytes(64).toString("base64"));
const DataTypes = Sequelize.DataTypes;
const connectionOptions = {
dialect: "sqlite",
operatorsAliases: false,
storage: "./database.sqlite",
logging: null,
define: {
timestamps: false,
underscored: true
}
};
const sequelize = new Sequelize(connectionOptions);
const User = sequelize.define("User", {
name: {
type: DataTypes.STRING
}
});
const Email = sequelize.define(
"Email",
{
email: {
type: DataTypes.STRING
}
},
{
hooks: {
/**
* The query will have plain text email,
* The database has encrypted email.
* Thus, encrypt the query email (if any) BEFORE the query is fired
**/
beforeFind: query => {
if (query && query.where && query.where.email) {
const email = query.where.email;
const AESHash = AES.encrypt(email, KEY, { iv: IV });
const encrypted = AESHash.toString();
query.where.email = encrypted;
console.log(`[hook beforeFind] email "${email}" was changed to "${encrypted}"`);
} else {
console.log(`[hook beforeFind] skipped "${query ? JSON.stringify(query) : query}"`);
}
},
/**
* Once the result is retrieved, the emails (if any) would be encrypted.
* But, the API expects plain text emails.
* Thus, decrypt them BEFORE the query response is returned.
*/
afterFind: query => {
if (query && (query.dataValues || query.email)) {
const email = query.dataValues || query.email;
const decrypt = AES.decrypt(email, KEY, { iv: IV });
const decrypted = decrypt.toString(enc.Utf8);
if (query.dataValues) {
query.dataValues.email = decrypted;
} else {
query.email = decrypted;
}
console.log(`[hook afterFind] email "${email}" was changed to "${decrypted}"`);
} else {
console.log(`[hook afterFind] skipped "${query ? JSON.stringify(query) : query}"`);
}
},
/**
* The API provides plain text email when creating an instance.
* But emails in database have to be encrypted.
* Thus, we need to encrypt the email BEFORE it gets saved in database
*/
beforeCreate: model => {
const email = model.dataValues.email;
if (email.includes("@")) {
const AESHash = AES.encrypt(email, KEY, { iv: IV });
const encrypted = AESHash.toString();
model.dataValues.email = encrypted;
console.log(`[hook beforeCreate] email "${email}" was changed to "${encrypted}"`);
} else {
console.log(`[hook beforeCreate] skipped "${email}"`);
}
},
/**
* Once they are created, the create() response will have the encrypted email
* As API uses plain text email, we will need to decrypt them.
* Thus, Decrypt the email BEFORE the create() response is returned.
*/
afterCreate: model => {
const email = model.dataValues.email;
if (!email.includes("@")) {
const decrypt = AES.decrypt(email, KEY, { iv: IV });
const decrypted = decrypt.toString(enc.Utf8);
model.dataValues.email = decrypted;
console.log(`[hook afterCreate] email "${email}" was changed to "${decrypted}"`);
} else {
console.log(`[hook afterCreate] skipped "${email}"`);
}
}
}
}
);
Email.belongsTo(User, { allowNull: true });
User.hasOne(Email, { allowNull: true });
sequelize
.authenticate()
.then(() => sequelize.sync({ force: true }))
.then(() => main())
.catch(err => {
console.log(err);
});
async function create() {
const aUser = await User.build({ name: "John Doe" });
const anEmail = await Email.build({ email: "someone@example.com" });
aUser.setEmail(anEmail);
await aUser.save();
}
async function findUser() {
console.log("[function findUser] Executing");
const existingUser = await User.findOne({
include: [{ model: Email }],
raw: true
});
console.log("[function findUser] Result:", existingUser);
}
async function findEmail() {
console.log("[function findEmail] Executing");
const existingEmail = await Email.findOne({
raw: true
});
console.log("[function findEmail] Result:", existingEmail);
}
async function main() {
await create();
console.log();
await findUser();
console.log();
await findEmail();
}
答案 0 :(得分:0)
这是续集中的一个已知问题,似乎没有任何解决方案。参见github问题here。
另一种方法是在模型属性上使用getter和setter。但是,钩子的问题在于它们不支持异步,因此没有承诺或回调。