如何解决猫鼬更新用户个人资料,而无需用户输入密码
使用Node Express猫鼬,我希望已登录的用户能够更新其个人资料,而不必在更新表单上再次提供密码。他们在登录时提供了它,并收到了JWT。
我遇到的问题是我设置了Mongoose要求输入密码。 因此,当用户更新表单被提交且不包含密码时,我正在构建的API会产生错误的请求错误。
JWT不包含密码,所以我不能从那里获取密码。
const config = require("config");
const jwt = require("jsonwebtoken");
const Joi = require("@hapi/joi");
const mongoose = require("mongoose");
const userSchema = new mongoose.Schema({
username: {
type: String,required: true,minlenghth: 5,maxlength: 255,unique: true,trim: true,},password: {
type: String,minlength: 3,maxlength: 1024,name: {
type: String,maxlength: 30,}
});
userSchema.methods.generateAuthToken = function () {
const token = jwt.sign(
{
_id: this._id,username: this.username,name: this.name,isAdmin: this.isAdmin,config.get("jwtPrivateKey")
);
return token;
};
const User = mongoose.model("User",userSchema);
function validateUser(req) {
const schema = Joi.object({
username: Joi.string().min(5).max(255).required().email(),password: Joi.string()
.regex(/^[a-zA-Z0-9]{3,255}$/)
.required(),name: Joi.string().min(3).max(30).required(),});
return schema.validate(req);
}
exports.User = User;
exports.validateUser = validateUser;
路线如下:
router.post("/",validate(validateUser),async (req,res) => {
let user = await User.findOne({ username: req.body.username });
if (user) return res.status(400).send("User already registered.");
user = new User(_.pick(req.body,["username","password","name"]));
const salt = await bcrypt.genSalt(10);
user.password = await bcrypt.hash(user.password,salt);
await user.save();
const token = user.generateAuthToken();
res
.header("x-auth-token",token)
.send(_.pick(user,["_id","username","name"]));
});
router.put("/:id",[auth,validate(validateUser)],res) => {
const user = await User.findByIdAndUpdate(
req.params.id,{
username: req.body.username,password: req.body.password,// This is what I DON'T want
name: req.body.name,}
);
if (!user)
return res.status(404).send("The user with the given ID was not found.");
res.send(user);
});
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。