我是 mongoose 和 node.js 的新手。我尝试按照本教程进行操作:https://scotch.io/tutorials/using-mongoosejs-in-node-js-and-mongodb-applications#sample-model-for-users
在我的入口点 index.js 中,我尝试调用“chenya.saltHashPassword(function(err, passwordHash)”。它实际上是在 user.js 中调用的,因为 user.js 可以打印出三个日志消息;但是,有在index.js中根本就没有这个方法调用的日志信息。相比之下,save方法可以打印出日志信息表明保存成功。:
//Lets load the mongoose module in our program
var mongoose = require('mongoose');
//Lets connect to our database using the DB server URL.
mongoose.connect('mongodb://localhost:27017/server_naturis');
// if our user.js file is at app/models/user.js
var User = require('./user');
// create a new user called Chenya
var chenya = new User({
userName: 'Chenya',
email: 'chenya@gmail.com',
password: 'Chenya'
});
// call the custom method. hash the password
chenya.saltHashPassword(function(err, passwordHash) { // NOT CALLED!
if (err) {
console.log('chenya.saltHashPassword: ' + err);
} else {
this.password = passwordHash;
console.log('Your hashed password is ' + passwordHash);
}
});
// call the built-in save method to save to the database
chenya.save(function(err) { // CALLED!
if (err) {
console.log('chenya.save: ' + err);
} else {
console.log('User saved successfully!');
}
});
在我的 user.js 中,我有模式函数“userSchema.methods.saltHashPassword”:
// grab the things we need
var mongoose = require('mongoose');
var Schema = mongoose.Schema;
// Require the crypto module for password hash
'use strict';
var crypto = require('crypto');
// create a schema
var userSchema = new Schema({
userName: { type: String, required: true, unique: true },
email: { type: String, required: true, unique: true },
password: { type: String, required: true },
});
// add a schema method
/**
* generates random string of characters i.e salt
* @function
* @param {number} length - Length of the random string.
*/
var genRandomString = function(length){
return crypto.randomBytes(Math.ceil(length/2))
.toString('hex') /** convert to hexadecimal format */
.slice(0,length); /** return required number of characters */
};
/**
* hash password with sha512.
* @function
* @param {string} password - List of required fields.
* @param {string} salt - Data to be validated.
*/
var sha512 = function(password, salt){
var hash = crypto.createHmac('sha512', salt); /** Hashing algorithm sha512 */
hash.update(password);
var value = hash.digest('hex');
return {
salt:salt,
passwordHash:value
};
};
/**
* a function that will use the above function
* to generate the hash that should be stored
* in the database as user’s password.
*/
userSchema.methods.saltHashPassword = function() {
var salt = genRandomString(16); /** Gives us salt of length 16 */
var passwordData = sha512(this.password, salt);
console.log('UserPassword = '+ this.password);
console.log('Passwordhash = '+ passwordData.passwordHash);
console.log('\nSalt = '+ passwordData.salt);
return passwordData.passwordHash;
}
// the schema is useless so far
// we need to create a model using it
var User = mongoose.model('User', userSchema);
// make this available to our users in our Node applications
module.exports = User;
终端:
UserPassword = Chenya
Passwordhash = 5bb5bf2181e2c713bae1eb49d1f3646b23db839368d38c33951774c92cec39a3c4b855aea30875e72cce6f271bdbdb27de8976c9316df09d086435b6c5629548
Salt = a88384d072b720de
(node:11717) DeprecationWarning: Mongoose: mpromise (mongoose's default promise library) is deprecated, plug in your own promise library instead: http://mongoosejs.com/docs/promises.html
User saved successfully!
最佳答案
您没有将回调参数传递到 userSchema.methods.saltHashPassword
中,而是像对待函数一样对待该函数。
将 userSchema.methods.saltHashPassword
更改为:
userSchema.methods.saltHashPassword = function(callback) { // <-- Add callback param
var salt = genRandomString(16); /** Gives us salt of length 16 */
var passwordData = sha512(this.password, salt);
console.log('UserPassword = '+ this.password);
console.log('Passwordhash = '+ passwordData.passwordHash);
console.log('\nSalt = '+ passwordData.salt);
// Your function that you passed in is called here
callback(null, passwordData.passwordHash);
}
你回调的原因不是在 saltHashPassword
中调用而是在 save
中调用是因为 Mongoose
定义该方法需要一个接收错误参数和实际返回值的回调函数。
发生错误时,预计回调将定义错误处理,这是一种很好的做法,也是为什么您会看到教程建议您这样做的原因。当您为 Schema
定义自己的方法时,您将不再拥有它,必须自己设置它。
正如您在上面的函数中看到的那样,这就是发生的事情。现在你的回调作为参数传入,使用 callback(null, passwordData.passwordHash)
调用它将使它执行。如果您曾经发生过错误,则可以将其保存为变量,例如err
并将其作为 callback(err, null)
回到盐。我还没有读过您的教程,但请务必将它们与您的用户数据一起保存在数据库中,以便在用户登录时验证密码。
这里有很好的资源:
Password Hashing add salt + pepper or is salt enough?
您需要盐来生成您存储在数据库中的相同散列密码。如果您无权访问该盐,则无法知道给定的密码是否会生成相同的哈希值。
关于javascript - Mongoose "schema method"回调不工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39049819/