javascript - Mongoose "schema method"回调不工作

Question

我是 mongoose 和 node.js 的新手。我尝试按照本教程进行操作:https://scotch.io/tutorials/using-mongoosejs-in-node-js-and-mongodb-applications#sample-model-for-users

在我的入口点 index.js 中，我尝试调用“chenya.saltHashPassword(function(err, passwordHash)”。它实际上是在 user.js 中调用的，因为 user.js 可以打印出三个日志消息；但是，有在index.js中根本就没有这个方法调用的日志信息。相比之下，save方法可以打印出日志信息表明保存成功。:

//Lets load the mongoose module in our program
var mongoose = require('mongoose');

//Lets connect to our database using the DB server URL.
mongoose.connect('mongodb://localhost:27017/server_naturis');

// if our user.js file is at app/models/user.js
var User = require('./user');

// create a new user called Chenya
var chenya = new User({
  userName: 'Chenya',
  email: 'chenya@gmail.com',
  password: 'Chenya'
});

// call the custom method. hash the password
chenya.saltHashPassword(function(err, passwordHash) { // NOT CALLED!
  if (err) {
    console.log('chenya.saltHashPassword: ' + err);
  } else {
    this.password = passwordHash;
    console.log('Your hashed password is ' + passwordHash);
  }
});

// call the built-in save method to save to the database
chenya.save(function(err) { // CALLED!
  if (err) {
    console.log('chenya.save: ' + err);
  } else {
    console.log('User saved successfully!');
  }
});

在我的 user.js 中，我有模式函数“userSchema.methods.saltHashPassword”:

// grab the things we need
var mongoose = require('mongoose');
var Schema = mongoose.Schema;

// Require the crypto module for password hash
'use strict';
var crypto = require('crypto');

// create a schema
var userSchema = new Schema({
  userName: { type: String, required: true, unique: true },
  email: { type: String, required: true, unique: true },
  password: { type: String, required: true },
});

// add a schema method
/**
 * generates random string of characters i.e salt
 * @function
 * @param {number} length - Length of the random string.
 */
var genRandomString = function(length){
    return crypto.randomBytes(Math.ceil(length/2))
            .toString('hex') /** convert to hexadecimal format */
            .slice(0,length);   /** return required number of characters */
};
/**
 * hash password with sha512.
 * @function
 * @param {string} password - List of required fields.
 * @param {string} salt - Data to be validated.
 */
var sha512 = function(password, salt){
    var hash = crypto.createHmac('sha512', salt); /** Hashing algorithm sha512 */
    hash.update(password);
    var value = hash.digest('hex');
    return {
        salt:salt,
        passwordHash:value
    };
};
/**
 * a function that will use the above function 
 * to generate the hash that should be stored 
 * in the database as user’s password.
 */
userSchema.methods.saltHashPassword = function() {
    var salt = genRandomString(16); /** Gives us salt of length 16 */
    var passwordData = sha512(this.password, salt);
    console.log('UserPassword = '+ this.password);
    console.log('Passwordhash = '+ passwordData.passwordHash);
    console.log('\nSalt = '+ passwordData.salt);
    return passwordData.passwordHash;
}

// the schema is useless so far
// we need to create a model using it
var User = mongoose.model('User', userSchema);

// make this available to our users in our Node applications
module.exports = User;

终端:

UserPassword = Chenya
Passwordhash = 5bb5bf2181e2c713bae1eb49d1f3646b23db839368d38c33951774c92cec39a3c4b855aea30875e72cce6f271bdbdb27de8976c9316df09d086435b6c5629548

Salt = a88384d072b720de
(node:11717) DeprecationWarning: Mongoose: mpromise (mongoose's default promise library) is deprecated, plug in your own promise library instead: http://mongoosejs.com/docs/promises.html
User saved successfully!

Answer 1

您没有将回调参数传递到 userSchema.methods.saltHashPassword 中，而是像对待函数一样对待该函数。

将 userSchema.methods.saltHashPassword 更改为:

userSchema.methods.saltHashPassword = function(callback) { // <-- Add callback param
    var salt = genRandomString(16); /** Gives us salt of length 16 */
    var passwordData = sha512(this.password, salt);
    console.log('UserPassword = '+ this.password);
    console.log('Passwordhash = '+ passwordData.passwordHash);
    console.log('\nSalt = '+ passwordData.salt);

    // Your function that you passed in is called here
    callback(null, passwordData.passwordHash);
}

你回调的原因不是在 saltHashPassword 中调用而是在 save 中调用是因为 Mongoose 定义该方法需要一个接收错误参数和实际返回值的回调函数。

发生错误时，预计回调将定义错误处理，这是一种很好的做法，也是为什么您会看到教程建议您这样做的原因。当您为 Schema 定义自己的方法时，您将不再拥有它，必须自己设置它。

正如您在上面的函数中看到的那样，这就是发生的事情。现在你的回调作为参数传入，使用 callback(null, passwordData.passwordHash) 调用它将使它执行。如果您曾经发生过错误，则可以将其保存为变量，例如err 并将其作为 callback(err, null)

传递到您的函数中

回到盐。我还没有读过您的教程，但请务必将它们与您的用户数据一起保存在数据库中，以便在用户登录时验证密码。

这里有很好的资源:

Password Hashing add salt + pepper or is salt enough?

您需要盐来生成您存储在数据库中的相同散列密码。如果您无权访问该盐，则无法知道给定的密码是否会生成相同的哈希值。