我做了一个用户创建记录的数据库,年龄,姓名,电子邮件,&密码。我使用sequelize ORMfor My Sql database.
module.exports = (sequelize, Sequelize) => {
const User = sequelize.define("users", {
age: {
type: Sequelize.INTEGER
},
name: {
type: Sequelize.STRING
},
email: {
type: Sequelize.STRING
},
password: {
type: Sequelize.STRING
},
tokens: {
type: Sequelize.STRING
}
});
return User;
};
在为记录输入之后,我使用了bcrypt用于散列和安全地存储密码。
exports.create = (req, res) => {
if (!req.body.age) {
return res.status(400).send({
message: "Age can not be empty!"
})
}
if (!req.body.name) {
return res.status(400).send({
message: "Name can not be empty!"
})
}
if (!req.body.email) {
return res.status(400).send({
message: "email can not be empty!"
})
}
if (!req.body.password) {
return res.status(400).send({
message: "Password can not be empty!"
})
}
const tutorials = {
age: req.body.age,
name: req.body.name,
email: req.body.email,
password: req.body.password
};
Users.create(tutorials)
.then(data => {
try {
const hash = bcrypt.hashSync(req.body.password, 8);
Users.build({ age: req.body.age, name: req.body.name, email: req.body.email, password: hash })
.save()
res.status(200).json({
message: 'Created Database with Hashed password'
})
return;
}
catch (e) {
console.log(e);
res.status(500).send('something broke')
}
res.send(data);
})
.catch(err => {
res.status(500).send({
message:
err.message || "Some error occurred while creating the User."
});
});
};
现在,当我击中API,我得到2列表在我的用户表
id age name email password
1 1 Trial1 Trial1@gmail.com Trial1@123
2 1 Trial1 Trial1@gmail.com $2a$08$v0Bax1fXFTC5VKnkrlPpxu5vDenWRKgMLvr0POyWimiwqNCZKYwr2
但我希望只有一个记录被存储与哈希密码,而不是纯文本密码。请帮我修一下。
在sequelize中,以下两种插入数据的方式是等价的:
let mickey = await User.create({
username: 'mickey_mouse',
e-mail: 'mickey@example.com'
})
// is equivalent to
let mickey = User.build({
username: 'mickey_mouse',
e-mail: 'mickey@example.com'
})
await mickey.save()
另外,最好不要将密码保存在数据库中,然后用散列更新它。相反,可以使用初始插入保存散列,如下所示:
exports.create = (req, res) => {
if (!req.body.age) {
return res.status(400).send({
message: "Age can not be empty!"
})
}
if (!req.body.name) {
return res.status(400).send({
message: "Name can not be empty!"
})
}
if (!req.body.email) {
return res.status(400).send({
message: "email can not be empty!"
})
}
if (!req.body.password) {
return res.status(400).send({
message: "Password can not be empty!"
})
}
const hash = bcrypt.hashSync(req.body.password, 8);
const tutorials = {
age: req.body.age,
name: req.body.name,
email: req.body.email,
password: hash
};
Users.create(tutorials)
.then(user => {
try {
res.status(200).json({
message: 'Created Database with Hashed password'
})
return;
}
catch (e) {
console.log(e);
res.status(500).send('something broke')
}
res.send(data);
})
.catch(err => {
res.status(500).send({
message:
err.message || "Some error occurred while creating the User."
});
});
};