Mongodb mongoose schema不确定是否正确且安全地使用了令牌
嘿,伙计们,这是我的mongoose模式,可以创建一个用户令牌,该令牌将包含在密码重置链接中,我只是想知道它看起来是否正确?此外,不确定如何准确地调用新令牌,在创建用户后,User.save或User.find是否会更新,然后在路由文件中包含令牌?另外,我应该在令牌字段中插入什么作为从这里加密的令牌中提取的值 文件如下:Mongodb mongoose schema不确定是否正确且安全地使用了令牌,mongodb,passwords,mongoose,Mongodb,Passwords,Mongoose,嘿,伙计们,这是我的mongoose模式,可以创建一个用户令牌,该令牌将包含在密码重置链接中,我只是想知道它看起来是否正确?此外,不确定如何准确地调用新令牌,在创建用户后,User.save或User.find是否会更新,然后在路由文件中包含令牌?另外,我应该在令牌字段中插入什么作为从这里加密的令牌中提取的值 文件如下: var mongoose = require('mongoose'), Schema = mongoose.Schema, ObjectId = mongoos
var mongoose = require('mongoose'),
Schema = mongoose.Schema,
ObjectId = mongoose.Schema.Types.ObjectId,
bcrypt = require('bcrypt-nodejs'),
SALT_WORK_FACTOR = 10;
var crypto = require('crypto');
var UserToken;
var UserSchema = new Schema({
email: { type: String, required: true, lowercase:true, index: { unique: true } },
password: { type: String, required: true },
firstName: {type: String, required: true},
lastName: {type: String, required: true},
phone: {type: Number, required: true},
birthday: {type: Date, required: true},
friendRequest: {type: Object},
notifications: {type: Object},
friend: {type: Object},
date_created: {type: Date},
token: {type: String}
}, {collection: "users"});
UserSchema.statics.new = function(_id, fn) {
var user = new UserToken();
crypto.randomBytes(48, function(ex, buff) {
var token = buff.toString('based64').replace(/\//g, '_').replace(/\+/g, '-');
user.token = _id + '|' + token.toString().slice(1,24);
user._id = _id;
user.save(fn);
});
};
module.exports = mongoose.model('User', UserSchema);