mongoose更新用户配置文件，无需用户输入密码_Mongoose

mongoose更新用户配置文件，无需用户输入密码

mongoose

mongoose更新用户配置文件，无需用户输入密码,mongoose,Mongoose,使用Node Express Mongoose，我希望登录用户能够更新其个人资料，而无需在更新表单上再次提供密码。他们在登录时提供了它，并收到了JWT 我遇到的问题是，我已设置Mongoose以要求输入密码。因此，我正在构建的API在提交用户更新表单时给出了错误的请求错误，并且不包含密码 JWT不包含密码，因此我无法从那里获取密码 const config = require("config"); const jwt = require("jsonwebtoken

使用Node Express Mongoose，我希望登录用户能够更新其个人资料，而无需在更新表单上再次提供密码。他们在登录时提供了它，并收到了JWT

我遇到的问题是，我已设置Mongoose以要求输入密码。因此，我正在构建的API在提交用户更新表单时给出了错误的请求错误，并且不包含密码

JWT不包含密码，因此我无法从那里获取密码

const config = require("config");
const jwt = require("jsonwebtoken");
const Joi = require("@hapi/joi");
const mongoose = require("mongoose");

const userSchema = new mongoose.Schema({
  username: {
    type: String,
    required: true,
    minlenghth: 5,
    maxlength: 255,
    unique: true,
    trim: true,
  },
  password: {
    type: String,
    required: true,
    minlength: 3,
    maxlength: 1024,
    trim: true,
  },
  name: {
    type: String,
    required: true,
    minlength: 3,
    maxlength: 30,
    trim: true,
  }
});

userSchema.methods.generateAuthToken = function () {
  const token = jwt.sign(
    {
      _id: this._id,
      username: this.username,
      name: this.name,
      isAdmin: this.isAdmin,
    },
    config.get("jwtPrivateKey")
  );
  return token;
};

const User = mongoose.model("User", userSchema);

function validateUser(req) {
  const schema = Joi.object({
    username: Joi.string().min(5).max(255).required().email(),
    password: Joi.string()
      .regex(/^[a-zA-Z0-9]{3,255}$/)
      .required(),
    name: Joi.string().min(3).max(30).required(),
  });
  return schema.validate(req);
}

exports.User = User;
exports.validateUser = validateUser;

路线如下所示：

router.post("/", validate(validateUser), async (req, res) => {
  let user = await User.findOne({ username: req.body.username });
  if (user) return res.status(400).send("User already registered.");

  user = new User(_.pick(req.body, ["username", "password", "name"]));
  const salt = await bcrypt.genSalt(10);
  user.password = await bcrypt.hash(user.password, salt);

  await user.save();
  const token = user.generateAuthToken();
  res
    .header("x-auth-token", token)
    .send(_.pick(user, ["_id", "username", "name"]));
});

router.put("/:id", [auth, validate(validateUser)], async (req, res) => {
  const user = await User.findByIdAndUpdate(
    req.params.id,
    {
      username: req.body.username,
      password: req.body.password, // This is what I DON'T want
      name: req.body.name,
    }
  );
  if (!user)
    return res.status(404).send("The user with the given ID was not found.");

  res.send(user);
});