Mongoose MODEL update() vs save() - node.js

There were a question about update() vs save(), but it was targeting some different stuff (I guess, purely related mongoose.Schema methods, but not to the actual document)
I have a following scenario, where user logs in to website:
I need to load document (find it by userModel.email)
Check if a userModel.password hash matches to what was recieved
Update userModel.lastLogin timestamp
Append authorization event to userModel.myEvents[] array
So I am wondering - what is a proper way to go?
1)
let foundUser = userModel.findOne({ email: recievedEmail });
if(foundUser.password != recievedPassword)
return res.status(400).json({e: "invalid pass"});
foundUser.lastLogin = new Date();
foundUser.myEvents.push(authEvent)
foundUser.save();
2)
let foundUser = userModel.findOne({ email: recievedEmail });
if(foundUser.password != recievedPassword)
return res.status(400).json({e: "invalid pass"});
foundUser.update({
$push: { myEvents: authEvent },
$set: { lastLogin: new Date() }
});
foundUser.save();
3)
let foundUser = userModel.findOne({ email: recievedEmail });
if(foundUser.password != recievedPassword)
return res.status(400).json({e: "invalid pass"});
userModel.updateOne({_id: foundUser._id}, {$push: ...
// seems no save is required here?
4)
// I am doing it wrong, and you have faster/higher/stronger variant?

First of all, you don't need to call foundUser.save() when you are using foundUser.update() method.
And, all the above methods are almost equally efficient as there are two calls being made to the database. So, it comes down to your personal preference.
And, one more method with just one call to the database can be executed in this manner:-
let foundUser = await userModel.findOneAndUpdate(
{ email: recievedEmail, password: hashedPassword },
{ $set: { lastLogin: new Date() }, $push: { myEvents: authEvent } }
);
In this method, if a user with given email and password exists, that user will be updated and corresponding updated document will be returned in a foundUser variable. So you don't have to perform an additional check on password: If findOneAndUpdate() returns a document, it means password and email matched. You have just to check for null or undefined on the returned document for no match.

Related

Mongoose model methods - create document if unique

I'm new to MongoDB and Mongoose. I'm using it with my Node project (with Express), and I'm trying to keep everything organized and separated. For example, I'm trying to keep all the database queries in each model file. This way all other files could simply use User.createNew({ fields }) and a new user will be created.
I need each user to be unique (based on their usernames), and I'm not sure exactly where to keep this functionality. I set unique: true in the Schema but upon reading Mongoose's documentation, they stated that unique is not real validation (or something about how validation should happen beforehand). So my main problem is how to create a static method to create a new user, and also validate this user doesn't exist beforehand. I could implement all of this in one static method:
userSchema.statics.createUser = function (username, ..., cb) {
this.findOne({ username }, function (err) {
if (err) {
return new this({
username,
...
}).save(cb);
} else {
return Promise.reject(new Error("User already exists!"));
}
});
};
I'm pretty confused with the whole cb function and what I'm supposed to pass to it.
After reading other posts about validation, I realized I could also do something like this:
const userSchema = new mongoose.Schema({
username: {
type: String,
unique: true,
validate: function (val, fn) {
this.find({ username: val }, function (err) {
fn(err || true);
});
},
message: function (props) {
`Username '${props.value}' already exists.`;
},
},
...
Also here I'm confused about what fn accepts and what it even does (I found an answer similar to this with no explanation online).
In the end, I would like to use this model in a controller to create a new user, like this
User.createNew({ username: "example", ...})
.then(doc => console.log("User was created: " + doc))
.catch(err => console.error) // The error is something custom like "This user already exists"
Any help is appreciated!

I need to update only user name in my app using Node.js and MongoDB

async function update(id, userParam) {
const user = await User.findById(id);
// validate
if (!user) throw 'User not found';
if (user.username !== userParam.username && await User.findOne({ username: userParam.username })) {
throw 'Username "' + userParam.username + '" is already taken';
}
// hash password if it was entered
if (userParam.password) {
userParam.hash = bcrypt.hashSync(userParam.password, 10);
}
// copy userParam properties to user
Object.assign(user, userParam);
await user.save();
}
When I send an update request it updates everything in the body. I only need to send userid, username and user role and update to update only those fields. I am very beginner.PLEASE help me to solve my issue
You can find the document and update the field what you want by using "updateOne". for example, here I am going to update User collection's username only. mongodb's "updateOne" will fulfill that task here basically updateOne has 3 parameters.
search the document you can use any filed here I have used the _id field.
{ "_id": "232323"}
second parameater is {$set:{"username":"kalo"} this will set the new value.here you can use any number of fields.
User.updateOne({ "_id": "232323"},{$set:{"username":"kalo"}})
For More mongodb doc
If you are using Mongoose nodejs mongodb ORM read this. This doc says the same thing that I explained.
In your case you can simply use like below instead of await user.save();
await User.findOneAndUpdate({ _id: userid }, { username : username , userid: userid,userrole:userrole})
use the User not user
user.username = user.userParam;
This is the key Line I needed.It solved my issue....Although it's simple answer,it may be useful to some of the beginners like me.

Custom Validation on a field that checks if field already exists and is active

I have a mongodb Collection "Users" having "Name", "Email", "Active" fields.
I want to add a validation that for every document email should be unique. However if a document is invalid i.e Active is false then the email can be accepted.
Here is the model
email: { type: String, validate: {
validator: function(v) {
return new Promise((resolve, reject)=> {
console.log("validating email")
const UserModel = mongoose.model('User');
UserModel.find({email : v, active: true}, function (err, docs)
{
if (!docs.length){
resolve();
}else{
console.log('user exists: ',v);
reject(new Error("User exists!"));
}
});
})
},
message: '{VALUE} already exists!'
}
},
name: {
type: String,
required: true
},
active: {
type: Boolean,
default: true
}
Problem is whenever i do any updation on this model then this validation is called.
So if i update the name then also this validation is called and it gives the error that email already exists.
How do I add a validation on email field so if someone adds a new entry to database or updates email it checks in database if existing user has same email id and is active?
I would first call Mongoose findOne function if the User is already registered the Mongo DB, for example;
let foundUser = await User.findOne({email});
if (!foundUser) {
// update user, create user etc.
...
}
I think it is better to not use logic inside the Mongoose document object. Maybe there is a way to achieve it but I prefer to do these validations in the code, not in the document, it is just my preference.
Also you can try making email unique as follows:
email: {
type: String,
unique: true
}
I'd use unique compound index, instead of having one more additional query to your db. Your code would look like this:
const schema = = new Schema(...);
schema.index({email: 1, active: 1}, {unique: true});
Mongo itself will reject your documents and you can catch it in your code like this:
const {MongoError} = require('mongodb'); // native driver
try {
await model.updateOne(...).exec(); // or .save()
} catch (err) {
//11000 is error code for unique constraints
if (err instanceof MongoError && err.code === 11000)
console.error('Duplicate email/active pair');
}

Mongoose, find, return specific properties

I have this get call:
exports.getBIMFromProject = function(req, res){
mongoose.model('bim').find({projectId: req.params['prj_id']}, function(err, bim){
if(err){
console.error(err);
res.send(500)
}
res.send(200, bim);
});
};
Where do I specify which properties I want to return? Can't find it in the docs. The above returns the entire object. I only want a few properties returned.
This is my schema:
var mongoose = require('mongoose'),
Schema = mongoose.Schema;
var bimSchema = new Schema({
projectId: Number,
user: String,
items:[
{
bimObjectId: Number,
typeId: String,
position:{
floor: String,
room:{
name: String,
number: String
}
}
}
]
});
mongoose.model('bim', bimSchema);
I don't want the items array included in my rest call.
You use projection. The first example in the mongoose query docs has a projection operation tucked in.
NB: not real code b/c I highlighted the important bits with triple stars
// find each person with a last name matching 'Ghost', ***selecting the `name` and `occupation` fields***
Person.findOne({ 'name.last': 'Ghost' }, ***'name occupation'***, function (err, person) {
if (err) return handleError(err);
console.log('%s %s is a %s.', person.name.first, person.name.last, person.occupation) // Space Ghost is a talk show host.
})
The Person schema isn't specified but I think the example is clear enough.
Mongoose provides multiple ways to project documents with find, findOne, and findById.
1. Projection as String:
// INCLUDE SPECIFIC FIELDS
// find user and return only name and phone fields
User.findOne({ email: email }, 'name phone');
// EXCLUDE SPECIFIC FIELD
// find user and return all fields except password
User.findOne({ email: email }, '-password');
2. Projection by passing projection property:
// find user and return just _id field
User.findOne({ email: email }, {
projection: { _id: 1 }
});
3. Using .select method:
// find user and return just _id and name field
User.findOne({ email: email }).select('name');
// find user and return all fields except _id
User.findOne({ email: email }).select({ _id: 0 });
You can do the same with find and findById methods too.
MyModel.find({name: "john"}, 'name age address', function(err, docs) {
console.log(docs);
});
This will return fields - name, age and address only.
With the help of .select() this is possible.
If number of fields required are less from total fields then,
.select('projectId user') can be used
Else number of fields to be ignored are less from total fields then,
.select('-items') can be used.
So for getting a field, simply, space separated string of fields can be passed and for ignoring the field, space separated string with "-" before the field can be used.
For more documentation.
Find Specific properties also avoid some properties
await User.find({ email: email }, { name: 1, phone: 1, status: 1, password: 0 });
.Select() method is used to select which fields are to be returned in the query result
let result = await MyModel.find({ user : "user" }).select('name lastname status')

Validating password / confirm password with Mongoose schema

I have a userSchema that looks like this:
var userSchema = new Schema({
name: {
type: String
, required: true
, validate: [validators.notEmpty, 'Name is empty']
}
, username: {
type: String
, required: true
, validate: [validators.notEmpty, 'Username is empty']
}
, email: {
type: String
, required: true
, validate: [
{ validator: validators.notEmpty, msg: 'Email is empty' }
, { validator: validators.isEmail, msg: 'Invalid email' }
]
}
, salt: String
, hash: String
});
All of my validation is happening in the schema so far, and I'm wondering how to go about achieving this with password validation. The user inputs the password into two fields, and the model should check that they are the same as each other.
Does this kind of validation belong in the schema? I'm new to this sort of validation.
How should I validate the passwords?
I eventually discovered that you can use a combination of virtual paths and the invalidate function to achieve this, as shown in this gist, for the very same purpose of matching passwords: https://gist.github.com/1350041
To quote directly:
CustomerSchema.virtual('password')
.get(function() {
return this._password;
})
.set(function(value) {
this._password = value;
var salt = bcrypt.gen_salt_sync(12);
this.passwordHash = bcrypt.encrypt_sync(value, salt);
});
CustomerSchema.virtual('passwordConfirmation')
.get(function() {
return this._passwordConfirmation;
})
.set(function(value) {
this._passwordConfirmation = value;
});
CustomerSchema.path('passwordHash').validate(function(v) {
if (this._password || this._passwordConfirmation) {
if (!val.check(this._password).min(6)) {
this.invalidate('password', 'must be at least 6 characters.');
}
if (this._password !== this._passwordConfirmation) {
this.invalidate('passwordConfirmation', 'must match confirmation.');
}
}
if (this.isNew && !this._password) {
this.invalidate('password', 'required');
}
}, null);
I think password matching belongs in the client interface and should never get to the server (DB layer is already too much). It's better for the user experience not to have a server roundtrip just to tell the user that 2 strings are different.
As for thin controller, fat model... all these silver bullets out there should be shot back at the originator. No solution is good in any situation. Think everyone of them in their own context.
Bringing the fat model idea here, makes you use a feature (schema validation) for a totally different purpose (password matching) and makes your app dependent on the tech you're using now. One day you'll want to change tech and you'll get to something without schema validation at all... and then you'll have to remember that part of functionality of your app relied on that. And you'll have to move it back to the client side or to the controller.
I know the thread is old but if it could save someone's time...
My approach uses pre-validate hook and works perfectly for me
schema.virtual('passwordConfirmation')
.get(function() {
return this._passwordConfirmation;
})
.set(function(value) {
this._passwordConfirmation = value;
});
schema.pre('validate', function(next) {
if (this.password !== this.passwordConfirmation) {
this.invalidate('passwordConfirmation', 'enter the same password');
}
next();
});
I use express-validator before it ever gets down to the schema level in ./routes/signup.js:
exports.post = function(req, res){
req.assert('email', 'Enter email').notEmpty().isEmail();
req.assert('username', 'Enter username').notEmpty().isAlphanumeric().len(3,20);
req.assert('password', 'Enter password').notEmpty().notContains(' ').len(5,20);
res.locals.err = req.validationErrors(true);
if ( res.locals.err ) {
res.render('signup', { message: { error: 'Woops, looks like we need more info...'} });
return;
}
...//save
};
You can attach custom methods to your model instances by adding new function attributes to Schema.methods (you can also create Schema functions using Schema.statics.) Here's an example that validates a user's password:
userSchema.methods.checkPassword = function(password) {
return (hash(password) === this.password);
};
// You could then check if a user's password is valid like so:
UserModel.findOne({ email: 'email#gmail.com' }, function(err, user) {
if (user.checkPassword('secretPassword')) {
// ... user is legit
}
});
The second verification password doesn't need to be submitted for registration.
You could probably get away with validating the two fields are equal on the client-side.
It's kind of late but for the sake of people having similar issues. i ran into a similar problem lately, and here was how i went about it; i used a library called joi
const joi = require('joi');
...
function validateUser(user){
const schema = joi.object({
username: joi.string().min(3).max(50).required(),
email: joi.string().min(10).max(255).required().email(),
password: joi.string().min(5).max(255).required(),
password2: joi.string().valid(joi.ref('password')).required(),
});
return schema.validate(user);
}
exports.validate = validateUser;

Resources