Question 117881 in Mongodb Question posted in
The official documentation can be found here.

How to remove a specific key from JSON response coming from MongoDB in ExpressJS

I’m creating a simple application using MEAN stack. My code is working fine but i want to remove one key from the response. Please look at my ocde.

models/user.js

const mongoose = require('mongoose');

const Schema = mongoose.Schema;
const userSchema = new Schema({
    firstName: String,
    lastName: String,
    email: String,
    //password: String, // <--------- commented out
    userid: String,
    skills: []
})

module.exports = mongoose.model('user', userSchema, 'users');

Notice that I’ve commented out password key. But I guess that’s not enough. As I can still see password in response:

Postman screenshot

(Note: Email Id and encrypted Password in this image are absolutely fake and hence there’s no security issue)

enter image description here

api.js

const User = require('../models/user');
...
router.get('/users', function (req, res) {
    console.log('Get request for all users');
    User.find({})
        .exec(function (err, user) {
            if (err) {
                console.log("Error retrieving users");
            } else {
                res.json(user);
            }
        });
});

Now tomorrow When I’ll be using real email and password, though I’ll encrypt the password but still i don’t want to show password key whatsoever. It should not be displayed in the network tab of browser also.

Please give me some directions.

Tags:

3

Answers


  1. 0

    You can use the mongoose select method to exclude certain fields. https://mongoosejs.com/docs/api.html#query_Query-select

    User.find({})
        .select('-password')
        .exec(function (err, user) {
            if (err) {
                console.log("Error retrieving users");
            } else {
                res.json(user);
            }
        });
    Login or Signup to reply.
  2. 0

    You can try this :

    const User = require('../models/user');
...
router.get('/users', function (req, res) {
    console.log('Get request for all users');
    const user = User.find({} , {password:0});

    return res.json({ user: user });
});
    Login or Signup to reply.
  3. 0

    If you just do not want to show the password while outputting the data then you just need to do this in your schema:

    const MongooseSchema = new mongoose.Schema({
  firstName: {
    type: String,
    required: [true, 'Please enter a first name!'],
  },
  lastName: {
    type: String,
    required: [true, 'Please enter a last name!'],
  },
  email: {
    type: String,
    unique: true,
    required: [true, 'Please enter an email address!'],
    match: [
      /^(([^<>()[]\.,;:s@"]+(.[^<>()[]\.,;:s@"]+)*)|(".+"))@(([[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}])|(([a-zA-Z-0-9]+.)+[a-zA-Z]{2,}))$/,
      'Please enter a valid email address',
    ],
  },
  password: {
    type: String,
    required: [true, 'Please enter a password'],
    select: false,
  },
  // userid: String, Id for user will be created by mongodb automatically
  skills: {
    type: Array,
    required: [true, 'Please enter skills!'],
  },
  createdAt: {
    type: Date,
    default: Date.now,
  },
});

module.exports = mongoose.model('User', MongooseSchema);

    Now when you will find users or a user, a password or passwords will not be returned in the response. I improved your schema too.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search