skip to Main Content

I’m creating a simple application using MEAN stack. My code is working fine but i want to remove one key from the response. Please look at my ocde.

models/user.js

const mongoose = require('mongoose');

const Schema = mongoose.Schema;
const userSchema = new Schema({
    firstName: String,
    lastName: String,
    email: String,
    //password: String, // <--------- commented out
    userid: String,
    skills: []
})

module.exports = mongoose.model('user', userSchema, 'users');

Notice that I’ve commented out password key. But I guess that’s not enough. As I can still see password in response:

Postman screenshot

(Note: Email Id and encrypted Password in this image are absolutely fake and hence there’s no security issue)

enter image description here

api.js

const User = require('../models/user');
...
router.get('/users', function (req, res) {
    console.log('Get request for all users');
    User.find({})
        .exec(function (err, user) {
            if (err) {
                console.log("Error retrieving users");
            } else {
                res.json(user);
            }
        });
});

Now tomorrow When I’ll be using real email and password, though I’ll encrypt the password but still i don’t want to show password key whatsoever. It should not be displayed in the network tab of browser also.

Please give me some directions.

3

Answers


  1. You can use the mongoose select method to exclude certain fields. https://mongoosejs.com/docs/api.html#query_Query-select

    User.find({})
            .select('-password')
            .exec(function (err, user) {
                if (err) {
                    console.log("Error retrieving users");
                } else {
                    res.json(user);
                }
            });
    Login or Signup to reply.
  2. You can try this :

    const User = require('../models/user');
    ...
    router.get('/users', function (req, res) {
        console.log('Get request for all users');
        const user = User.find({} , {password:0});
    
        return res.json({ user: user });
    });
    
    Login or Signup to reply.
  3. If you just do not want to show the password while outputting the data then you just need to do this in your schema:

    const MongooseSchema = new mongoose.Schema({
      firstName: {
        type: String,
        required: [true, 'Please enter a first name!'],
      },
      lastName: {
        type: String,
        required: [true, 'Please enter a last name!'],
      },
      email: {
        type: String,
        unique: true,
        required: [true, 'Please enter an email address!'],
        match: [
          /^(([^<>()[]\.,;:s@"]+(.[^<>()[]\.,;:s@"]+)*)|(".+"))@(([[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}])|(([a-zA-Z-0-9]+.)+[a-zA-Z]{2,}))$/,
          'Please enter a valid email address',
        ],
      },
      password: {
        type: String,
        required: [true, 'Please enter a password'],
        select: false,
      },
      // userid: String, Id for user will be created by mongodb automatically
      skills: {
        type: Array,
        required: [true, 'Please enter skills!'],
      },
      createdAt: {
        type: Date,
        default: Date.now,
      },
    });
    
    module.exports = mongoose.model('User', MongooseSchema);
    

    Now when you will find users or a user, a password or passwords will not be returned in the response. I improved your schema too.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search