User profiles is a common requirement for web applications and seem relatively straightforward - just send back the data from our user model via an endpoint. but there is some problem which has sensitive data like the user's email, password, and a JWT token.
To keep these sensitive datas, we'll need to create a method on the User model that will output a version of the user's information that is appropriate for their public profile.
// PUBLIC PROFILE.
// These json doesn't have any sensitive data.
{
"prifile": {
"username": "jake",
"bio": "I work at statefarm",
"image": "https://static.pro~.jpg",
"following": false
}
}Creating the profile endpoint(public profile)
1. make a method to retrieve a user's public profile in 'models/User.js'.
UserSchema.methods.toProfileJSONFor = function() {
return {
username: this.username,
bio: this.bio,
image: this.image || "https://~.jpg",
following: flase
}
}
2. create the publicly accessible endpoint that will return this data to our frontend.
The first thing we'll need to do is create a router that will be responsible for all profile related routes.
'routes/api/profiles.js'
var router = require('express').Router();
var mongoose = require('mongoose');
var User = mongoose.model('User');
var auth = require('../auth');
module.exports = router;
3. resitser the profiles router with the API router
'routes/api/index.js'
router.use('/profiles', require('.profiles'));
4. need to create a router URL parameter middleware for finding the user whose username is specified in the URL. prepopulate 'req.profile' with the user's data when the ':username' parameter is contained within a route
'routes/api/prifoles.js
router.param('username', function(req, res, next, username){
User.findOne({username: username}).then(function(user){
if (!user) { return res.sendStatus(404); }
req.profile = user;
return next();
}).catch(next);
});! All param callback will be called before any handler of any route in which the param occurs, and they will each be called only once in a request-response cycle, even if the parameter is matched in multiple routes.
Finally, we'll define the 'GET' route for 'profiles/:username' that will return the profile data that was prepopulated by the parameter middleware we just created.
5. create an endpoint to fecth a user's profile by their username
'routes/api/profiles.js'
router.get('/:username', auth.optional, function(req, res, next) {
return res.json({profile: req.profile.toProfileJSONFor()});
});
6.update 'models/User.js' to accept a user object parameter
UserSchema.methods.toProfileJSONFor = function(user){back in our router, we'll need to look up the current user by ID from the JWT payload and pass along the user object to 'profile.toPrifoleJSONFor' if it exists. Otherwise, we'll just pass along 'false' to indicate there isnt a currently logged in user.
7. update the GET route like below
router.get('/:username', auth.optional, function(req, res next) {
if(req.payload) {
User.findById(req.payload.id).then(function(user) {
if(!user){ return res.json({profile: req.profile.toProfileJSONFor(false)}); }
return res.json({profile: req.profile.toProfileJSONFor(user)});
});
} else {
return res.json({profile: req.profile.toProfileJSONFor(false)});
}
});
_28.April
'express' 카테고리의 다른 글
| routing _express docs (0) | 2020.05.01 |
|---|---|
| mongoose (0) | 2020.05.01 |
| execPopulate() /mongoose. (0) | 2020.04.29 |
| payload (0) | 2020.04.29 |
| Postman (0) | 2020.04.28 |