I'm creating a simple application using MEAN
stack. My code is working fine but i want to remove one key from the response. Please look at my ocde.
models/user.js
const mongoose = require('mongoose');
const Schema = mongoose.Schema;
const userSchema = new Schema({
firstName: String,
lastName: String,
email: String,
//password: String, // <--------- commented out
userid: String,
skills: []
})
module.exports = mongoose.model('user', userSchema, 'users');
Notice that I've commented out password
key. But I guess that's not enough. As I can still see password in response:
Postman screenshot
(Note: Email Id and encrypted Password in this image are absolutely fake and hence there's no security issue)
api.js
const User = require('../models/user');
...
router.get('/users', function (req, res) {
console.log('Get request for all users');
User.find({})
.exec(function (err, user) {
if (err) {
console.log("Error retrieving users");
} else {
res.json(user);
}
});
});
Now tomorrow When I'll be using real email and password, though I'll encrypt the password but still i don't want to show password
key whatsoever. It should not be displayed in the network tab of browser also.
Please give me some directions.
CodePudding user response:
You can use the mongoose select
method to exclude certain fields. https://mongoosejs.com/docs/api.html#query_Query-select
User.find({})
.select('-password')
.exec(function (err, user) {
if (err) {
console.log("Error retrieving users");
} else {
res.json(user);
}
});
CodePudding user response:
You can try this :
const User = require('../models/user');
...
router.get('/users', function (req, res) {
console.log('Get request for all users');
const user = User.find({} , {password:0});
return res.json({ user: user });
});