【发布时间】:2021-07-18 19:51:53
【问题描述】:
在后端,我有一个控制器,它从前端接收登录数据(用户名和密码),对其进行验证,然后将结果响应返回给前端。这是控制器:
/* POST /api/login */
exports.Login = (req, res, next) => {
const incomingUsername = req.body.username;
const incomingPassword = req.body.password;
const result = validation.ValidateLoginData(
incomingUsername,
incomingPassword
);
/* Validation fails when the validationResult === 0 */
/* Validation succeeds when the validationResult === 1 */
if (result.validationResult === 0) {
res.json({ result: 0, message: result.validationMessage });
} else if (result.validationResult === 1) {
res.json({ result: 1, message: result.validationMessage });
}
};
ValidateLoginData() 函数包含以下步骤:
- 检查用户名或密码是否不存在(未定义)
- 检查用户名或密码是否为空字符串
- 检查用户是否为所有者(特殊情况)
- 检查用户是否存在于数据库中
- 检查密码是否正确
我想将所有验证逻辑保留在 ValidateLoginData() 函数中。
这是第一个场景:
exports.ValidateLoginData = (incomingUsername, incomingPassword) => {
/* Check if the username or password does not exist (undefined) */
/* Check if the username or password is empty string */
/* Check if the user is owner (Special case) */
if (incomingUsername === undefined || incomingPassword === undefined) {
return {
validationResult: 0,
validationMessage: "Undefined username or password!",
};
} else if (incomingUsername === "" || incomingPassword === "") {
return {
validationResult: 0,
validationMessage: "Empty username or password!",
};
} else if (
incomingUsername === process.env.OWNER_USERNAME &&
incomingPassword === process.env.OWNER_PASSWORD
) {
return {
validationResult: 1,
validationMessage:
process.env.OWNER_USERNAME + " (Owner) Logged in sucessfully!",
};
}
/* Here is want to return the result of the database query and it should be the
user data for further validation like this */
const user = User.findOne({
where: {
username: incomingUsername,
},
});
if (user === null) {
return {
validationResult: 0,
validationMessage: "Incorrect username!",
};
} else if (user.dataValues.username === incomingUsername) {
if (user.dataValues.password === incomingPassword) {
return {
validationResult: 1,
validationMessage: "You logged in successfully!",
};
}
}
};
第二种情况:
/* Or if i can place the validation inside the then() and then return
the validation result out of the ValidateLoginData function */
User.findOne({
where: {
username: incomingUsername,
},
}).then((user) => {
if (user === null) {
return {
validationResult: 0,
validationMessage: "Incorrect username!",
};
} else if (user.dataValues.username === incomingUsername) {
if (user.dataValues.password === incomingPassword) {
return {
validationResult: 1,
validationMessage: "You logged in successfully!",
};
}
}
});
第三种情况:
/* Or if i can place the validation for password inside the second
then() i do not want to have nesting as it makes the code
more complicated */
User.findOne({
where: {
username: incomingUsername,
},
})
.then((user) => {
if (user === null) {
/* This returns the result outside the ValidateLoginData function */
return {
validationResult: 0,
validationMessage: "Incorrect username!",
};
} else if (user.dataValues.username === incomingUsername) {
/* This returns the user data to the next then() not outside the
ValidateLoginData function */
return user;
}
})
.then((user) => {
if (user.dataValues.password !== incomingPassword) {
return {
validationResult: 0,
validationMessage: "Incorrect Password",
};
} else if (user.dataValues.password === incomingPassword) {
return {
validationResult: 1,
validationMessage: "You logged in successfully!",
};
}
});
我的目标是:
- 将所有验证逻辑放在控制器外部和
validateLoginData函数中。 - 从包含
validationResult和validationMessage的validateLoginData函数返回一个对象。 - 尽可能避免嵌套。
【问题讨论】:
-
在 .then() 中使用控制台/日志,因为 sequelize 是异步的,您在.then 发生之前执行 console.log
-
首先检查用户是否存在..
-
@sid 检查您是否必须请求数据库...也许您正在谈论模型
User是的,检查用户是否为空是一个好习惯,因为这不是顺便问一下,如果你想检查用户,你可以使用 User?.findOne(...)?.then(...)?.catch(...)
标签: javascript node.js sequelize.js