I'm writing a server in Node.js and MongoDB with mongoose.
I have a user model that looks like this:
var User = new Schema({
username : {
'type' : String,
'trim' : true,
'required' : true,
'validate': [usernameValidator, 'whitespace_not_allowed']
},
avatar : {
'type' : String,
'lowercase' : true,
'required' : true
},
facebook_id : {
'type' : Number,
'required' : true,
'index' : { unique: true }
},
email : {
'type' : String,
'lowercase' : true,
'required' : true
},
token : {
'type' : String,
'index' : { unique: true },
'required' : true
}
});
When a client request all his facebook friends I don't want to send him the users tokens, this is true for almost every request. But for some requests, like login, I want to send the token.
The problem with this is that forgetting to filter the result when querying the database and send out tokens other information could be pretty fatal.
The solution I'm thinking of right now is overriding a method(don't know which yet) where I specify what fields should be selected by default. Then in the few cases where I need more I have to specify it in the query. This would ensure that a memory slip would not cause wrong data to be sent out.
How do you solve this issue?
You can exclude the token field in results by default via the select attribute of the field definition in the schema:
token : {
'type' : String,
'index' : { unique: true },
'required' : true,
'select' : false
}