Eliminate JSON data prior to displaying information to the user/strip JavaScript object attributes

Question

Eliminate JSON data prior to displaying information to the user/strip JavaScript object attributes

I'm facing a dilemma and can't seem to figure out why I'm unable to resolve my issue.

My SPA is created using AngularJS, Node.JS, and MongoDB (Mongoose). On the client side, I have a registration form for new users. The form includes a text input with an associated function triggered by its onblur event (ng-blur to be exact). This function makes an AJAX/$http call to the backend to check if the username is unique before submitting the form. Everything seems to be working fine, here's the code snippet I've been working on (lightly modified for this question)...

Here's the input box,

<input type="text" name="displayName" id="displayName" ng-model="user.displayName" ng-blur="checkUserName(user)" />

And here's the blur function in my controller

this.userNameCheck = function(user){
        return $http({method: 'GET', url: '/api/users/displayName/' + user.displayName})
            .then(function(response) {
               if(response.data.length > 0){
                   user.userWarning = userWarning; // userWarning is a string/ var that is passed to the form
               }

            }, function(response) {
                console.log(response);
            });
    };

Lastly, here is the Node/mongoose code from another project:

exports.displayName = function (req, res, next, displayName) {

    User.find({displayName : displayName}).limit(1).exec(function (err, results) {
        if (err) return next(err);
        if (!results) return next(new Error('No user found'));
        res.jsonp(results || null);
    });

};

Everything seems fine, however, upon checking the console, it appears that when there's a match, the returned results object contains sensitive information like hashed password and salt. To address this, I updated my backend code as follows:

exports.displayName = function (req, res, next, displayName) {

    User.find({displayName : displayName}).limit(1).exec(function (err, results) {
        if (err) return next(err);
        if (!results) return next(new Error('No user found'));

        // Updated code
        if(results.length !== 0){
            var returnObj =  results[0];
             delete returnObj.hashed_password;
             delete returnObj.salt;
             delete returnObj._id;
            res.jsonp([returnObj] || null)
        }else{
            res.jsonp(results || null);
        }
    });

};

However, even after implementing these changes, when making a successful call in Firebug (resulting in a match), the returned object still contains the deleted properties. What am I doing wrong?

javascript mongodb angularjs

Answer 1

Answer №1

In order to remove specific fields from the Mongoose object, you need to avoid manipulating the actual storage directly. A quick fix for this issue would involve:

 let returnData =  results[0].toJSON();
 delete returnData.hashed_password;
 delete returnData.salt;
 delete returnData._id;

An alternative approach is to use the select method (check out the documentation) to choose which fields to include or exclude.

Answer 2

In order to remove specific fields from the Mongoose object, you need to avoid manipulating the actual storage directly. A quick fix for this issue would involve:

 let returnData =  results[0].toJSON();
 delete returnData.hashed_password;
 delete returnData.salt;
 delete returnData._id;

An alternative approach is to use the select method (check out the documentation) to choose which fields to include or exclude.

Answer 3

Answer №2

It is possible that the properties in the return object are not actually deleted because they exist further up the prototype chain.

When using the delete operator, if the property is successfully removed from the object, it will be completely erased. However, if a property with the same name is found on the object's prototype chain, the object will inherit that property instead.

~ MDN (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/delete)

You can verify this by using hasOwnProperty to check, but it might be safer to create a new object with only the desired values, or restrict the returned values directly from Mongo collection?

In JavaScript, you could dynamically create an object like:

var returnObj =  results[0],
safeUserObj = {
   userName : returnObj["username"],
   email : returnObj["email"]
};

res.jsonp([safeUserObj]);

Alternatively, you can filter the fields at the database level by using the aggregation framework's $match and $project (example below, may need adjustments for Mongoose):

db.users.aggregate([
{ $match : { displayName : displayName } },
{ $project : {
    displayName : 1,
    email : 1
  }
}
]);

EDIT: Another approach is to use the project parameter of find to achieve similar results without implementing the aggregation framework.

Answer 4

It is possible that the properties in the return object are not actually deleted because they exist further up the prototype chain.

When using the delete operator, if the property is successfully removed from the object, it will be completely erased. However, if a property with the same name is found on the object's prototype chain, the object will inherit that property instead.

~ MDN (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/delete)

You can verify this by using hasOwnProperty to check, but it might be safer to create a new object with only the desired values, or restrict the returned values directly from Mongo collection?

In JavaScript, you could dynamically create an object like:

var returnObj =  results[0],
safeUserObj = {
   userName : returnObj["username"],
   email : returnObj["email"]
};

res.jsonp([safeUserObj]);

Alternatively, you can filter the fields at the database level by using the aggregation framework's $match and $project (example below, may need adjustments for Mongoose):

db.users.aggregate([
{ $match : { displayName : displayName } },
{ $project : {
    displayName : 1,
    email : 1
  }
}
]);

EDIT: Another approach is to use the project parameter of find to achieve similar results without implementing the aggregation framework.

Eliminate JSON data prior to displaying information to the user/strip JavaScript object attributes

Answer №1

Answer №2

Similar questions

Extract information stored in a JSON object and input it into an array

Concealing an element in React

Are there any jQuery plugins available that animate elements as the page is scrolled?

The MongoDB 'find' method is incompatible with DateTime.MinValue

Optimizing mongoose schema organization for improved relationships

Converting MongoDB collection to DataFrame object

Is Redux really the new trend in the world of action creators?

npm ERROR: 404 - The package '@reactivex/rxjs' cannot be found in the npm registry

What is the alternative name for DOM elements in TypeScript?

What is the technique for wrapping a component with a rectangle box in ReactJs?

Experiencing CORS (Cross-Origin Resource Sharing) issue while utilizing Python Flask-Restful in conjunction with consuming AngularJS (specifically with $

Text index formatting with Pymongo

Utilizing AJAX and PHP to Showcase Data

When contextIsolation is set to true in an Electron application, React components fail to render properly. However, they render without any issues when context

How can mouse clicks be detected using jQuery?

JavaScript/TypeScript Asynchronous Filtering on AsyncIterable<T>

JavaScript for Acrobat

Enhancing the Appearance of Default Map Markers in Google Maps' Angular Plugin

Failure in unit testing MongoDB's WriteOneAsync() when attempting to create a document

The results of an AJAX file upload operation