Grateful Grateful - 1 month ago 10
Node.js Question

How to to access first and last name for the following user model (based on mongoose)?

I am looking at some code, with a user schema, similar to the following.

var UserSchema = new mongoose.Schema(
{
email: {
type: String,
lowercase: true,
unique: true,
required: true
},

password: {
type: String,
required: true
},

profile: {
firstName: {
type: String
},
lastName: {
type: String
}
}
}
);


Now, as far as I can understand, the top-level properties are email, password and profile....
firstName
and
lastName
should only be accessible from within
profile
. However, the details are being accessed with something like the following.

exports.register = function(req, res, next) {

// Check for registration errors
const email = req.body.email;
const password = req.body.password;
const firstName = req.body.firstName;
const lastName = req.body.lastName;

// Return error if no email provided
if (!email) {
return res.status(422).send({ error: 'You must enter an email address.'});
}

// Return error if no password provided
if (!password) {
return res.status(422).send({ error: 'You must enter a password.' });
}

// Return error if full name not provided
if (!firstName || !lastName) {
return res.status(422).send({ error: 'You must enter your full name.'});
}

...


I don't seem to understand why the
firstName
and
lastName
are being accessed directly with
req.body.firstName
instead of
req.body.profile.firstName
. There don't seem to be any virtual attributes in place either. So what's going on!?

Answer

In an express application request parameters are passed in as first parameter of a route (req, res, next). The sample code posted shows the result of a POST request to a route called /register. This data does not relate to the model posted with the question.

To be able to work with the model, the data needs to be stored into a new Mongoose object. So within the route one would write:

exports.register = function(req, res, next) { 
    const User = new User();
    User.profile.firstName = req.body.firstName;
    // ... and so on
    User.save((err, savedUser) => { 
        if(err) return next(err);
        // end request
    });
}

Please note that some kind of sanity check is recommended when dealing with user provided variables. Using it like in my example above may enable an attacker to store a string of arbitrary length inside the database which is most probably not desired.