search

Home  >  Q&A  >  body text

mongodb - node.js how to make the remaining routing files not executed?

For example, if I want to change the password, I have an old password and a new password. The verification of the old password is separated from the change of the new password. How can I prevent the new password from being changed? 

router.get('/:userid', function(req, res,next) {
    if(req.session.userid){
        return next();
    }
    res.redirect('/login');
});
router.get('/:userid', function(req,res,next){
    User.find(req.session.userid,function(err,doc){
        res.render('changepassword',{
            userid: req.session.userid,
            user:doc
        });
    });
});

router.post("/:userid",function(req,res) {
    User.findOne({
        name: req.session.userid,
        pwd: req.body.oldpwd
    }, function (err, doc) {
        if (err) {
            r.error = err;
            return;
        }
        if (doc) {
            console.log('success');
        } else {
            console.log('fail');
            return;
        }
        res.json(r);
    });
});

//不想使得当旧密码验证不成功的时候让以下代码执行
router.post("/:userid",function(req,res) {
    var u = {
        pwd :req.body.pwd
    };
    var userid = req.session.userid;
    if(userid && '' != userid) {
        User.findOneAndUpdate(userid,u,function(err, docs) {
            console.log('modify-----'+ docs);
            res.redirect('/');
        });
    }
});
为情所困为情所困2733 days ago675

reply all(2)I'll reply

  • 滿天的星座

    滿天的星座2017-05-24 11:33:27

    Add next to the parameters of the callback function. If the verification is successful, next will be returned. If the verification fails, failure will be returned. 

    router.post("/:userid",function(req,res,next) {
    User.findOne({
        name: req.session.userid,
        pwd: req.body.oldpwd
    }, function (err, doc) {
        if (err) {
            r.error = err;
            return;
        }
        if (doc) {
            console.log('success');
            return next();
        } 
        console.log('fail');
        res.json(r);
    });
});

//不想使得当旧密码验证不成功的时候让以下代码执行
router.post("/:userid",function(req,res,next) {
    var u = {
        pwd :req.body.pwd
    };
    var userid = req.session.userid;
    if(userid && '' != userid) {
        User.findOneAndUpdate(userid,u,function(err, docs) {
            console.log('modify-----'+ docs);
            res.redirect('/');
        });
    }
});

    But they can actually be together, so why separate them? For example: 

    router.get('/:userid', function(req, res,next) {
    if(req.session.userid){
        return User.find(req.session.userid,function(err,doc){
            res.render('changepassword',{
                userid: req.session.userid,
                user:doc
            });
        });
    }
    res.redirect('/login');
});

    reply
    0
  • 为情所困

    为情所困2017-05-24 11:33:27

    For reference:

    1. router.post("/:userid",function(req,res) {
    and
    //We don’t want the following code to be executed when the old password verification fails
    router.post("/:userid", function(req,res) {

    It is a duplicate router. You need to put the following processing code (change the password) on it.

    2. In addition, you can consider password.js for login management.

    For reference.

    Love MongoDB! Have fun!

    reply
    0
  • Cancelreply