堆栈内存溢出
  简体   繁体   English

使用节点管理与mongoDB的连接的正确方法是什么?

[英]What is the right way to manage connections to mongoDB, using node?

 原文  2015-12-27 09:31:51       javascript/ node.js/ mongodb/ database

问题描述

I'm using node.js and mongoDB. 我正在使用node.js和mongoDB。 Right now, for my test app, the connection to the db is in the main node file, but I guess this is a wrong practice. 现在,对于我的测试应用程序,与数据库的连接位于主节点文件中,但是我认为这是错误的做法。 What I want/need: a secure way (ie not storing password on files users can access) to connect to the db just when needed. 我想要/需要的:一种安全的方法(即不在用户可以访问的文件中存储密码),仅在需要时才连接到db。

For example: I want several admin pages (users, groups, etc..). 例如:我想要几个管理页面(用户,组等)。 Each page should connect to the db, find some data, and display it. 每个页面都应连接到数据库,找到一些数据并显示它。 It also have a form for adding a document to the db and a delete option. 它还具有将文档添加到db和delete选项的形式。

I thought maybe to create some kind of a connection function - send it what you want to do (add, update, find, delete), to where (collection name) and whatever it needs. 我想也许可以创建某种连接功能-将您想要执行的操作(添加,更新,查找,删除),位置(集合名称)以及所需的内容发送给它。 But I can't just include this function, because then it'll reveal the password to the db. 但是我不能只包含此功能,因为这样它将向数据库显示密码。 So what can I do? 那我该怎么办?

Thanks! 谢谢!

1 个解决方案

解决方案1
 2 已采纳  2015-12-27 11:08:43

I'm going to answer your question bit by bit. 我将一点点回答你的问题。

Right now, for my test app, the connection to the db is in the main node file 现在,对于我的测试应用程序,与数据库的连接位于主节点文件中

This is fine, though you might want to put it in a separate file for easier reuse. 很好,尽管您可能希望将其放在单独的文件中以方便重用。 NodeJS is a continuesly running process, so in theory you could serve all of your HTTP responses using the same connection to the database. NodeJS是一个持续运行的过程,因此从理论上讲,您可以使用与数据库的相同连接来服务所有HTTP响应。 In practice you'd want to create a connection pool, but the Mongodb driver for NodeJS already does this automatically. 实际上,您想创建一个连接池,但是NodeJS的Mongodb驱动程序已经自动执行此操作。

Each page should connect to the db, find some data, and display it. 每个页面都应连接到数据库,找到一些数据并显示它。

When you issue a query on the MongoDB driver, it will automatically use a connection from its internal connection pool, as long as you gave it the credentials when your application was starting up. 在MongoDB驱动程序上发出查询时,只要在应用程序启动时为它提供了凭据,它就会自动使用其内部连接池中的连接。

What I want/need: a secure way (ie not storing password on files users can access) to connect to the db just when needed. 我想要/需要的:一种安全的方法(即不在用户可以访问的文件中存储密码),仅在需要时才连接到db。

I would advice to keep your application configuration (any variables that depend on the environment in which the app is running) in a separate file which you don't commit to your VCS. 我建议您将应用程序配置(取决于应用程序运行环境的任何变量)保存在一个单独的文件中,该文件不提交给VCS。 A module like node-config can help a great deal with that. 诸如node-config之类的模块可以极大地帮助您。

The code you will end up with, using node-config, is something like: 使用node-config最终得到的代码类似于:

config/default.json: config / default.json: 

{
  "mongo": null
}

This is the default configuration file which you commit. 这是您提交的默认配置文件。

config/local.json: config / local.json: 

{
  "mongo": "mongo://user:pass@host:port/db"
}

The local.json should be ignored by your VCS. VCS应该忽略local.json。 It contains secret sauce. 它包含秘密调味料。

connection.js: connection.js: 

var config = require('config');
var MongoClient = require('mongodb').MongoClient;
var cache;

module.exports = function(callback){
  if(cache){
    return callback(cache);
  }
  MongoClient.connect(config.get('mongo'), function(err, db){
    if(err){
      console.error(err.stack);
      process.exit(1);
    }
    cache = db;
    callback(db);
  });
}

An incomplete example of how you might handle reusing the database connection. 有关如何处理重用数据库连接的不完整示例。 Note how the configuration is gotten using config.get(*) . 注意如何使用config.get(*)获得配置。 An actual implementation should have more robust error handling and prevent multiple connections from being made. 实际的实现应具有更强大的错误处理能力,并防止建立多个连接。 Using Promises would make all that a lot easier. 使用Promises将使一切变得容易得多。

index.js: index.js: 

var connect = require('./connection');
connect(function(db){
  db.find({whatever: true})
});

Now you can just require your database file anywhere you want, and reuse the same database connection, which handles pooling for you and you don't have your passwords hard-coded anywhere. 现在,您只需在所需的任何地方都需要您的数据库文件,然后重新使用相同的数据库连接即可为您处理池,而且您的密码无需在任何地方进行硬编码。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用MongoJS管理与Mongo的连接的正确方法是什么? - What is the proper way to manage connections to Mongo with MongoJS? 在Node.js中进行同步MongoDB查询的正确方法是什么? - What is the right way to make a synchronous MongoDB query in Node.js? 什么是管理多个ajax请求的正确方法? - what is the right way to manage multiple ajax requests? 在 ember 插件中管理第三方依赖项的正确方法是什么? - What's the right way to manage a third party dependency in an ember addon? 如何管理 tcp node-red 连接? - How to manage tcp node-red connections? 管理Node Websocket主题-用户映射的最佳方法是什么? - What is the best way to manage Node Websockets topic-subscriber Map? 在 Node.js 路由器中声明 object 的正确方法是什么 - What's the right way to declare an object in Node.js router 什么是导入模块javascript node.js的正确方法 - What's right way to import a module javascript node.js 多节点 - mongodb本地连接 - Multiple node-mongodb-native connections 与node-mongodb-native的多个连接 - Multiple connections with node-mongodb-native
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM