解密node / express.js路由内的数据
[英]Decrypt data within a node/express.js Route
问题描述
I have an app where I am trying to encrypt the userID before sending it to the client side. 
我有一个应用程序,在将userID发送到客户端之前,我试图对其进行加密。 The reason for doing this is because I am using EJS as a tempting engine which means I have code where I am using the userID like so: 这样做的原因是因为我将EJS用作诱人的引擎,这意味着我在使用userID地方有如下代码:
<body ng-init="getAllPosts('<%= user._id' %>)"></body>
The issue with this is that when someone does "inspect element" on any browser they can clearly see their userID . 这样做的问题是,当有人在任何浏览器上执行“检查元素”时,他们可以清楚地看到其userID 。 See image below for example: 例如,请参见下图:
To fix this issue I started Encrypting my userID before I sent to the client, like s0: 要解决此问题,我在发送给客户端(例如s0)之前开始加密我的userID :
app.get('/profile',isLoggedIn,function(req, res) {
var user = req.user;
var uid = encrypt(JSON.stringify(user._id));
res.render('profile.ejs', {
userID: uid
});
});
This Encrypts the ID successfully as you can see in the image below: 如下图所示,此操作成功加密了ID:
The Issue: 问题:
The issue is that I can successfully Decrypt the ID but even after decrypted it I can't get the data from the database. 问题是我可以成功解密ID,但是即使解密ID也无法从数据库获取数据。 I have tried copy pasting the decrypted ID into my route and that gets the data successfully. 我尝试将已解密的ID粘贴粘贴到我的路由中,从而成功获取了数据。 Its like it does not read the decrypted ID from the variable but works when copy paste it myself. 就像它不会从变量中读取解密的ID一样,但是当我自己复制粘贴它时就可以使用。
Heres the code: 这是代码:
app.get('/user/posts/:id', isLoggedIn, function(req, res){
var x = decrypt(req.params.id)
Posts.findOne({userID:x}, function(err, post){
if(err)
console.log(err);
else if(post){
res.json(post);
} else if(!post){
res.json({message: "No Posts document exists for this user"});
}
});
});
Thing to note is that the variable x contains decrypted ID is text form! 需要注意的是变量x包含解密的ID,是文本形式!
Just for more info here are my Encrypting & Decrypting functions: 为了获得更多信息,这里是我的加密和解密功能:
//Encrypt Data
function encrypt(text){
var cipher = crypto.createCipher(algorithm,key)
var crypted = cipher.update(text, 'utf8', 'base64')
crypted += cipher.final('base64');
console.log("CRYPTED " + crypted);
return crypted;
}
//Decrypt Data
function decrypt(text){
var decipher = crypto.createDecipher(algorithm,key)
var dec = decipher.update(text, 'base64', 'utf8')
dec += decipher.final('utf8');
console.log("DECRYPTED " + dec);
return dec;
}
Output of Decrypt Function: 解密功能输出:
1 个解决方案
解决方案1
0 已采纳 2016-04-13 08:26:48
Found the problem, the problem was that I was being an idiot. 发现了问题,问题在于我是个白痴。
All I had to do to make is work was to change the following line from this: 我要做的就是修改以下内容:
Posts.findOne({userID:x})
to 至
Posts.findOne({userID: JSON.parse(x)})
The above solved the issue. 以上解决了这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.