I have an API utilizing Sequelize on a Postgres DB and I need to output the objects I am pulling from the DB to my clients. However on some records such as User records there will be sensitive data attached to it, like the password hash or billing info, that I need to make sure is not sent to the client. Of course I have the option of only selecting the fields I want during my database request, but I may need those sensitive fields while I'm handling it (such as during a login attempt to verify the user's password).The other option is to, just before returning the response to the client, run the object through a cleaning function to remove any sensitive fields. This would be great, but gets tricky if I have other model relations populated, I would also need call the cleaning function on any attached instances. Or if I pull an array of objects, then I need to loop through each one (and hope they don't also have relations populated on them to clean). Basically this cleaning setup to cover all cases is gonna get messy real quick.Is there a solution in Sequelize, or via another package, that can sanitize the output of every one of my models before sending to the client?
Submitted February 23, 2017 at 06:53AM by Sythic_
No comments:
Post a Comment