Cleaned up "How do I" section of README
This commit is contained in:
Sahat Yalkabov
43
README.md
43
README.md
@ -942,11 +942,11 @@ script.
|
|||||||
```
|
```
|
||||||
|
|
||||||
**Note:** Notice the path of the `socket.io.js`, you don't actually
|
**Note:** Notice the path of the `socket.io.js`, you don't actually
|
||||||
have to have `socket.io.js` file anywhere in your project; it will be generated automatically
|
have to have `socket.io.js` file anywhere in your project; it will be generated
|
||||||
at runtime.
|
automatically at runtime.
|
||||||
|
|
||||||
If you want to have JavaScript code separate from templates, move that inline script code into `main.js`,
|
If you want to have JavaScript code separate from templates, move that inline
|
||||||
inside the `$(document).ready()` function:
|
script code into `main.js`, inside the `$(document).ready()` function:
|
||||||
|
|
||||||
```js
|
```js
|
||||||
$(document).ready(function() {
|
$(document).ready(function() {
|
||||||
@ -963,31 +963,10 @@ $(document).ready(function() {
|
|||||||
|
|
||||||
And that's it, we are done!
|
And that's it, we are done!
|
||||||
|
|
||||||
If you want to see a really cool real-time dashboard check out this [live example](http://hackathonstarter.herokuapp.com/dashboard). Refer to the [pull request #23](https://github.com/sahat/hackathon-starter/pull/23/files) to see how it is implemented.
|
If you want to see a really cool real-time dashboard check out this
|
||||||
|
[live example](http://hackathonstarter.herokuapp.com/dashboard). Refer to the
|
||||||
### How does “Forgot your password” feature work?
|
[pull request #23](https://github.com/sahat/hackathon-starter/pull/23/files) to
|
||||||
|
see how it is implemented.
|
||||||
There are **4** routes in total that handle forgot password and reset password:
|
|
||||||
```js
|
|
||||||
app.get('/forgot', forgotController.getForgot);
|
|
||||||
app.post('/forgot', forgotController.postForgot);
|
|
||||||
app.get('/reset/:token', resetController.getReset);
|
|
||||||
app.post('/reset/:token', resetController.postReset);
|
|
||||||
```
|
|
||||||
|
|
||||||
The first step begins at the get `GET /forgot` when user clicks on **Forgot your password?** link on the *Login* page. The `POST /forgot` handles the form submission. If email address is valid, it creates a random 20-bit hash, finds that user’s email in the database and sets `resetPasswordToken` field to the newly generated random 20-bit hash, additionally `resetPasswordExpires` is set to 1 hour into the future. That means from the moment you receive an email, that reset link will be valid only for one hour (for security reasons it’s a good practice to expire reset password links). If 1 hour is too short for your needs, feel free to increase it. The final step is to actually send an email with a reset link. This is all elegantly done using **async.waterfall** control flow.
|
|
||||||
|
|
||||||
Notice how it handles the case when no email address exists:
|
|
||||||
```js
|
|
||||||
if (!user) {
|
|
||||||
req.flash('errors', { msg: 'No account with that email address exists.' });
|
|
||||||
return res.redirect('/forgot');
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Some people might find this approach to be less secure. Maybe a better approach might have been to let the user know “If there is an account with provided e-mail address, we will send you a reset link”. Again, feel free to change it based on your application needs.
|
|
||||||
|
|
||||||
The second step involves resetting a password. After clicking on a reset link, it redirects you to a page where you can set a new password. The token validity check is performed twice - on `GET` request when you click on a reset link and on `POST` request after you submit a new password. After selecting a new password, both `passwordResetToken` and `resetPasswordExpire` fields are deleted from the database. This is easily done by setting their value to `undefined`; *Mongoose* will run `$unset` internally. And finally, user is logged in with the new password and a confirmation email is sent notifying about the password change.
|
|
||||||
|
|
||||||
Mongoose Cheatsheet
|
Mongoose Cheatsheet
|
||||||
-------------------
|
-------------------
|
||||||
@ -1019,7 +998,11 @@ User
|
|||||||
```
|
```
|
||||||
|
|
||||||
#### Get total count of a field from all documents:
|
#### Get total count of a field from all documents:
|
||||||
Let's suppose that each user has a `votes` field and you would like to count the total number of votes in your database accross all users. One very inefficient way would be to loop through each document and manually accumulate the count. Or you could use [MongoDB Aggregation Framework](http://docs.mongodb.org/manual/core/aggregation-introduction/) instead:
|
Let's suppose that each user has a `votes` field and you would like to count
|
||||||
|
the total number of votes in your database accross all users. One very
|
||||||
|
inefficient way would be to loop through each document and manually accumulate
|
||||||
|
the count. Or you could use [MongoDB Aggregation Framework](http://docs.mongodb.org/manual/core/aggregation-introduction/) instead:
|
||||||
|
|
||||||
```js
|
```js
|
||||||
User.aggregate({ $group: { _id: null, total: { $sum: '$votes' } } }, function(err, votesCount) {
|
User.aggregate({ $group: { _id: null, total: { $sum: '$votes' } } }, function(err, votesCount) {
|
||||||
console.log(votesCount.total);
|
console.log(votesCount.total);
|
||||||
|
|||||||
Reference in New Issue
Block a user