1

I'm already familiar that MongoDB is based on documents that are in JSON format. I'm creating my first web app using the MEAN stack, where users can register and then be able to sign in to a back-end dashboard where they can implement products/profile information etc. How would I set that up to be stored on MongoDB? would each user be stored as a document? And as far as security reasons, how can I go about not allowing a GET request to be able to get a different users information?

Currently, I just have a collection of users, and a collection of products (with the unique id number for each user), etc. to me that doesn't seem the proper way to store data.

If anyone can help me on how to setup the database for Mongo that would be fantastic! Thanks in advance!

Improve this question

2 Answers 2

Reset to default
1

would each user be stored as a document?

Yes, each user is an object, thus it's stored as a separate document.

how can I go about not allowing a GET request to be able to get a different users information?

This has nothing to do with Mongo or any other data storage mechanism. You'll need to work on a Web service layer which exposes your data filtering requests to authorize them based on user role, claims or any authorization approach you might find useful in your scenario.

Maybe you should look at implementing OAuth2. There's a package that integrates with Express to implement your own OAuth2 authorization server: node-oauth2-server.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Currently, I just have a collection of users, and a collection of products (with the unique id number for each user), etc. to me that doesn't seem the proper way to store data.

You are on the right way actually. Now when you show products page for users you need to retrieve only documents that belong to that single user that is currently authenticated, this implies that you have authentication set up, and products have a userId field.

This is how most application work. If you want to read about other ways of solving this then read about multi-tenancy.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.