I'm using Sequelize to do a DB find for a user record, and I want the default behavior of the model to not return the password field for that record. The password field is a hash but I still don't want to return it.
I have several options that will work, but none seems particularly good:
Create a custom class method findWithoutPassword for the User model and within that method do a User.find with the attributes set as shown in the Sequelize docs
Do a normal User.find and filter the results in the controller (not preferred)
Use some other library to strip off unwanted attributes
Is there a better way? Best of all would be if there is a way to specify in the Sequelize model definition to never return the password field, but I haven't found a way to do that.
I would suggest overriding the toJSON function:
sequelize.define('user', attributes, {
instanceMethods: {
toJSON: function () {
var values = Object.assign({}, this.get());
delete values.password;
return values;
}
}
});
Or in sequelize v4
const User = sequelize.define('user', attributes, {});
User.prototype.toJSON = function () {
var values = Object.assign({}, this.get());
delete values.password;
return values;
}
toJSON is called when the data is returned to the user, so end users won't see the password field, but it will still be available in your code.
Object.assign clones the returned object - Otherwise you will completely delete the property from the instance.