How to add users to friends arrays in user mode
This article aims to guide developers how to add their information to the other party's user-mode friends array after they accept a friend request. The article will discuss measures to avoid front-end tampering with user IDs, and query the friend list through the FriendRequest model. It will also introduce how to update the user mode when accepting friend requests, and emphasize the importance of using transactions to ensure data consistency.
Ensure the security of user ID
When processing friend requests, there is a security risk to directly obtain the sender ID from the front end. Malicious users can forge the sender ID by modifying HTML, resulting in data inconsistency or potential security issues. To avoid this, the current user's ID should be obtained from the server-side session or authentication middleware.
For example, a front-end form can contain only the receiver's ID:
In the backend routing handler, use the current user ID provided by the authentication middleware as the sender:
router.post("/requests", (req, res) => {
const { receiver } = req.body;
FriendRequest.create({
sender: req.user._id, // Get the current user ID from the authentication middleware
Receiver
}).then(() => {
res.status(204).send();
}).catch((error) => {
res.status(500).send("Error sending friend request");
});
});
It is assumed here that req.user._id contains the ID of the authenticated user. You need to adjust this part of the code according to the authentication method you are using.
Query friend list through FriendRequest model
A more elegant way is to avoid explicitly maintaining friends arrays in the User model. Instead, you can get a list of friends by querying the FriendRequest model. This approach takes advantage of the sender and status fields that already exist in the FriendRequest model.
For example, to get all accepted friends of the current user, you can use the following query:
FriendRequest
.find({sender: req.user._id, status: 'accepted'})
.then((listOfFriends)=>{
console.log(listOfFriends);
})
.catch((e)=>{
// handle error
})
The advantage of this approach is that it avoids data redundancy and only needs to update the FriendRequest model when the friend relationship changes.
Update friends array in user mode (use with caution)
If you still need to explicitly maintain the friends array in the User model, you need to update the friends array for both users when accepting a friend request.
router.post("/requests/:id/accept", async (req, res) => {
try {
const request = await FriendRequest.findById(req.params.id);
request.status = "accepted";
await request.save();
const currentUser = await User.findById(req.user._id); // Get the current user const otherUser = await User.findById(request.receiver); // Get the receiver user currentUser.friends.push(request.receiver);
otherUser.friends.push(req.user._id);
await currentUser.save();
await otherUser.save();
res.redirect("/requests");
} catch (error) {
// Handle error console.error("Error accepting friend request:", error);
res.status(500).send("Error accepting friend request");
}
});
Notes: Use transactions
When updating multiple collections, be sure to use database transactions to ensure data consistency. If the update of the User model fails after updating the FriendRequest model, data may be inconsistent.
Here is an example of how to use Mongoose transactions:
const mongoose = require('mongoose');
router.post("/requests/:id/accept", async (req, res) => {
const session = await mongoose.startSession();
session.startTransaction();
try {
const request = await FriendRequest.findById(req.params.id).session(session);
request.status = "accepted";
await request.save({ session });
const currentUser = await User.findById(req.user._id).session(session); // Get the current user const otherUser = await User.findById(request.receiver).session(session); // Get the recipient user currentUser.friends.push(request.receiver);
otherUser.friends.push(req.user._id);
await currentUser.save({ session });
await otherUser.save({ session });
await session.commitTransaction();
session.endSession();
res.redirect("/requests");
} catch (error) {
await session.abortTransaction();
session.endSession();
// Handle error console.error("Error accepting friend request:", error);
res.status(500).send("Error accepting friend request");
}
});
In this example, mongoose.startSession() creates a new session and session.startTransaction() starts the transaction. All database operations pass session objects through .session(session). If all operations are successful, session.commitTransaction() commits the transaction; otherwise, session.abortTransaction() rolls back the transaction and revokes all changes.
Summarize
When processing friend requests, be sure to pay attention to the security of user ID and consider using the FriendRequest model to query the friend list to avoid data redundancy. If you need to explicitly maintain the friends array in the User model, be sure to use database transactions to ensure data consistency. Which method to choose depends on your specific needs and requirements for data consistency.
The above is the detailed content of How to add users to friends arrays in user mode. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
ArtGPT
AI image generator for creative art from text prompts.
Stock Market GPT
AI powered investment research for smarter decisions
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
JavaScript realizes click-through image switching effect: professional tutorial
Sep 18, 2025 pm 01:03 PM
This article will introduce how to use JavaScript to achieve the effect of clicking on images. The core idea is to use HTML5's data-* attribute to store the alternate image path, and listen to click events through JavaScript, dynamically switch the src attributes, thereby realizing image switching. This article will provide detailed code examples and explanations to help you understand and master this commonly used interactive effect.
How to get the user's location with the Geolocation API in JavaScript?
Sep 21, 2025 am 06:19 AM
First, check whether the browser supports GeolocationAPI. If supported, call getCurrentPosition() to get the user's current location coordinates, and obtain the latitude and longitude values through successful callbacks. At the same time, provide error callback handling exceptions such as denial permission, unavailability of location or timeout. You can also pass in configuration options to enable high precision, set the timeout time and cache validity period. The entire process requires user authorization and corresponding error handling.
How to create a repeating interval with setInterval in JavaScript
Sep 21, 2025 am 05:31 AM
To create a repetition interval in JavaScript, you need to use the setInterval() function, which will repeatedly execute functions or code blocks at specified milliseconds intervals. For example, setInterval(()=>{console.log("Execute every 2 seconds");},2000) will output a message every 2 seconds until it is cleared by clearInterval(intervalId). It can be used in actual applications to update clocks, poll servers, etc., but pay attention to the minimum delay limit and the impact of function execution time, and clear the interval in time when no longer needed to avoid memory leakage. Especially before component uninstallation or page closing, ensure that
The Nuxt 3 Composition API Explained
Sep 20, 2025 am 03:00 AM
Nuxt3's Composition API core usage includes: 1. definePageMeta is used to define page meta information, such as title, layout and middleware, which need to be called directly in it and cannot be placed in conditional statements; 2. useHead is used to manage page header tags, supports static and responsive updates, and needs to cooperate with definePageMeta to achieve SEO optimization; 3. useAsyncData is used to securely obtain asynchronous data, automatically handle loading and error status, and supports server and client data acquisition control; 4. useFetch is an encapsulation of useAsyncData and $fetch, which automatically infers the request key to avoid duplicate requests
Common pitfalls and solutions for DOM element access in JavaScript
Sep 15, 2025 pm 01:24 PM
This article aims to solve the problem of returning null when obtaining DOM elements through document.getElementById() in JavaScript. The core is to understand the script execution timing and DOM parsing status. By correctly placing the tag or utilizing the DOMContentLoaded event, you can ensure that the element is attempted again when it is available, effectively avoiding such errors.
Number formatting in JavaScript: Use toFixed() method to retain fixed decimal places
Sep 16, 2025 am 11:57 AM
This tutorial explains in detail how to format numbers into strings with fixed two decimals in JavaScript, even integers can be displayed in the form of "#.00". We will focus on the use of the Number.prototype.toFixed() method, including its syntax, functionality, sample code, and key points to be noted, such as its return type always being a string.
How to copy text to the clipboard in JavaScript?
Sep 18, 2025 am 03:50 AM
Use the writeText method of ClipboardAPI to copy text to the clipboard, it needs to be called in security context and user interaction, supports modern browsers, and the old version can be downgraded with execCommand.
How to create a multi-line string in JavaScript?
Sep 20, 2025 am 06:11 AM
TheBestAtOrreatEamulti-LinestringinjavascriptSisingStisingTemplatalalswithbacktTicks, whichpreserveTicks, WhichpreserveReKeAndEExactlyAswritten.
