Build a blog with Areto Framework

User model

User model class inherits the User class that provides authentication of the user interface, and the areto/db/ActiveRecord class that manages the database.


const Base = require('areto/db/ActiveRecord');

module.exports = class User extends Base {
  // place methods here

const SecurityHelper = require('areto/helper/SecurityHelper');

Define static properties of the class in getConstants method.

  • TABLE - is the name of the table that stores the model.
  • ATTRS - this model attributes to be stored in the database. The _id attribute is used as a model identifier. It is created by MongoDB for each new record.

Static properties are available both through the class itself, and an instance: User.TABLE === (new User).TABLE === (new User).constructor.TABLE.

The init method is used to initialize static properties. It is called immediately after the class definition. Its argument is the current file module Node.js: module.exports.init(module).


static getConstants () {
  return {
    TABLE: 'user',
    ATTRS: [
      'timestamp': require('areto/behavior/TimestampBehavior')
    STATUS_PENDING: 'penging',
    STATUS_ACTIVE: 'active',
    STATUS_BANNED: 'banned',
    ROLE_READER: 'reader',
    ROLE_AUTHOR: 'author',
    ROLE_EDITOR: 'editor',
    ROLE_MODERATOR: 'moderator',
    ROLE_ADMIN: 'admin',

The findIdentity method searches the database record by ID id and status (status === 'active'). It is necessary to search for the authenticated user according to the data stored in the session.


findIdentity (id) {
 return this.findById(id).and({status: this.STATUS_ACTIVE});

The init method is called immediately after you create the model. It provides an initialization of attribute values. If you override it, then call the parent class method to work properly super.init.


constructor (config) {
  this.set('role', this.ROLE_AUTHOR);
  this.set('status', this.STATUS_ACTIVE);

The getTitle method returns the name of the model to be displayed in different cases. By default, it uses the model ID.


getTitle () {
  return this.get('name');

The isActive, isBanned methods used to check the current status of the user.


isActive () {
  return this.get('status') === this.STATUS_ACTIVE;

isBanned () {
  return this.get('status') === this.STATUS_BANNED;

The getAssignments method returns the user role stored in the role attribute that is needed to authorize access to resources of the blog.


async getAssignments () {
  return [this.get('role')];

The beforeSave method is called before saving the model. It is asynchronous, so at the end of the work is to be called cb. Also, if you override it, then you must call the super.beforeSave() parent asynchronous method.


async beforeSave (insert) {
  await super.beforeSave(insert);
  if (insert) {

setAuthKey () {
  this.set('authKey', SecurityHelper.getRandomString(this.AUTH_KEY_LENGTH));

The last couple of methods manage user password. To do this, connect the areto/helper/Security helper class after User initialization. Only the sha1 password hash is stored in the database.


checkPassword (password) {
  return SecurityHelper.checkPassword(password, this.get('passwordHash'));

setPasswordHash () {
  let password = this.get('password');
  if (password) {
    this.set('passwordHash', SecurityHelper.encryptPassword(password));