Situatie
In real life applications with User authentication functionality, it is not practical to store user password as the original string in the database but it is good practice to hash the password and then store them into the database. Crypto module for Node JS helps developers to hash user password.
Solutie
Pasi de urmat
Password Hashing with Crypto module
To demonstrate the use of Crypto module, we can create a simple login and signup API and test it using Postman.
We will use two functions:
- cryto.randomBytes(“length”) : generates cryptographically strong data of given “length”.
- crypto.pbkdf2Sync(“password”, “salt”, “iterations”, “length”, “digest”) : hashes “password” with “salt” with number of iterations equal to given “iterations” (More iterations means more secure key) and uses algorithm given in “digest” and generates key of length equal to given “length”.
Project Dependencies:
- node JS: For Backend Server.
- express module for creating server.
- mongoose module for MongoDB connection and queries.
- Crypto module for hashing.
- body-parser for parsing json data.
First create a directory structure as below :
hashApp --model ----user.js --route ----user.js --server.js Create model/user.js file which defines user schema
// Importing modules
const mongoose = require(‘mongoose’);
var crypto = require(‘crypto’);
// Creating user schema
const UserSchema = mongoose.Schema({
name : {
type : String,
required : true
},
email : {
type : String,
required : true
},
hash : String,
salt : String
});
// Method to set salt and hash the password for a user
// setPassword method first creates a salt unique for every user
// then it hashes the salt with user password and creates a hash
// this hash is stored in the database as user password
UserSchema.methods.setPassword = function(password) {
// Creating a unique salt for a particular user
this.salt = crypto.randomBytes(16).toString(‘hex’);
// Hashing user’s salt and password with 1000 iterations,
64 length and sha512 digest
this.hash = crypto.pbkdf2Sync(password, this.salt,
1000, 64, `sha512`).toString(`hex`);
};
// Method to check the entered password is correct or not
// valid password method checks whether the user
// password is correct or not
// It takes the user password from the request
// and salt from user database entry
// It then hashes user password and salt
// then checks if this generated hash is equal
// to user’s hash in the database or not
// If the user’s hash is equal to generated hash
// then the password is correct otherwise not
UserSchema.methods.validPassword = function(password) {
var .hash = crypto.pbkdf2Sync(password,
this.salt, 1000, 64, `sha512`).toString(`hex`);
return this.hash === hash;
};
// Exporting module to allow it to be imported in other files
const User = module.exports = mongoose.model(‘User’, UserSchema);
Create route/user.js file :
// Importing modules
const express = require(‘express’);
const router = express.Router();
// Importing User Schema
const User = require(‘../model/user’);
// User login api
router.post(‘/login’, (req, res) => {
// Find user with requested email
User.findOne({ email : req.body.email }, function(err, user) {
if (user === null) {
return res.status(400).send({
message : “User not found.”
});
}
else {
if (user.validPassword(req.body.password)) {
return res.status(201).send({
message : “User Logged In”,
})
}
else {
return res.status(400).send({
message : “Wrong Password”
});
}
}
});
});
// User signup api
router.post(‘/signup’, (req, res, next) => {
// Creating empty user object
let newUser = new User();
// Initialize newUser object with request data
newUser.name = req.body.name,
newUser.email = req.body.email
// Call setPassword function to hash password
newUser.setPassword(req.body.password);
// Save newUser object to database
newUser.save((err, User) => {
if (err) {
return res.status(400).send({
message : “Failed to add user.”
});
}
else {
return res.status(201).send({
message : “User added successfully.”
});
}
});
});
// Export module to allow it to be imported in other files
module.exports = router;
Create server.js file :
// Importing modules
var express = require(‘express’);
var mongoose = require(‘mongoose’);
var bodyparser = require(‘body-parser’);
// Initialize express app
var app = express();
// Mongodb connection url
var MONGODB_URI = “mongodb://localhost:27017/hashAppDb”;
// Connect to MongoDB
mongoose.connect(MONGODB_URI);
mongoose.connection.on(‘connected’, () => {
console.log(‘Connected to MongoDB @ 27017’);
});
// Using bodyparser to parse json data
app.use(bodyparser.json());
// Importing routes
const user = require(‘./route/user’);
// Use user route when url matches /api/user/
app.use(‘/api/user’, user);
// Creating server
const port = 3000;
app.listen(port, () => {
console.log(“Server running at port: ” + port);
});
- Run server.js file using command node server.js from the hashApp directory
- Open Postman and create a post request to localhost:3000/api/user/signup as below:
You will get the response as below:
Leave A Comment?