NodeJs Tutorials
- NodeJs
- Install NodeJs
- Why use NodeJs
- NodeJs Process Model
- create First Application
- Run NodeJs Application
- Node.js Console
- Node.Js Modules
- URL Modules
- node.js Callback
- Node.js Events
- Upload Files
- Upload single & Multiple Files
- NodeJs File System
- NodeJs Email
- Debugging NodeJs
- .ENV
- NodeJs Mysql
- Helpers
- encription and decription in nodeJs
- Query string
- Date & Time
- Express Js
- Template Engine with Express
- MVC Pattern in Node.Js
- list of NPM Module
- Middleware
- Body Parser
- Render
- Nodemon module
- Morgan module
- Flash Message in ExpressJs
- Session
- Session store in database
- Cookies
- Helmet
- Multer
- Router: How To Use Routing In Node.Js
- App.Js
- express.json() and express.urlencoded()
- REST APIs in NodeJs
- Gloabal Objects
- Submit Form Data
- How to get Post Data in Node.js
- How to Get URL Parameters in Node.js
- How to create Node Project
- How to Insert Form Data Into the MySql Table Using Node.js
- How to fetch Data from MySQL database table using Node.js
- CRUD Example
- Await and Async
- Promises
- Login Example
- Password Encription
- How to validate Form (Form Validation) in Node.Js?
- Registration & Login form usingn Node.Js & MySql?
- Forgot & Reset Password
- File Upload in Node.Js with ExpressJs
- Resize Image Before Upload using Multer Sharp
- Upload multiple file using node.js with multer module
- Upload file using node.js with multer module
- Client IP Address
- REST API Downloading File in NodeJs
- Export and Download CSV From MySQL Database
- CRUD REST API
- CRUD REST API Example 2
- Enable HTTPS using Node
- How to send EMAIL using NodeJs?
- Dynamic dependent dropdown using NodeJs?
- Autocomplete Search
- Get and Send Data From Ajax Request
- Get and Post Data using Ajax
- Passport Authentication
- Node Js Data type
- Node Js Error
- Node Js Array Function
- Node Js String Function
- Puppeter Module
How to Hash and Verify a Password in Node.js With bcrypt
Password hashing is a mechanism in which passing a plain text password through a hashing algorithm to generate a unique(eccripted) value. various hashing algorithms bcrypt, scrypt, and SHA are used for password hashing.
Every time you pass the same input to a hashing algorithm, it will generate the same output.
Hashing performs a one-way transformation on a password
Password Salting :-
Password salting adds a random string (the salt) to a password before hashing it. This way, the hash generated will always be different each time. Even if a hacker obtains the hashed password, it is impractical for them to discover the original password that generated it.
File Name :
bcrypt
bcrypt is an npm module that used for password salting and hashing.
File Name :
npm install bcrypt
import bcrypt
File Name :
const bcrypt = require("bcrypt")
Generate a Salt
bcrypt.genSalt() method is used for generate the salt
This method accepts an integer value which is the cost factor that determines the time taken to hash a password.
It commonly ranges between 5 and 15.
File Name :
bcrypt.genSalt(10, (err, salt) => {
// use salt to hash password
})
Hash the Password
Pass the plain password and the generated salt to the hash() method:
File Name :
bcrypt.genSalt(10, (err, salt) => {
bcrypt.hash(plain_text_Password, salt, function(err, hash) {
// Store hash in the database
});
})
Instead of generating the salt and hash separately, you can also auto-generate the salt and hash using a single function.
File Name :
bcrypt.hash(plain_text_Password, 10, function(err, hash) {
// store hash in the database table
});
File Name :
Compare Passwords Using bcrypt
To authenticate users, bcrypt.compare() method accepts the plain text password and the hash that you stored, along with a callback function.
That callback supplies an object containing any errors that occurred, If the password matches the hash, the result is true.
File Name :
bcrypt.compare(plaintextPassword, hash, function(err, result) {
if (result) {
// password is valid
}
});
Using Async/Await
You can hash and verify passwords using async/await
File Name :
async function hashPassword(plain_text_Password) {
const hash = await bcrypt.hash(plain_text_Password, 10);
// Store hash in the database table
}
// compare password
async function comparePassword(plain_text_Password, hash) {
const result = await bcrypt.compare(plain_text_Password, hash);
return result;
}
Using Promises
The bcrypt library also supports the use of promises.
File Name :
function hashPassword(plaintextPassword) {
bcrypt.hash(plaintextPassword, 10)
.then(hash => {
// Store hash in the database
})
.catch(err => {
console.log(err)
})
}
function comparePassword(plaintextPassword, hash) {
bcyrpt.compare(plaintextPassword, hash)
.then(result => {
return result
})
.catch(err => {
console.log(err)
})
}
File Name :
bcrypt.hash(req.body.password, salt, (err, encrypted) => {
req.body.password = encrypted
next()
})
While logging in, compare the stored password using bcrypt.compare function
File Name :
bcrypt.compare(req.body.password, user.password, function (err, result) {
if (result == true) {
// redirect to location
} else {
res.send(‘Incorrect password’)
// redirect to login page
}
})
File Name :
Bcrypt is a NPM library used to secure the user credentials in NodeJs
It supports both synchronous and asynchronous method but asynchronous method is recommended as sync with block the other requests until it finishes.
File Name :