Install the bcrypt library - https://www.npmjs.com/package/bcrypt
Update the /signup endpoint
Password hashing is a technique used to securely store passwords in a way that makes them difficult to recover or misuse. Instead of storing the actual password, you store a hashed version of it.
A popular approach to hashing passwords involves using a hashing algorithm that incorporates a salt—a random value added to the password before hashing. This prevents attackers from using precomputed tables (rainbow tables) to crack passwords.
Bcrypt: It is a cryptographic hashing algorithm designed for securely hashing passwords. Developed by Niels Provos and David Mazières in 1999, bcrypt incorporates a salt and is designed to be computationally expensive, making brute-force attacks more difficult.
We’re starting from yesterday’s code - https://github.com/100xdevs-cohort-3/week-7-mongo
Install the bcrypt library - https://www.npmjs.com/package/bcrypt
Update the /signup endpoint
app.post("/signup", async function(req, res) {
const email = req.body.email;
const password = req.body.password;
const name = req.body.name;
const hasedPassword = await bcrypt.hash(password, 10);
await UserModel.create({
email: email,
password: hasedPassword,
name: name
});
res.json({
message: "You are signed up"
})
});
signin functionapp.post("/signin", async function(req, res) {
const email = req.body.email;
const password = req.body.password;
const user = await UserModel.findOne({
email: email,
});
const passwordMatch = bcrypt.compare(password, user.password);
if (user && passwordMatch) {
const token = jwt.sign({
id: user._id.toString()
}, JWT_SECRET);
res.json({
token
})
} else {
res.status(403).json({
message: "Incorrect creds"
})
}
});