Guys I'm trying to make a password hash with BCRYPT, but the user real password is sent to PostgresSQL what can I do to fix it? Did I write it wrong?
import { Model, Sequelize } from 'sequelize';
const bcrypt = require('bcrypt');
class User extends Model {
static init(sequelize) {
super.init(
{
name: Sequelize.STRING,
email: Sequelize.STRING,
password: Sequelize.VIRTUAL,
password_hash: Sequelize.STRING,
provider: Sequelize.BOOLEAN,
},
{
sequelize,
}
);
this.addHook('beforeSave', async (user) => {
if (user.password) {
user.password_hash = await bcrypt.hash(user.password, 8);
}
return this;
});
}
}
export default User;
Based on your comment,
I think you didn't understand how bcrypt works.
To register a user you do
await bcrypt.hash(user.password, 8)
This will generate you the hashed version of the user's password.
Now save that in the database (call it whatever you want, password/hashed_password)
You only need the hashed version in the database. bcrypt knows how to verify whether or not a raw string is equals to a hashed string.
Therefore when you do your login code you'll need to call
await bcrypt.compare(req.body.password, db.password, (err, same) => {
if(err) res.sendStatus(500)
if(same){
res.send("LOGIN SUCCSESSFULL!")
}else{
res.send("WRONG USERNAME/PASSWORD!")
}
})
I just wrote this from the top of my head but it should work.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.