Express uses bcryptjs for password encryption, expressbcryptjs

Source: Internet
Author: User

Express uses bcryptjs for password encryption, expressbcryptjs

A few days ago, I used Express to develop a small project. When I developed the login and registration module, I used bcryptjs for password encryption and summarized the following content:

Bcrypt is a cross-platform file encryption tool. Files encrypted by it can be transferred on all supported operating systems and processors. The password must be 8 to 56 characters long and be converted into a 448-bit key internally.

In addition to data encryption, bcrypt overwrites the original input file three times before deleting data by default, to block attempts by people who may obtain data from your computer to recover the data. If you do not want to use this function, you can disable it.

Bcrypt uses the Blowfish encryption algorithm released by Bruce Schnell in 1993. Specifically, bcrypt is implemented using Paul Corel's algorithm. The source code released with bcrypt slightly changed the original version.

Steps for using bcryptjs in Express:

1. Install the bcryptjs Module

npm install bcryptjs --save

2. Introduce the bcryptjs library into the module to be encrypted

var bcrypt = require('bcryptjs');

3. Set encryption strength

var salt = bcrypt.genSaltSync(10);

4. Generate the HASH value during registration and insert it into the database.

Router. post ('/register', function (req, res, next) {// obtain the connection pool from the connection pool. getConnection (function (err, connection) {// obtain the parameter var param = req. query | req. params;/* generate the HASH value */var hash = bcrypt. hashSync (param. pwd, salt); // create a connection to add a user connection. query (userSQL. insert, ["", hash, param. phone, "", 0], function (err, result) {res. send (result); // release the connection. release ();});});});

5. Verify the HASH value at login and insert it into the database

Router. post ('/login', function (req, res, next) {// obtain the connection pool from the connection pool. getConnection (function (err, connection) {// obtain the parameter var param = req. query | req. params; // establish a connection. Find the password connection based on the mobile phone number. query (userSQL. getPwdByPhoneNumber, [param. phone], function (err, result) {if (bcrypt. compareSync (param. pwd, result [0]. password) {res. send ("1"); connection. query (userSQL. updateLoginStatusById, [1, result [0]. id], function (err, result) {});} else {res. send ("0");} // release the connection. release ();});});});

The above uses the synchronous usage of bcryptjs. The following describes the asynchronous usage:

Generate a hash password:

bcrypt.genSalt(10, function(err, salt) {  bcrypt.hash("B4c0/\/", salt, function(err, hash) {    // Store hash in your password DB.  });});

Password Verification:

bcrypt.compare("B4c0/\/", hash).then((res) => {  // res === true});

The following is a simple example of using Bcrypt to encrypt data:

Var mongoose = require ('mongoose'); // introduce the bcrypt module var bcrypt = require ('bcrypt'); // define the computing strength of the encrypted password var SALT_WORK_FACTOR = 10; // connect to the database mongoose. connect ('mongodb: // localhost: 27017/test') // defines the user mode var UserSchema = new mongoose. schema ({name: {unique: true, type: String}, password: {unique: true, type: String }}, {collection: "user "}); // use pre-middleware to encrypt UserSchema before storing user information. pre ('save', function (next) {var user = this; // encrypt (add salt) bcrypt. genSalt (SALT_WORK_FACTOR, function (err, salt) {if (err) {return next (err);} bcrypt. hash (user. password, salt, function (err, hash) {if (err) {return next (err);} user. password = hash; next () ;}); // compile the Model var UserBox = mongoose. model ('userbox', UserSchema); // create a document object instance var user = new UserBox ({name: "Jack", password: "123456 "}); // save user information. save (function (err, user) {if (err) {console. log (err);} else {// if it is successfully saved, print the User Password console. log ("password:" + user. password );}})

The above is all the content of this article. I hope it will be helpful for your learning and support for helping customers.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.