Implemented hashing and dehashing while signup and sign in with bcrypt js..

goutham03062001 · goutham03062001 · commit f34f53d80699 · 2023-04-18T17:39:19.000+05:30
diff --git a/models/user.js b/models/user.js
@@ -1,5 +1,5 @@
 const {connector} = require('./databaseUtil');
-
+const {hashPassword,comparePasswords} = require("../util");
 const userSchema = {
   name: {type: String,   required: true},
   emailId: {type: String, unique: true, required: true},
@@ -19,6 +19,11 @@ async function createUser(name, password, emailId, uid, userType){
     uid: uid,
     userType: userType
   });
+
+  //hash the password
+  const hashedPassword = await hashPassword(user.password);
+  user.password = hashedPassword;
+
   let newUser = {};
   await user.save().then((savedUser) => {
     newUser = savedUser ;
@@ -30,7 +35,7 @@ async function createUser(name, password, emailId, uid, userType){
 async function validateUser(uid, pass){
   let user = await User.findOne({uid: uid}).catch(err=>console.log(err))
   if(user){
-    if(user.password==pass)
+    if(comparePasswords(pass,user.password))
       return user
     return null;
   }
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -9,6 +9,7 @@
     "serverstartWin": "SET DEBUG=api:* && npm run devstart"
   },
   "dependencies": {
+    "bcryptjs": "^2.4.3",
     "cookie-parser": "~1.4.4",
     "cors": "^2.8.5",
     "debug": "~2.6.9",
diff --git a/util.js b/util.js
@@ -1,9 +1,33 @@
 const jwt = require("jsonwebtoken");
-
+const bcrypt = require("bcryptjs");
 exports.genrateToken = (data)=>{
     return jwt.sign(data, process.env.TOKEN_SECRET);
 } 
 
+exports.hashPassword = async(password) =>{
+    try {
+        const salt = await bcrypt.genSalt(10);
+        const hashedPassword = await bcrypt.hash(password,salt);
+        return hashedPassword;
+    } catch (error) {
+        return error.message;
+    }
+}
+
+exports.comparePasswords = async(userPassword,storedPassword) =>{
+    try {
+        bcrypt.compare(userPassword,storedPassword,(err,success)=>{
+            if(err) throw Error();
+            if(success){
+                return true;
+            }
+            else return false;
+        })
+    } catch (error) {
+        return error.message;
+    }
+}
+
 /**
  * 
  * @param {*} data any data that you want as return from the function after mentioned time
