Node Password Hasher
Node Password Hasher is an Express middleware which hashes the
password
field in the body request. Currently thebcrypt
andpbkdf2
are supported.
Installation
Node Password Hasher can be installed via npm through npm install --save node-password-hasher
.
Usage
Node Password Hasher will intercept the password
field of the body request, hash and overwrite it by using the bcrypt
algorithm.
Just require the package and use it as an Express middleware.
In this example we can use it in an endpoint to create a new user.
A password
field is expected as request parameter and the middleware will automatically hash it.
Default bcrypt usage
The easiest use is the following:
const Hasher = require('node-password-hasher');
const hasher = new Hasher(10); // The Hasher argument is the salt round number and it is optional (default 12)
module.exports = (app) => {
router.post('/', hasher.getMiddleware());
router.post('/', (req, res) => {
// req.body.password is now already hashed
});
};
Available hashers
The list of available hashers can be retrieved with hasher.getHasherList()
.
Using pbkdf2
The usePbkdf2()
method allows to use the pbkdf2
algorithm:
const Hasher = require('node-password-hasher');
const hasher = new Hasher;
const options = {
salt: 'my-super-secret-salt',
iterations: 1000, // optional, default 1000
keylen: 64, // optional, default 64
digest: 'sha512' // optional, use NodeJs crypto.getHashes() to have the list of available digests
};
hasher.usePbkdf2(options);
module.exports = (app) => {
router.post('/', hasher.getMiddleware());
router.post('/', (req, res) => {
// req.body.password is now already hashed
});
};
Development and Tests
The typescript can be compiled with npm build
or npm run watch
.
In order to run the tests, just call npm test
.
Contribution guidelines
Pull requests are welcome.
License
Node Lessons is free software distributed under the terms of the MIT license.