• [Angular] Using the Argon 2 Hashing Function In Our Sign Up Backend Service


    Which hash algorithom to choose for new application:

    https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet

    We can use this package:

    https://github.com/ranisalt/node-argon2

    Install:

    npm install argon2 --save

    Code:

    import {Request, Response} from 'express';
    import {db} from './database';
    import {USERS} from './database-data';
    
    import * as argon from 'argon2';
    
    export function createUser (req: Request, res: Response) {
    
      const credentials = req.body;
    
      argon.hash(credentials.password)
        .then(passwordDigest => {
    
          const user = db.createUser(credentials.email, passwordDigest);
    
          console.log(USERS);
          res.status(200).json({id: user.id, email: user.email});
        });
    
    };

      

    It would be good to add some password validations. So that user cannot enter the password as simple as '123456'...

    Valid password:

    npm install --save password-validatory

    password-validation.ts:

    import * as passwordValidator from 'password-validator';
    
    // Create a schema
    const schema = new passwordValidator();
    
    // Add properties to it
    schema
      .is().min(7)                                    // Minimum length 7
      .has().uppercase()                              // Must have uppercase letters
      .has().lowercase()                              // Must have lowercase letters
      .has().digits()                                 // Must have digits
      .has().not().spaces()                           // Should not have spaces
      .is().not().oneOf(['Passw0rd', 'Password123']); // Blacklist these values
    
    export function validatePassword(password: string) {
      return schema.validate(password, {list: true});
    }

    Update code:

    import {Request, Response} from 'express';
    import {db} from './database';
    import {USERS} from './database-data';
    
    import * as argon from 'argon2';
    import {validatePassword} from './password-validation';
    
    export function createUser (req: Request, res: Response) {
    
      const credentials = req.body;
    
      const errors = validatePassword(credentials);
    
      if (errors.length > 0) {
        res.status(400).json({
          errors
        });
      } else {
        argon.hash(credentials.password)
          .then(passwordDigest => {
    
            const user = db.createUser(credentials.email, passwordDigest);
    
            console.log(USERS);
            res.status(200).json({id: user.id, email: user.email});
          });
      }
    };
  • 相关阅读:
    如何在百度文库里面免费下载东西
    CompareTo
    MySql常用日期函数(转载)
    Oracle之ORDER BY
    Spring之Ioc
    在使用与测绘有关软件中的困难
    HDOJ_1008_Elevator
    HDOJ_1005_Number Sequence
    HDOJ_1004_Let the Balloon Rise
    HDOJ_1003_MaxSum
  • 原文地址:https://www.cnblogs.com/Answer1215/p/7355639.html
Copyright © 2020-2023  润新知