31
How we secure our password in express and mongoDB
many developers think how we secure our password through malicious user they try to access data and destroy their server.
In express we discuss a library named is "bcrypt" they hashed our data and this hashed data does not decrypt any user this is best feature of this library.
Install in your system
npm i express mongoose bcrypt
const {Schema,model}=mongoose
const userSchema=new Schema({
username:String,
password:String
)}
const User=model('user',userSchema)
module.exports=User
send data through this api end point
router.post('/api/register',acync (req,res)=>{
const {username,password}=req.body
const oldUser=await User.findOne({username})
if(oldUser) return res.status(400).send("User already registered")
const salt=await bcrypt.getSalt(10)
const hashPassword=await bcrypt.hash(password,salt);
const user=new User({username,password:hashPassword})
const result=await user.save()
res.status(200).send(result);
});
above example is register it and saved their data
router.post('/api/login',acync (req,res)=>{
const {username,password}=req.body
const user=await User.findOne({username})
(!user) return res.status(404).send("User Not Found")
const hashPassword=await bcrypt.compare(password,user.password);
if(user && hashPassword)
return res.send({username,password:hashPassword});
else
return res.status(400).send("password is wrong")
});
above code is login user with athenticated.
31