Node Auth Tutorial (JWT) #7 - Hashing Passwords
Skills:
Security Basics80%
Key Takeaways
Demonstrates how to hash passwords using bcrypt in a Node.js application with Mongoose
Full Transcript
so then currently when a user signs up we're taking their password and we're storing it as it is in the database in plain text format like this now this is never a good idea because if your database is compromised a hacker can see every single user password so it's very important never never do this we should always hash a password before we store it in the database so now we're going to do that so we want to hash a password just before the user document is created in the database now we've seen how we can use a hawk to fire a function just before something's saved in the database and that's this pre-hook right here so use the schema dot pre save and then we're gonna fire a function before the user document is saved and this is where we will hash the user's password because we get access to that user by using the this keyword now in order to hash the password itself we're going to install a third party package called bcrypt and bcrypt specializes in this so let us go to the second terminal over here and type in npm install be crypt like so so this is going to install bcrypt into our project for us make sure it goes into your dependencies over here once it's done and you can see this one right here so we're going to use bcrypt to do all this in a moment but before we use it i quickly want to talk about how password hashing works under the hood so when we're hashing a password there's actually two steps involved at a basic level one of those steps is to run our password through a hashing algorithm now a hashing algorithm takes in a text password and it generates a longer more seemingly random string so you can think of this as a bit like a coded password so it's already a bit more secure but this alone isn't enough because hackers can reverse engineer simple hashed passwords so another step is to generate something called a salt and attach it to the password before it's hashed now a salt is a string of characters separate from the password itself so then the end result is a hashed password and salt combination which is then stored in the database this is going to be the process we take when a new user signs up we take the password they try to sign up with we attach assault hash it and then store that in the database so when a user later tries to log in to authenticate themselves we would take the password they enter to log in with add the salt to that password hash it through the same hashing algorithm then we compare it with their hashed password stored in their database which was generated when they signed up if they match then we know that it's the correct password and we log them in if they don't then they're not logged in so this is what we're going to be doing for our website now it's not that complex to set up and in fact be crypt the package we just installed makes it really really easy to do all right so let's give this a whirl this is the package be quipped we installed just earlier so now inside the user model file i'm going to import that at the top so const bcrypt is equal to require and it's be crypt the package we want to require okay so down here we can use that inside this pre-save hook so what do we want to do well first of all we want to generate a salt so we'll say const salt is equal to be crypt dot gen salt which is a function and that generates a salt for us now this is asynchronous so we need to place a weight in front of this now in order to use a weight this function must be asynchronous and we can mark it as touch by saying async in front of it so now we have the salt inside this constant now we're going to use that with our password that the user signs up with to hash the password and then store it in the database so we're going to say this dot password now remember this refers to the instance of the user we're trying to create so already we have this local version of the user and we're going to update the password property on that so that then when it's saved to the database the password will be updated so we're going to set that equal to a weight because this is going to be asynchronous again and it's be gripped and at this time we want to use a method called hash now this method takes in two arguments the first one is the password we want to hash now that is just this dot password remember at this point we've not updated it when we pass it into the function so this is the password they try to sign up with and the second argument is going to be the salt which is this thing oh not sale salt this thing right here okay so we're doing this and we're awaiting the results and then this now is the hashed version of the password and since this all happened before we save it to the database when we go to the next function the next middleware when it saves it to the database the password is going to be the hashed one and not the plain text one so let me save that now and let me come over to postman to try this out now i need another character so let me say bowser at google.com and when i send this hopefully it will store the hashed password and it does we can see the password that we get right back here this is the hashed password and if we take a look inside the database we should see that there as well let me just refresh this page over here so that we can see it and if we scroll down we should see bowser with the long hashed password there we go so this is probably a good time to delete all of the other users because we don't want to store those anymore because they don't have hashed passwords and if you keep those in later on down the line if you try to log in with some of these users it's not going to work because we're going to be comparing hashed passwords not these original passwords okay so delete all of those until we're left with just this user with a hashed password okay so now we've got all of that out the way we're hashing passwords in the next video i want to create the sign up and the login views
Original Description
In this Node auth tutorial we'll see how to hash our passwords before saving them to the database using bcrypt.
🐱👤🐱👤 JOIN THE GANG -
https://www.youtube.com/channel/UCW5YeuERMmlnqo4oq8vwUpg/join
----------------------------------------
🐱💻 🐱💻 My Udemy Courses:
+ Modern JavaScript - https://www.thenetninja.co.uk/udemy/modern-javascript
+ Vue JS & Firebase - http://www.thenetninja.co.uk/udemy/vue-and-firebase
+ D3.js & Firebase - https://www.thenetninja.co.uk/udemy/d3-and-firebase
🐱💻 🐱💻 Course Files:
+ https://github.com/iamshaunjp/node-express-jwt-auth
🐱💻 🐱💻 Other Related Free Courses & Links:
+ Node.js Cash Course - https://www.youtube.com/watch?v=zb3Qk8SG5Ms&list=PL4cUxeGkcC9jsz4LDYc6kv3ymONOKxwBU
+ Get VS Code - https://code.visualstudio.com/
+ JWT Debugger - https://jwt.io/
🐱💻 🐱💻 Social Links:
Facebook - https://www.facebook.com/thenetninjauk
Twitter - https://twitter.com/thenetninjauk
Instagram - https://www.instagram.com/thenetninja/
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from Net Ninja · Net Ninja · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Regular Expressions (RegEx) Tutorial #14 - Matching a Username
Net Ninja
Regular Expressions (RegEx) Tutorial #15 - Email RegEx Pattern
Net Ninja
Regular Expressions (RegEx) Tutorial #16 - Finishing Touches
Net Ninja
GraphQL Tutorial #1 - Introduction to GraphQL
Net Ninja
GraphQL Tutorial #2 - A Birdseye View of GraphQL
Net Ninja
GraphQL Tutorial #3 - Project (stack) Overview
Net Ninja
GraphQL Tutorial #4 - Making Queries (front-end preview)
Net Ninja
GraphQL Tutorial #5 - Express App Setup
Net Ninja
GraphQL Tutorial #6 - Setting up GraphQL
Net Ninja
GraphQL Tutorial #7 - GraphQL Schema
Net Ninja
GraphQL Tutorial #8 - Root Query
Net Ninja
GraphQL Tutorial #9 - The Resolve Function
Net Ninja
GraphQL Tutorial #10 - Testing Queries in Graphiql
Net Ninja
GraphQL Tutorial #11 - GraphQL ID Type
Net Ninja
GraphQL Tutorial #12 - Author Type
Net Ninja
GraphQL Tutorial #13 - Type Relations
Net Ninja
GraphQL Tutorial #14 - GraphQL Lists
Net Ninja
GraphQL Tutorial #15 - More on Root Queries
Net Ninja
GraphQL Tutorial #16 - Connecting to mLab
Net Ninja
GraphQL Tutorial #17 - Mongoose Models
Net Ninja
GraphQL Tutorial #18 - Mutations
Net Ninja
GraphQL Tutorial #19 - More on Mutations
Net Ninja
GraphQL Tutorial #20 - Updating the Resolve Functions
Net Ninja
GraphQL Tutorial #21 - GraphQL NonNull
Net Ninja
GraphQL Tutorial #22 - Adding a Front-end
Net Ninja
GraphQL Tutorial #23 - Create React App
Net Ninja
GraphQL Tutorial #24 - Book List Component
Net Ninja
GraphQL Tutorial #25 - Apollo Client Setup
Net Ninja
GraphQL Tutorial #26 - Making Queries from React
Net Ninja
GraphQL Tutorial #27 - Rendering Data in a Component
Net Ninja
GraphQL Tutorial #28 - Add Book Component
Net Ninja
GraphQL Tutorial #29 - External Query File
Net Ninja
GraphQL Tutorial #30 - Updating Component State
Net Ninja
GraphQL Tutorial #31 - Composing Queries
Net Ninja
GraphQL Tutorial #32 - query variables
Net Ninja
GraphQL Tutorial #33 - Re-fetching Queries
Net Ninja
GraphQL Tutorial #34 - Book Details Component
Net Ninja
GraphQL Tutorial #36 - Styling the App
Net Ninja
GraphQL Tutorial #35 - Making a Single Query
Net Ninja
Build Apps with Vue & Firebase - Udemy Course
Net Ninja
Updated Vue & Firebase Course (Udemy)
Net Ninja
Vue & Firebase Real-time Chat (Preview) #1 - Intro
Net Ninja
Vue & Firebase Real-time Chat (Preview) #2 - Project Structure
Net Ninja
Vue & Firebase Real-time Chat (Preview) #3 - Firestore Setup
Net Ninja
Vue & Firebase Real-time Chat (Preview) #4 - Welcome Screen
Net Ninja
Vue & Firebase Real-time Chat (Preview) #5 - Props in Routes
Net Ninja
Vue & Firebase Real-time Chat (Preview) #6 - Route Guards
Net Ninja
Vue & Firebase Real-time Chat (Preview) #7 - Chat Window
Net Ninja
Vue & Firebase Real-time Chat (Preview) #8 - New Message Component
Net Ninja
Object Oriented JavaScript Tutorial #1 - Introduction
Net Ninja
Object Oriented JavaScript Tutorial #2 - Object Literals
Net Ninja
Object Oriented JavaScript Tutorial #3 - Updating Properties
Net Ninja
Object Oriented JavaScript Tutorial #4 - Classes
Net Ninja
Object Oriented JavaScript Tutorial #5 - Class Constructors
Net Ninja
Object Oriented JavaScript Tutorial #6 - Class Methods
Net Ninja
Object Oriented JavaScript Tutorial #7 - Method Chaining
Net Ninja
Object Oriented JavaScript Tutorial #8 - Class Inheritance
Net Ninja
Object Oriented JavaScript Tutorial #9 - Constructors (under the hood)
Net Ninja
Object Oriented JavaScript Tutorial #10 - Prototype
Net Ninja
Object Oriented JavaScript Tutorial #11 - Prototype Inheritance
Net Ninja
More on: Security Basics
View skill →Related AI Lessons
⚡
⚡
⚡
⚡
Common Next.js Errors (and How I Solved Them)
Dev.to · gary killen
Applying Scalability in Backend (CodeBuddy)
Medium · LLM
Why Every Backend Developer Should Learn Nginx Before Going to Production
Medium · DevOps
Connecting Frontend to Backend: A Backend Engineer’s Reality Check
Medium · Programming
🎓
Tutor Explanation
DeepCamp AI