Node Auth Tutorial (JWT) #7 - Hashing Passwords

Net Ninja · Beginner ·🔧 Backend Engineering ·5y ago

Key Takeaways

Demonstrates how to hash passwords using bcrypt in a Node.js application with Mongoose

Full Transcript

so then currently when a user signs up we're taking their password and we're storing it as it is in the database in plain text format like this now this is never a good idea because if your database is compromised a hacker can see every single user password so it's very important never never do this we should always hash a password before we store it in the database so now we're going to do that so we want to hash a password just before the user document is created in the database now we've seen how we can use a hawk to fire a function just before something's saved in the database and that's this pre-hook right here so use the schema dot pre save and then we're gonna fire a function before the user document is saved and this is where we will hash the user's password because we get access to that user by using the this keyword now in order to hash the password itself we're going to install a third party package called bcrypt and bcrypt specializes in this so let us go to the second terminal over here and type in npm install be crypt like so so this is going to install bcrypt into our project for us make sure it goes into your dependencies over here once it's done and you can see this one right here so we're going to use bcrypt to do all this in a moment but before we use it i quickly want to talk about how password hashing works under the hood so when we're hashing a password there's actually two steps involved at a basic level one of those steps is to run our password through a hashing algorithm now a hashing algorithm takes in a text password and it generates a longer more seemingly random string so you can think of this as a bit like a coded password so it's already a bit more secure but this alone isn't enough because hackers can reverse engineer simple hashed passwords so another step is to generate something called a salt and attach it to the password before it's hashed now a salt is a string of characters separate from the password itself so then the end result is a hashed password and salt combination which is then stored in the database this is going to be the process we take when a new user signs up we take the password they try to sign up with we attach assault hash it and then store that in the database so when a user later tries to log in to authenticate themselves we would take the password they enter to log in with add the salt to that password hash it through the same hashing algorithm then we compare it with their hashed password stored in their database which was generated when they signed up if they match then we know that it's the correct password and we log them in if they don't then they're not logged in so this is what we're going to be doing for our website now it's not that complex to set up and in fact be crypt the package we just installed makes it really really easy to do all right so let's give this a whirl this is the package be quipped we installed just earlier so now inside the user model file i'm going to import that at the top so const bcrypt is equal to require and it's be crypt the package we want to require okay so down here we can use that inside this pre-save hook so what do we want to do well first of all we want to generate a salt so we'll say const salt is equal to be crypt dot gen salt which is a function and that generates a salt for us now this is asynchronous so we need to place a weight in front of this now in order to use a weight this function must be asynchronous and we can mark it as touch by saying async in front of it so now we have the salt inside this constant now we're going to use that with our password that the user signs up with to hash the password and then store it in the database so we're going to say this dot password now remember this refers to the instance of the user we're trying to create so already we have this local version of the user and we're going to update the password property on that so that then when it's saved to the database the password will be updated so we're going to set that equal to a weight because this is going to be asynchronous again and it's be gripped and at this time we want to use a method called hash now this method takes in two arguments the first one is the password we want to hash now that is just this dot password remember at this point we've not updated it when we pass it into the function so this is the password they try to sign up with and the second argument is going to be the salt which is this thing oh not sale salt this thing right here okay so we're doing this and we're awaiting the results and then this now is the hashed version of the password and since this all happened before we save it to the database when we go to the next function the next middleware when it saves it to the database the password is going to be the hashed one and not the plain text one so let me save that now and let me come over to postman to try this out now i need another character so let me say bowser at google.com and when i send this hopefully it will store the hashed password and it does we can see the password that we get right back here this is the hashed password and if we take a look inside the database we should see that there as well let me just refresh this page over here so that we can see it and if we scroll down we should see bowser with the long hashed password there we go so this is probably a good time to delete all of the other users because we don't want to store those anymore because they don't have hashed passwords and if you keep those in later on down the line if you try to log in with some of these users it's not going to work because we're going to be comparing hashed passwords not these original passwords okay so delete all of those until we're left with just this user with a hashed password okay so now we've got all of that out the way we're hashing passwords in the next video i want to create the sign up and the login views

Original Description

In this Node auth tutorial we'll see how to hash our passwords before saving them to the database using bcrypt. 🐱‍👤🐱‍👤 JOIN THE GANG - https://www.youtube.com/channel/UCW5YeuERMmlnqo4oq8vwUpg/join ---------------------------------------- 🐱‍💻 🐱‍💻 My Udemy Courses: + Modern JavaScript - https://www.thenetninja.co.uk/udemy/modern-javascript + Vue JS & Firebase - http://www.thenetninja.co.uk/udemy/vue-and-firebase + D3.js & Firebase - https://www.thenetninja.co.uk/udemy/d3-and-firebase 🐱‍💻 🐱‍💻 Course Files: + https://github.com/iamshaunjp/node-express-jwt-auth 🐱‍💻 🐱‍💻 Other Related Free Courses & Links: + Node.js Cash Course - https://www.youtube.com/watch?v=zb3Qk8SG5Ms&list=PL4cUxeGkcC9jsz4LDYc6kv3ymONOKxwBU + Get VS Code - https://code.visualstudio.com/ + JWT Debugger - https://jwt.io/ 🐱‍💻 🐱‍💻 Social Links: Facebook - https://www.facebook.com/thenetninjauk Twitter - https://twitter.com/thenetninjauk Instagram - https://www.instagram.com/thenetninja/
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from Net Ninja · Net Ninja · 0 of 60

← Previous Next →
1 Regular Expressions (RegEx) Tutorial #14 - Matching a Username
Regular Expressions (RegEx) Tutorial #14 - Matching a Username
Net Ninja
2 Regular Expressions (RegEx) Tutorial #15 - Email RegEx Pattern
Regular Expressions (RegEx) Tutorial #15 - Email RegEx Pattern
Net Ninja
3 Regular Expressions (RegEx) Tutorial #16 - Finishing Touches
Regular Expressions (RegEx) Tutorial #16 - Finishing Touches
Net Ninja
4 GraphQL Tutorial #1 - Introduction to GraphQL
GraphQL Tutorial #1 - Introduction to GraphQL
Net Ninja
5 GraphQL Tutorial #2 - A Birdseye View of GraphQL
GraphQL Tutorial #2 - A Birdseye View of GraphQL
Net Ninja
6 GraphQL Tutorial #3 - Project (stack) Overview
GraphQL Tutorial #3 - Project (stack) Overview
Net Ninja
7 GraphQL Tutorial #4 - Making Queries (front-end preview)
GraphQL Tutorial #4 - Making Queries (front-end preview)
Net Ninja
8 GraphQL Tutorial #5 - Express App Setup
GraphQL Tutorial #5 - Express App Setup
Net Ninja
9 GraphQL Tutorial #6 - Setting up GraphQL
GraphQL Tutorial #6 - Setting up GraphQL
Net Ninja
10 GraphQL Tutorial #7 - GraphQL Schema
GraphQL Tutorial #7 - GraphQL Schema
Net Ninja
11 GraphQL Tutorial #8 - Root Query
GraphQL Tutorial #8 - Root Query
Net Ninja
12 GraphQL Tutorial #9 - The Resolve Function
GraphQL Tutorial #9 - The Resolve Function
Net Ninja
13 GraphQL Tutorial #10 - Testing Queries in Graphiql
GraphQL Tutorial #10 - Testing Queries in Graphiql
Net Ninja
14 GraphQL Tutorial #11 - GraphQL ID Type
GraphQL Tutorial #11 - GraphQL ID Type
Net Ninja
15 GraphQL Tutorial #12 - Author Type
GraphQL Tutorial #12 - Author Type
Net Ninja
16 GraphQL Tutorial #13 - Type Relations
GraphQL Tutorial #13 - Type Relations
Net Ninja
17 GraphQL Tutorial #14 - GraphQL Lists
GraphQL Tutorial #14 - GraphQL Lists
Net Ninja
18 GraphQL Tutorial #15 - More on Root Queries
GraphQL Tutorial #15 - More on Root Queries
Net Ninja
19 GraphQL Tutorial #16 - Connecting to mLab
GraphQL Tutorial #16 - Connecting to mLab
Net Ninja
20 GraphQL Tutorial #17 - Mongoose Models
GraphQL Tutorial #17 - Mongoose Models
Net Ninja
21 GraphQL Tutorial #18 - Mutations
GraphQL Tutorial #18 - Mutations
Net Ninja
22 GraphQL Tutorial #19 - More on Mutations
GraphQL Tutorial #19 - More on Mutations
Net Ninja
23 GraphQL Tutorial #20 - Updating the Resolve Functions
GraphQL Tutorial #20 - Updating the Resolve Functions
Net Ninja
24 GraphQL Tutorial #21 - GraphQL NonNull
GraphQL Tutorial #21 - GraphQL NonNull
Net Ninja
25 GraphQL Tutorial #22 - Adding a Front-end
GraphQL Tutorial #22 - Adding a Front-end
Net Ninja
26 GraphQL Tutorial #23 - Create React App
GraphQL Tutorial #23 - Create React App
Net Ninja
27 GraphQL Tutorial #24 - Book List Component
GraphQL Tutorial #24 - Book List Component
Net Ninja
28 GraphQL Tutorial #25 - Apollo Client Setup
GraphQL Tutorial #25 - Apollo Client Setup
Net Ninja
29 GraphQL Tutorial #26 - Making Queries from React
GraphQL Tutorial #26 - Making Queries from React
Net Ninja
30 GraphQL Tutorial #27 - Rendering Data in a Component
GraphQL Tutorial #27 - Rendering Data in a Component
Net Ninja
31 GraphQL Tutorial #28 - Add Book Component
GraphQL Tutorial #28 - Add Book Component
Net Ninja
32 GraphQL Tutorial #29 - External Query File
GraphQL Tutorial #29 - External Query File
Net Ninja
33 GraphQL Tutorial #30 - Updating Component State
GraphQL Tutorial #30 - Updating Component State
Net Ninja
34 GraphQL Tutorial #31 - Composing Queries
GraphQL Tutorial #31 - Composing Queries
Net Ninja
35 GraphQL Tutorial #32 - query variables
GraphQL Tutorial #32 - query variables
Net Ninja
36 GraphQL Tutorial #33 - Re-fetching Queries
GraphQL Tutorial #33 - Re-fetching Queries
Net Ninja
37 GraphQL Tutorial #34 - Book Details Component
GraphQL Tutorial #34 - Book Details Component
Net Ninja
38 GraphQL Tutorial #36 - Styling the App
GraphQL Tutorial #36 - Styling the App
Net Ninja
39 GraphQL Tutorial #35 - Making a Single Query
GraphQL Tutorial #35 - Making a Single Query
Net Ninja
40 Build Apps with Vue & Firebase - Udemy Course
Build Apps with Vue & Firebase - Udemy Course
Net Ninja
41 Updated Vue & Firebase Course (Udemy)
Updated Vue & Firebase Course (Udemy)
Net Ninja
42 Vue & Firebase Real-time Chat (Preview) #1 - Intro
Vue & Firebase Real-time Chat (Preview) #1 - Intro
Net Ninja
43 Vue & Firebase Real-time Chat (Preview) #2 - Project Structure
Vue & Firebase Real-time Chat (Preview) #2 - Project Structure
Net Ninja
44 Vue & Firebase Real-time Chat (Preview) #3 - Firestore Setup
Vue & Firebase Real-time Chat (Preview) #3 - Firestore Setup
Net Ninja
45 Vue & Firebase Real-time Chat (Preview) #4 - Welcome Screen
Vue & Firebase Real-time Chat (Preview) #4 - Welcome Screen
Net Ninja
46 Vue & Firebase Real-time Chat (Preview) #5 - Props in Routes
Vue & Firebase Real-time Chat (Preview) #5 - Props in Routes
Net Ninja
47 Vue & Firebase Real-time Chat (Preview) #6 - Route Guards
Vue & Firebase Real-time Chat (Preview) #6 - Route Guards
Net Ninja
48 Vue & Firebase Real-time Chat (Preview) #7 - Chat Window
Vue & Firebase Real-time Chat (Preview) #7 - Chat Window
Net Ninja
49 Vue & Firebase Real-time Chat (Preview) #8 - New Message Component
Vue & Firebase Real-time Chat (Preview) #8 - New Message Component
Net Ninja
50 Object Oriented JavaScript Tutorial #1 - Introduction
Object Oriented JavaScript Tutorial #1 - Introduction
Net Ninja
51 Object Oriented JavaScript Tutorial #2 - Object Literals
Object Oriented JavaScript Tutorial #2 - Object Literals
Net Ninja
52 Object Oriented JavaScript Tutorial #3 - Updating Properties
Object Oriented JavaScript Tutorial #3 - Updating Properties
Net Ninja
53 Object Oriented JavaScript Tutorial #4 - Classes
Object Oriented JavaScript Tutorial #4 - Classes
Net Ninja
54 Object Oriented JavaScript Tutorial #5  - Class Constructors
Object Oriented JavaScript Tutorial #5 - Class Constructors
Net Ninja
55 Object Oriented JavaScript Tutorial #6 - Class Methods
Object Oriented JavaScript Tutorial #6 - Class Methods
Net Ninja
56 Object Oriented JavaScript Tutorial #7 - Method Chaining
Object Oriented JavaScript Tutorial #7 - Method Chaining
Net Ninja
57 Object Oriented JavaScript Tutorial #8 - Class Inheritance
Object Oriented JavaScript Tutorial #8 - Class Inheritance
Net Ninja
58 Object Oriented JavaScript Tutorial #9 - Constructors (under the hood)
Object Oriented JavaScript Tutorial #9 - Constructors (under the hood)
Net Ninja
59 Object Oriented JavaScript Tutorial #10 - Prototype
Object Oriented JavaScript Tutorial #10 - Prototype
Net Ninja
60 Object Oriented JavaScript Tutorial #11 - Prototype Inheritance
Object Oriented JavaScript Tutorial #11 - Prototype Inheritance
Net Ninja

Related AI Lessons

Up next
This Cop Was Held Accountable For His Brutality! #police #lawyer
Hampton Law
Watch →