- Explain what a cryptographic hash function is.
- Explain why a cryptographic hash function is important.
- Explain what bcrypt is.
- Register a user with a hashed password.
Turn to your neighbor and explain what a cryptographic hash function is in your own words. Be prepared to share with the class.
Turn to your neighbor and explain why a cryptographic hash function is important in your own words. Be prepared to share with the class.
Turn to your neighbor and explain what bcrypt is in your own words. What is salt and why is it used in hashing functions like bcrypt?
- A user sends their personal information to an HTTP server, including a unique account name and an unhashed password.
- On the server, bcrypt is used to generate a hashed password.
- The user's personal information is inserted into the database with the hashed password replacing the unhashed password.
- The server informs the client that the user registration was successful by sending it the resulting row minus the hashed password.
Using the list of steps above, implement a /users POST route to register a user.
dropdb trackify_dev
createdb trackify_dev
To start off by cloning the lesson repo, installing dependencies and opening it in atom.
git clone https://github.com/Shurlow/user-registration-lesson.git
cd user-registration-lesson
npm install
atom .Take a minute to explore the project files before moving on.
Create a new users.js route file inside the routes folder. (for now just have this route respond with a 200 status code)
Don't forget to link the route as middleware in server.js
const users = require('./routes/users');
app.use(users);
Then, start the HTTP server with nodemon.
nodemon server.jsIn a new Terminal tab, then run the following shell command.
http POST localhost:8000/usersInstall the bcrypt package with the npm.
npm install --save bcryptUse the bcrypt.hash() method to generate a hashed password when the /users route is matched.
Then, run the following shell command.
http POST localhost:8000/users [email protected] password=theoneusers.js Code:
'use strict';
const bcrypt = require('bcrypt');
const express = require('express');
const router = express.Router();
router.post('/users', (req, res, next) => {
bcrypt.hash(req.body.password, 12)
.then((hashed_password) => {
console.log(req.body.email, hashed_password);
res.sendStatus(200);
})
.catch((err) => {
next(err);
});
});
module.exports = router;Create the migration file to define the schema for the users table.
npm run knex migrate:make usersInside the new migration file, write the following code.
'use strict';
exports.up = function(knex) {
return knex.schema.createTable('users', (table) => {
table.increments();
table.string('email').unique().notNullable();
table.specificType('hashed_password', 'char(60)').notNullable();
table.timestamps(true, true);
});
};
exports.down = function(knex) {
return knex.schema.dropTable('users');
};Migrate your database with the latest migration file.
npm run knex migrate:latestUpdate the /users route to insert the new users into this table along with their hashed_password.
return knex('users').insert({
email: req.body.email,
hashed_password: hashed_password
}, '*');If the insertion is successful, notify the client by sending it the newly created user record without the hashed password. It's critical that the hashed password never leave the server.
.then((user) => {
delete user.hashed_password;
res.send(user);
})
Then, run the following shell command.
http POST localhost:8000/users [email protected] password=theoneThe server should respond with the newly created user and you should see this user safely entered into the users table:
psql trackify_dev -c 'SELECT * FROM users;'Verify that everything worked correctly and give yourself a pat on the back! You just took one giant step towards making your server safe and secure ๐ ๐