{"componentChunkName":"component---src-pages-markdown-remark-fields-slug-js","path":"/engineering/password-hashing-with-nodejs/","result":{"data":{"markdownRemark":{"id":"a36f7982-5ef2-5520-928f-cbb37723e31a","excerpt":"In this blog, we’ll be implementing authentication with password hashing in a Node.js web application. For this, we’ll be using crypto, a package password…","html":"<p>In this blog, we’ll be implementing authentication with password hashing in a Node.js web application. For this, we’ll be using <strong>crypto</strong>, a package password hashing for Node.js.</p>\n<p>The Crypto module for Node JS helps developers to hash user passwords.</p>\n<p>Pre-requisites: </p>\n<ul>\n<li>Basic knowledge of HTML/JavaScript</li>\n<li>Node js should be installed in your system.</li>\n<li>express module for creating the server.</li>\n<li>mongoose module for MongoDB connection and queries.</li>\n<li>Crypto module for hashing.</li>\n<li>body-parser for parsing JSON data</li>\n</ul>\n<p>Step 1. First, create a directory structure as below :</p>\n<p><code>hashApp</code></strong></p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"\" data-index=\"0\"><code class=\"grvsc-code\"><span class=\"grvsc-line\">--model</span>\n<span class=\"grvsc-line\">----user.js</span>\n<span class=\"grvsc-line\">--route</span>\n<span class=\"grvsc-line\">----user.js</span>\n<span class=\"grvsc-line\">--server.js</span></code></pre>\n<p>  Step 2. Create <strong>model/user.js</strong> file and add the following code :</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"js\" data-index=\"1\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk3\">// Importing modules </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">const</span><span class=\"mtk1\"> </span><span class=\"mtk12\">mongoose</span><span class=\"mtk1\"> = </span><span class=\"mtk11\">require</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;mongoose&#39;</span><span class=\"mtk1\">); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">var</span><span class=\"mtk1\"> </span><span class=\"mtk12\">crypto</span><span class=\"mtk1\"> = </span><span class=\"mtk11\">require</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;crypto&#39;</span><span class=\"mtk1\">); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Creating user schema </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">const</span><span class=\"mtk1\"> </span><span class=\"mtk12\">UserSchema</span><span class=\"mtk1\"> = </span><span class=\"mtk12\">mongoose</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Schema</span><span class=\"mtk1\">({ </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">name :</span><span class=\"mtk1\"> { </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">type :</span><span class=\"mtk1\"> </span><span class=\"mtk10\">String</span><span class=\"mtk1\">, </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">required :</span><span class=\"mtk1\"> </span><span class=\"mtk4\">true</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    }, </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">email :</span><span class=\"mtk1\"> { </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">type :</span><span class=\"mtk1\"> </span><span class=\"mtk10\">String</span><span class=\"mtk1\">, </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk12\">required :</span><span class=\"mtk1\"> </span><span class=\"mtk4\">true</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    }, </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">hash :</span><span class=\"mtk1\"> </span><span class=\"mtk10\">String</span><span class=\"mtk1\">, </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">salt :</span><span class=\"mtk1\"> </span><span class=\"mtk10\">String</span><span class=\"mtk1\"> </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">}); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Method to set salt and hash the password for a user </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">UserSchema</span><span class=\"mtk1\">.</span><span class=\"mtk12\">methods</span><span class=\"mtk1\">.</span><span class=\"mtk11\">setPassword</span><span class=\"mtk1\"> = </span><span class=\"mtk4\">function</span><span class=\"mtk1\">(</span><span class=\"mtk12\">password</span><span class=\"mtk1\">) { </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">     </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\"> </span><span class=\"mtk3\">// Creating a unique salt for a particular user </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk12\">salt</span><span class=\"mtk1\"> = </span><span class=\"mtk12\">crypto</span><span class=\"mtk1\">.</span><span class=\"mtk11\">randomBytes</span><span class=\"mtk1\">(</span><span class=\"mtk7\">16</span><span class=\"mtk1\">).</span><span class=\"mtk11\">toString</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;hex&#39;</span><span class=\"mtk1\">); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk3\">// Hashing user&#39;s salt and password with 1000 iterations, </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">     </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk12\">hash</span><span class=\"mtk1\"> = </span><span class=\"mtk12\">crypto</span><span class=\"mtk1\">.</span><span class=\"mtk11\">pbkdf2Sync</span><span class=\"mtk1\">(</span><span class=\"mtk12\">password</span><span class=\"mtk1\">, </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk12\">salt</span><span class=\"mtk1\">,  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk7\">1000</span><span class=\"mtk1\">, </span><span class=\"mtk7\">64</span><span class=\"mtk1\">, </span><span class=\"mtk8\">`sha512`</span><span class=\"mtk1\">).</span><span class=\"mtk11\">toString</span><span class=\"mtk1\">(</span><span class=\"mtk8\">`hex`</span><span class=\"mtk1\">); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">}; </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Method to check the entered password is correct or not </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">UserSchema</span><span class=\"mtk1\">.</span><span class=\"mtk12\">methods</span><span class=\"mtk1\">.</span><span class=\"mtk11\">validPassword</span><span class=\"mtk1\"> = </span><span class=\"mtk4\">function</span><span class=\"mtk1\">(</span><span class=\"mtk12\">password</span><span class=\"mtk1\">) { </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk4\">var</span><span class=\"mtk1\"> </span><span class=\"mtk12\">hash</span><span class=\"mtk1\"> = </span><span class=\"mtk12\">crypto</span><span class=\"mtk1\">.</span><span class=\"mtk11\">pbkdf2Sync</span><span class=\"mtk1\">(</span><span class=\"mtk12\">password</span><span class=\"mtk1\">,  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk12\">salt</span><span class=\"mtk1\">, </span><span class=\"mtk7\">1000</span><span class=\"mtk1\">, </span><span class=\"mtk7\">64</span><span class=\"mtk1\">, </span><span class=\"mtk8\">`sha512`</span><span class=\"mtk1\">).</span><span class=\"mtk11\">toString</span><span class=\"mtk1\">(</span><span class=\"mtk8\">`hex`</span><span class=\"mtk1\">); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk15\">return</span><span class=\"mtk1\"> </span><span class=\"mtk4\">this</span><span class=\"mtk1\">.</span><span class=\"mtk12\">hash</span><span class=\"mtk1\"> === </span><span class=\"mtk12\">hash</span><span class=\"mtk1\">; </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">}; </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Exporting module to allow it to be imported in other files </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">const</span><span class=\"mtk1\"> </span><span class=\"mtk12\">User</span><span class=\"mtk1\"> = </span><span class=\"mtk10\">module</span><span class=\"mtk1\">.</span><span class=\"mtk10\">exports</span><span class=\"mtk1\"> = </span><span class=\"mtk12\">mongoose</span><span class=\"mtk1\">.</span><span class=\"mtk11\">model</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;User&#39;</span><span class=\"mtk1\">, </span><span class=\"mtk12\">UserSchema</span><span class=\"mtk1\">); </span></span></code></pre>\n<p>Step 3. Create <strong>route/user.js</strong> file and add the following code:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"js\" data-index=\"2\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk3\">// Importing modules </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">const</span><span class=\"mtk1\"> </span><span class=\"mtk12\">express</span><span class=\"mtk1\"> = </span><span class=\"mtk11\">require</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;express&#39;</span><span class=\"mtk1\">); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">const</span><span class=\"mtk1\"> </span><span class=\"mtk12\">router</span><span class=\"mtk1\"> = </span><span class=\"mtk12\">express</span><span class=\"mtk1\">.</span><span class=\"mtk11\">Router</span><span class=\"mtk1\">(); </span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Importing User Schema </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">const</span><span class=\"mtk1\"> </span><span class=\"mtk12\">User</span><span class=\"mtk1\"> = </span><span class=\"mtk11\">require</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;../model/user&#39;</span><span class=\"mtk1\">); </span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// User login api </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">router</span><span class=\"mtk1\">.</span><span class=\"mtk11\">post</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;/login&#39;</span><span class=\"mtk1\">, (</span><span class=\"mtk12\">req</span><span class=\"mtk1\">, </span><span class=\"mtk12\">res</span><span class=\"mtk1\">) </span><span class=\"mtk4\">=&gt;</span><span class=\"mtk1\"> { </span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk3\">// Find user with requested email </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">User</span><span class=\"mtk1\">.</span><span class=\"mtk11\">findOne</span><span class=\"mtk1\">({ </span><span class=\"mtk12\">email :</span><span class=\"mtk1\"> </span><span class=\"mtk12\">req</span><span class=\"mtk1\">.</span><span class=\"mtk12\">body</span><span class=\"mtk1\">.</span><span class=\"mtk12\">email</span><span class=\"mtk1\"> }, </span><span class=\"mtk4\">function</span><span class=\"mtk1\">(</span><span class=\"mtk12\">err</span><span class=\"mtk1\">, </span><span class=\"mtk12\">user</span><span class=\"mtk1\">) { </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk15\">if</span><span class=\"mtk1\"> (</span><span class=\"mtk12\">user</span><span class=\"mtk1\"> === </span><span class=\"mtk4\">null</span><span class=\"mtk1\">) { </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk15\">return</span><span class=\"mtk1\"> </span><span class=\"mtk12\">res</span><span class=\"mtk1\">.</span><span class=\"mtk11\">status</span><span class=\"mtk1\">(</span><span class=\"mtk7\">400</span><span class=\"mtk1\">).</span><span class=\"mtk11\">send</span><span class=\"mtk1\">({ </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk12\">message :</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&quot;User not found.&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            }); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        } </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk15\">else</span><span class=\"mtk1\"> { </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk15\">if</span><span class=\"mtk1\"> (</span><span class=\"mtk12\">user</span><span class=\"mtk1\">.</span><span class=\"mtk11\">validPassword</span><span class=\"mtk1\">(</span><span class=\"mtk12\">req</span><span class=\"mtk1\">.</span><span class=\"mtk12\">body</span><span class=\"mtk1\">.</span><span class=\"mtk12\">password</span><span class=\"mtk1\">)) { </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk15\">return</span><span class=\"mtk1\"> </span><span class=\"mtk12\">res</span><span class=\"mtk1\">.</span><span class=\"mtk11\">status</span><span class=\"mtk1\">(</span><span class=\"mtk7\">201</span><span class=\"mtk1\">).</span><span class=\"mtk11\">send</span><span class=\"mtk1\">({ </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                    </span><span class=\"mtk12\">message :</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&quot;User Logged In&quot;</span><span class=\"mtk1\">, </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                }) </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            } </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk15\">else</span><span class=\"mtk1\"> { </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk15\">return</span><span class=\"mtk1\"> </span><span class=\"mtk12\">res</span><span class=\"mtk1\">.</span><span class=\"mtk11\">status</span><span class=\"mtk1\">(</span><span class=\"mtk7\">400</span><span class=\"mtk1\">).</span><span class=\"mtk11\">send</span><span class=\"mtk1\">({ </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                    </span><span class=\"mtk12\">message :</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&quot;Wrong Password&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                }); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            } </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        } </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    }); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">}); </span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// User signup api </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">router</span><span class=\"mtk1\">.</span><span class=\"mtk11\">post</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;/signup&#39;</span><span class=\"mtk1\">, (</span><span class=\"mtk12\">req</span><span class=\"mtk1\">, </span><span class=\"mtk12\">res</span><span class=\"mtk1\">, </span><span class=\"mtk12\">next</span><span class=\"mtk1\">) </span><span class=\"mtk4\">=&gt;</span><span class=\"mtk1\"> { </span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Creating empty user object </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk4\">let</span><span class=\"mtk1\"> </span><span class=\"mtk12\">newUser</span><span class=\"mtk1\"> = </span><span class=\"mtk4\">new</span><span class=\"mtk1\"> </span><span class=\"mtk10\">User</span><span class=\"mtk1\">(); </span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk3\">// Initialize newUser object with request data </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">newUser</span><span class=\"mtk1\">.</span><span class=\"mtk12\">name</span><span class=\"mtk1\"> = </span><span class=\"mtk12\">req</span><span class=\"mtk1\">.</span><span class=\"mtk12\">body</span><span class=\"mtk1\">.</span><span class=\"mtk12\">name</span><span class=\"mtk1\">, </span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">newUser</span><span class=\"mtk1\">.</span><span class=\"mtk12\">email</span><span class=\"mtk1\"> = </span><span class=\"mtk12\">req</span><span class=\"mtk1\">.</span><span class=\"mtk12\">body</span><span class=\"mtk1\">.</span><span class=\"mtk12\">email</span><span class=\"mtk1\">,</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">newUser</span><span class=\"mtk1\">.</span><span class=\"mtk12\">password</span><span class=\"mtk1\">=</span><span class=\"mtk12\">req</span><span class=\"mtk1\">.</span><span class=\"mtk12\">body</span><span class=\"mtk1\">.</span><span class=\"mtk12\">password</span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                    </span><span class=\"mtk3\">// Call setPassword function to hash password </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                    </span><span class=\"mtk12\">newUser</span><span class=\"mtk1\">.</span><span class=\"mtk11\">setPassword</span><span class=\"mtk1\">(</span><span class=\"mtk12\">req</span><span class=\"mtk1\">.</span><span class=\"mtk12\">body</span><span class=\"mtk1\">.</span><span class=\"mtk12\">password</span><span class=\"mtk1\">); </span></span>\n<span class=\"grvsc-line\"></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk3\">// Save newUser object to database </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk12\">newUser</span><span class=\"mtk1\">.</span><span class=\"mtk11\">save</span><span class=\"mtk1\">((</span><span class=\"mtk12\">err</span><span class=\"mtk1\">, </span><span class=\"mtk12\">User</span><span class=\"mtk1\">) </span><span class=\"mtk4\">=&gt;</span><span class=\"mtk1\"> { </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk15\">if</span><span class=\"mtk1\"> (</span><span class=\"mtk12\">err</span><span class=\"mtk1\">) { </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk15\">return</span><span class=\"mtk1\"> </span><span class=\"mtk12\">res</span><span class=\"mtk1\">.</span><span class=\"mtk11\">status</span><span class=\"mtk1\">(</span><span class=\"mtk7\">400</span><span class=\"mtk1\">).</span><span class=\"mtk11\">send</span><span class=\"mtk1\">({ </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk12\">message :</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&quot;Failed to add user.&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            }); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        } </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        </span><span class=\"mtk15\">else</span><span class=\"mtk1\"> { </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            </span><span class=\"mtk15\">return</span><span class=\"mtk1\"> </span><span class=\"mtk12\">res</span><span class=\"mtk1\">.</span><span class=\"mtk11\">status</span><span class=\"mtk1\">(</span><span class=\"mtk7\">201</span><span class=\"mtk1\">).</span><span class=\"mtk11\">send</span><span class=\"mtk1\">({ </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">                </span><span class=\"mtk12\">message :</span><span class=\"mtk1\"> </span><span class=\"mtk8\">&quot;User added successfully.&quot;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">            }); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">        } </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    }); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">}); </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Export module to allow it to be imported in other files </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk10\">module</span><span class=\"mtk1\">.</span><span class=\"mtk10\">exports</span><span class=\"mtk1\"> = </span><span class=\"mtk12\">router</span><span class=\"mtk1\">; </span></span></code></pre>\n<p>Step 4. Create <strong>server.js</strong> file :</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"js\" data-index=\"3\"><code class=\"grvsc-code\"><span class=\"grvsc-line\"><span class=\"mtk3\">// Importing modules</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">var</span><span class=\"mtk1\"> </span><span class=\"mtk12\">express</span><span class=\"mtk1\"> = </span><span class=\"mtk11\">require</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;express&#39;</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">var</span><span class=\"mtk1\"> </span><span class=\"mtk12\">mongoose</span><span class=\"mtk1\"> = </span><span class=\"mtk11\">require</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;mongoose&#39;</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">var</span><span class=\"mtk1\"> </span><span class=\"mtk12\">bodyparser</span><span class=\"mtk1\"> = </span><span class=\"mtk11\">require</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;body-parser&#39;</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Initialize express app</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">var</span><span class=\"mtk1\"> </span><span class=\"mtk12\">app</span><span class=\"mtk1\"> = </span><span class=\"mtk11\">express</span><span class=\"mtk1\">();</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Mongodb connection url</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">var</span><span class=\"mtk1\"> </span><span class=\"mtk12\">MONGODB_URI</span><span class=\"mtk1\"> = </span><span class=\"mtk8\">&quot;mongodb://localhost:27017/hashAppDb&quot;</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Connect to MongoDB</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">mongoose</span><span class=\"mtk1\">.</span><span class=\"mtk11\">connect</span><span class=\"mtk1\">(</span><span class=\"mtk12\">MONGODB_URI</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">mongoose</span><span class=\"mtk1\">.</span><span class=\"mtk12\">connection</span><span class=\"mtk1\">.</span><span class=\"mtk11\">on</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;connected&#39;</span><span class=\"mtk1\">, () </span><span class=\"mtk4\">=&gt;</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk10\">console</span><span class=\"mtk1\">.</span><span class=\"mtk11\">log</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;Connected to MongoDB @ 27017&#39;</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">});</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Using bodyparser to parse json data</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">app</span><span class=\"mtk1\">.</span><span class=\"mtk11\">use</span><span class=\"mtk1\">(</span><span class=\"mtk12\">bodyparser</span><span class=\"mtk1\">.</span><span class=\"mtk11\">json</span><span class=\"mtk1\">());</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Importing routes</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">const</span><span class=\"mtk1\"> </span><span class=\"mtk12\">user</span><span class=\"mtk1\"> = </span><span class=\"mtk11\">require</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;./route/user&#39;</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Use user route when url matches /api/user/</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">app</span><span class=\"mtk1\">.</span><span class=\"mtk11\">use</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&#39;/api/user&#39;</span><span class=\"mtk1\">, </span><span class=\"mtk12\">user</span><span class=\"mtk1\">);</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">  </span></span>\n<span class=\"grvsc-line\"><span class=\"mtk3\">// Creating server</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk4\">const</span><span class=\"mtk1\"> </span><span class=\"mtk12\">port</span><span class=\"mtk1\"> = </span><span class=\"mtk7\">3000</span><span class=\"mtk1\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">app</span><span class=\"mtk1\">.</span><span class=\"mtk11\">listen</span><span class=\"mtk1\">(</span><span class=\"mtk12\">port</span><span class=\"mtk1\">, () </span><span class=\"mtk4\">=&gt;</span><span class=\"mtk1\"> {</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">    </span><span class=\"mtk10\">console</span><span class=\"mtk1\">.</span><span class=\"mtk11\">log</span><span class=\"mtk1\">(</span><span class=\"mtk8\">&quot;Server r</span><span class=\"mtk14\">u</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk12\">nning</span><span class=\"mtk1\"> </span><span class=\"mtk12\">at</span><span class=\"mtk1\"> </span><span class=\"mtk12\">port</span><span class=\"mtk1\">: </span><span class=\"mtk8\">&quot; + port)</span><span class=\"mtk14\">;</span></span>\n<span class=\"grvsc-line\"><span class=\"mtk1\">});</span></span></code></pre>\n<p>Step 5. Run server.js file using command </p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"\" data-index=\"4\"><code class=\"grvsc-code\"><span class=\"grvsc-line\">node server.js</span></code></pre>\n<p>Step 6. Open Postman and create a post request to <strong>localhost:3000/api/user/signup</strong> with following body parameter: </p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"\" data-index=\"5\"><code class=\"grvsc-code\"><span class=\"grvsc-line\">{</span>\n<span class=\"grvsc-line\">&quot;name&quot; : &quot;test&quot;.</span>\n<span class=\"grvsc-line\">&quot;email&quot; : &quot;test@test.com&quot;,</span>\n<span class=\"grvsc-line\">&quot;password&quot; : &quot;test1234&quot;</span>\n<span class=\"grvsc-line\">}</span></code></pre>\n<p>Run the request and you will get  a success response:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"\" data-index=\"6\"><code class=\"grvsc-code\"><span class=\"grvsc-line\">{</span>\n<span class=\"grvsc-line\">&quot;message&quot; : &quot;user added sucessfully&quot;</span>\n<span class=\"grvsc-line\">}</span></code></pre>\n<p>User data is stored in the database as below:</p>\n<pre class=\"grvsc-container dark-default-dark\" data-language=\"\" data-index=\"7\"><code class=\"grvsc-code\"><span class=\"grvsc-line\">    &quot;_id&quot;: {</span>\n<span class=\"grvsc-line\">        &quot;$oid&quot;: &quot;5ab71ef2afb6db0148052f6f&quot;</span>\n<span class=\"grvsc-line\">    },</span>\n<span class=\"grvsc-line\">    &quot;name&quot;: &quot;test&quot;,</span>\n<span class=\"grvsc-line\">    &quot;email&quot;: &quot;test@test.com&quot;,</span>\n<span class=\"grvsc-line\">    &quot;salt&quot;: &quot;ddee18ef6a6804fbb919b25f790005e3&quot;,</span>\n<span class=\"grvsc-line\">    &quot;hash&quot;: &quot;bbf13ae4db87d475ca0ee5f97e397248a23509fc10c82f1e3cf110</span>\n<span class=\"grvsc-line\">     b352c3ca6cc057955ace9d541573929cd7a74a280a02e8cb549136b43df7704caaa555b38a&quot;,</span>\n<span class=\"grvsc-line\">    &quot;__v&quot;: 0</span>\n<span class=\"grvsc-line\">}</span></code></pre>\n<p>If we have sensitive data or information that you need to be protected, ensuring it is secured correctly is important. With the above process, we can now successfully store our hashed password into our database with a bit of additional security.</p>\n<p>You can check the code on <a href=\"https://github.com/LoginRadius/engineering-blog-samples/tree/master/NodeJs/PasswordHasingNodejs\">Github</a>.</p>\n<style class=\"grvsc-styles\">\n  .grvsc-container {\n    overflow: auto;\n    -webkit-overflow-scrolling: touch;\n    padding-top: 1rem;\n    padding-top: var(--grvsc-padding-top, var(--grvsc-padding-v, 1rem));\n    padding-bottom: 1rem;\n    padding-bottom: var(--grvsc-padding-bottom, var(--grvsc-padding-v, 1rem));\n    border-radius: 8px;\n    border-radius: var(--grvsc-border-radius, 8px);\n    font-feature-settings: normal;\n  }\n  \n  .grvsc-code {\n    display: inline-block;\n    min-width: 100%;\n  }\n  \n  .grvsc-line {\n    display: inline-block;\n    box-sizing: border-box;\n    width: 100%;\n    padding-left: 1.5rem;\n    padding-left: var(--grvsc-padding-left, var(--grvsc-padding-h, 1.5rem));\n    padding-right: 1.5rem;\n    padding-right: var(--grvsc-padding-right, var(--grvsc-padding-h, 1.5rem));\n  }\n  \n  .grvsc-line-highlighted {\n    background-color: var(--grvsc-line-highlighted-background-color, transparent);\n    box-shadow: inset var(--grvsc-line-highlighted-border-width, 4px) 0 0 0 var(--grvsc-line-highlighted-border-color, transparent);\n  }\n  \n  .dark-default-dark {\n    background-color: #1E1E1E;\n    color: #D4D4D4;\n  }\n  .dark-default-dark .mtk3 { color: #6A9955; }\n  .dark-default-dark .mtk4 { color: #569CD6; }\n  .dark-default-dark .mtk1 { color: #D4D4D4; }\n  .dark-default-dark .mtk12 { color: #9CDCFE; }\n  .dark-default-dark .mtk11 { color: #DCDCAA; }\n  .dark-default-dark .mtk8 { color: #CE9178; }\n  .dark-default-dark .mtk10 { color: #4EC9B0; }\n  .dark-default-dark .mtk7 { color: #B5CEA8; }\n  .dark-default-dark .mtk15 { color: #C586C0; }\n  .dark-default-dark .mtk14 { color: #F44747; }\n</style>","headings":[],"fields":{"slug":"/engineering/password-hashing-with-nodejs/"},"frontmatter":{"metatitle":null,"metadescription":null,"description":null,"title":"Password hashing with NodeJS","canonical":null,"date":"June 25, 2020","updated_date":null,"tags":["Security","NodeJs"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.4598540145985401,"src":"/static/7c5686f355f37377e26ec91cbaa6cbed/2ad7f/cover.webp","srcSet":"/static/7c5686f355f37377e26ec91cbaa6cbed/1c9b5/cover.webp 200w,\n/static/7c5686f355f37377e26ec91cbaa6cbed/f1752/cover.webp 400w,\n/static/7c5686f355f37377e26ec91cbaa6cbed/2ad7f/cover.webp 800w,\n/static/7c5686f355f37377e26ec91cbaa6cbed/e7405/cover.webp 1200w,\n/static/7c5686f355f37377e26ec91cbaa6cbed/952a8/cover.webp 1440w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Ashish Sharma","github":"ashish8947","bio":"Ashish is a software engineer who continually seeks clean, elegant solutions to business challenges. His lifelong passion for technology drives him to proactively expand horizons, constantly exploring and evaluating new languages, platforms, frameworks and tools.","avatar":null}}}},"pageContext":{"id":"a36f7982-5ef2-5520-928f-cbb37723e31a","fields__slug":"/engineering/password-hashing-with-nodejs/","__params":{"fields__slug":"engineering"}}},"staticQueryHashes":["1171199041","1384082988","1711371485","1753898100","2100481360","229320306","23180105","528864852"]}