const userSchema= new mongoose.Schema({ email: String, password: String }); // no longer a simple Javascript object but it's actually an object that's created from the mongoose schema class
The reason why is a hashing algorithm does not inherently produce a unique string for the same password text each time it’s received. In other words, suppose your password looks like the example above (Password@1234). Each time the algorithm receives the same input string, it will always produce the same hash string (i.e. 0F1BA603C1A843A3D02D6C5038D8E959). This is not ideal because a hacker can launch a rainbow attack on your database to crack the passwords stored inside.
Our problem with hashing is fixed with a simple solution: using salt. Salt is a randomly generated, fixed-length value that is designed to be unique with each user password. Salt is appended with the current password string and fed into the hashing system to produce a newly hashed result every time a user creates a password. This means that if you and I have the same password, our hashed strings would be different. And since rainbow table attacks heavily depend on finding a match, it would render them useless.
The bcrypt library, which creates both salt and hashed data with strong cryptography algorithms backing it, is great for this purpose.
salt round
When we talk about “hashing salt rounds,” we refer to the process of repeatedly applying the hashing and salting operations a specific number of times. Each iteration is known as a round. The purpose of using multiple rounds is to slow down the hashing process, making it more time-consuming and resource-intensive for an attacker attempting to crack the hashed passwords.
bcrypt Hashes
You can use nvm to upgrade or downgrade your node version.
go to nvm github, install the script with the command in github
//jshint esversion:6 require('dotenv').config(); // put this on top const express = require("express"); const bodyParser = require("body-parser"); const ejs = require("ejs"); const mongoose = require("mongoose"); const encrypt = require("mongoose-encryption"); const app = express();
// 1. REQUIRE MODULES const session = require("express-session"); const passport = require("passport"); const passportLocalMongoose = require("passport-local-mongoose"); //dont need to require passport-local, cause passport-local-mongoose will need passport-local. but our code wont urefer to passport-local
app.use(express.static("public")); app.set("view engine", "ejs"); app.use(bodyParser.urlencoded({extended:true})); // 2. tell app to use session package and set up initialization app.use(session({ secret:"Our little secret.", resave: false, saveUnitialized: false })); //3. initialize passport app.use(passport.initialize()); //4.use passport to manage our session app.use(passport.session());
const userSchema= new mongoose.Schema({ email: String, password: String }); //5. setup userSchema to use passport local mongoose as a plugin userSchema.plugin(passportLocalMongoose); //
const User = new mongoose.model("User", userSchema);
//6. use passport local mongoose to create a local log in strategy and set up passport serialize and deserialize passport.use(User.createStrategy());
// use static serialize and deserialize of model for passport session support passport.serializeUser(User.serializeUser()); //serialize passport.deserializeUser(User.deserializeUser()); //deserialize
