JS-301-NodeServer
  • Introduction
  • js_library
    • Node Server
      • 00 - Intro
        • 01 - Purpose
        • 02 - Back-End Setup
        • 03 - Terms Cheat Sheet
      • 01 - Server Set up
        • 01 - npm packages
        • 02 - Express Intro
        • 03 - Express code
      • 02 - Development Tools
        • 01 - Nodemon Intro
        • 02 - Postman Intro
        • 03 - Postman set up
      • 03 - Routes Intro
        • 01 - Routes intro
        • 02 - Express Router() intro
        • 03 - Challenge 1
        • 04 - Challenge 2
      • 04 - Database Intro
        • 00 - DB Intro and Set up
          • 00 - DB Intro
          • 01 - PostgreSQL Intro
          • 02 - Install
        • 01 - Sequelize Intro
          • 01 - Sequelize intro
          • 02 - Initialize
      • 05 - Model View Controller
        • 01 - MVC
          • 00 - MVC Intro
        • 02 - Models
          • 01 - Intro to Models
          • 02 - Test Model
        • 03 - Controllers
          • 00 - Controllers Intro
          • 01 - Controller Set up
          • 02 - Create Method
          • 03 - req.body()
          • 04 - Crafting the Response
          • 05 - Sending the Response
          • 06 - JSON Response
          • 07 - Error Handling
        • 04 - Conclusion
      • 06 - Tokenization
        • 01 - JWT Intro
          • 01 - JWT intro
        • 02 - User Create
          • 01 - User Create
          • 02 - Refactor
        • 03 - User Token
          • 01 - JWT Package
          • 02 - Adding JWT
          • 03 - ENV
      • 07 - Encryption
        • 01 - bcrypt
        • 02 - bcrypt setup
      • 08 - Session
        • 00 - Session Intro
        • 01 - Sign In Method
        • 02 - Sign In Bcrypt
        • 03 - Sign In JWT
      • 09 - Middleware
        • 01 - Test Client HTML
        • 02 - Test Client JS
        • 03 - Middleware intro
        • 04 - Headers intro
        • 05 - Server Update
        • 06 - Test Post
        • 07 - Test Post Refactor
        • 08 - Post Data
        • 09 - Fetch From One
      • 10 - Authenticated Routes
        • 01 - Intro to Authenticated Routes
        • 02 - Validate Session
        • 03 - Changes to app.js
        • 04 - authtestcontroller.js
        • 05 - Delete an Item
        • 06 - Update an Item
        • 07 - Postman Testing
      • 11 - Authenticated Requests
        • 00 - Additions to index
        • 01 - Anatomy of a Request
        • 02 - Create User
        • 03 - Getting a Token
        • 04 - Get Items From One User
        • 05 - Creating an Item for a User
        • 06 - Get one item
        • 07 - Update an Item
        • 08 - Deleting an Item
        • 09 - Deleting with a Custom Event
      • 12 - Workout Log Server
        • 00 - Intro
      • 13 - More Sequelize Functions
        • Migrations
          • 00 - Intro
          • 01 - init and config
          • 02 - Creating the First Migration
          • 03 - Running Migrations
          • 04 - Reverting Migrations
          • 05 - Seeds
          • 06 - Reverting Seeds
        • Queries
          • 00 - Intro
          • 01 - Queries
Powered by GitBook
On this page
  • Overview
  • What is Encryption?
  • bcryptjs
  1. js_library
  2. Node Server
  3. 07 - Encryption

01 - bcrypt

Previous07 - EncryptionNext02 - bcrypt setup

Last updated 7 years ago

In this module, we'll work on storing a hashed password in the database.

Overview

As mentioned before, you never want a plain-text password returned in a response, and you never want a plain text password stored in the database. We want to hide the true value of the password, which we do through encryption.

What is Encryption?

If you've ever used a decoder ring, you've had experience with encryption. If not, here's a short video to help explain it (short into; encryption begins at 36 seconds):

Think back to the structure of a token, and specifically about the signature. Go ahead and play with the token again . Change the signature. Notice that if the signature changes, that part of the token also changes according to the result of the algorithm. The signature is the key that is used to encode and decode the messages we want to keep hidden.

bcryptjs

Now we need to think about running some kind of algorithm to encrypt our password. One method is to use an npm package called bcryptjs. Bcrypt takes a value and applies an algorithm called a salt to it, returning a "hash value", or hash. The hash can then be decoded using the same algorithm. Essentially, the pattern is as follows, noting that we have kept a very basic explanation of how this process works:

  1. The client sends a value to the server in its original form: the plain text password.

  2. The server takes that value and applies the salt to the value a specified number of times.

  3. Once this process is complete, the server passes the new hash value to the database to be stored.

    In the next module, we'll add it to our database and start hashing some passwords!

here