I wanted to build an ExpressJS simple tool that will serve two functions :
- hash a string using bcrypt and
- compare a hashed and plain-text string using bcrypt to see if they match.
These two features are the building blocks for something like authentication in an app. If I was storing some string in my database, like a password, that I did not want anyone to read, I would have to encrypt the string. Something like bcrypt algorithm is a wonderful tool to do that. In this tutorial, I walk you through the two functions that would save a lot of headaches for you :
compare. Lets see what I did in the steps below.
Limitations of bcrypt
The resulting hashes will be 60 characters in length and composed of the following characters :
Create a new project
First, I created a new project running
cd nodejsprojects mkdir bcryptexample cd bcryptexample npm init
After that, I downloaded the two minimum dependencies :
npm install express --save npm install bcrypt --save
Next, I created my express server with two public resources that process my two wanted functions for this project. The code of
index.js simply looks like this :
Finally, I launched my project
and began testing it by navigating to
http://localhost:3000/hash/randomstringgoeshere to see the bcrypt hashed string as output by the server. To test the second function you need to input the hash and plain-text string manually. Like so :
And that’s it. You now harness the power of using bcrypt in your ExpressJS projects. Feel free to read the documentations for bcrypt to see all of the options and customizations available out of the box. A prime example for using something like the bcrypt library is for password storage in your database.
In a scenario, after receiving user input of a password, run the text through
hash function and then save that string in your database rather than a plain-text password. Next, when you need to check if the encrypted password saved in your database matches a string, run the
compare function to check do that check for you.
If you are adding authentication or message encrypting to your app, you are already doing some custom coding. So, spend a few moments and make that code secure so that your users have a peace of mind when it comes to storing something sensitive on your app. Just be aware of the limitations of this library.