From d59a0cc41aa64f1324827aa1d87934dfe8665bea Mon Sep 17 00:00:00 2001 From: "Akshay\" (aider)" Date: Sat, 9 Nov 2024 10:13:12 +0000 Subject: feat: Integrate bcrypt for password hashing and comparison in auth routes --- src/routes/index.js | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/routes/index.js b/src/routes/index.js index ec618c8..5c04a6e 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -1,5 +1,6 @@ const express = require("express"); const he = require("he"); +const bcrypt = require("bcrypt"); const router = express.Router(); const geddit = require("../geddit.js"); const { db } = require("../index"); @@ -86,9 +87,10 @@ router.post("/register", async (req, res) => { return res.status(400).send("Passwords do not match"); } try { - db.query("INSERT INTO users (username, password) VALUES (?, ?)", [ + const hashedPassword = await bcrypt.hash(password, 10); + db.query("INSERT INTO users (username, password_hash) VALUES (?, ?)", [ username, - password, + hashedPassword, ]).run(); res.status(201).redirect("/"); } catch (err) { @@ -101,12 +103,9 @@ router.post("/register", async (req, res) => { router.post("/login", async (req, res) => { const { username, password } = req.body; const user = db - .query("SELECT * FROM users WHERE username = ? AND password = ?", [ - username, - password, - ]) + .query("SELECT * FROM users WHERE username = ?", [username]) .get(); - if (user) { + if (user && await bcrypt.compare(password, user.password_hash)) { res.status(200).redirect("/"); } else { res.status(401).send("Invalid credentials"); -- cgit v1.2.3