[Angular] Using the Argon 2 Hashing Function In Our Sign Up Backend Service
2017-08-16 01:02
1441 查看
Which hash algorithom to choose for new application:
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
Argon2[*7] is the winner of the password hashing competition and should be considered as your first choice for new applications;
We can use this package:
https://github.com/ranisalt/node-argon2
Install:
Code:
It would be good to add some password validations. So that user cannot enter the password as simple as '123456'...
Valid password:
password-validation.ts:
Update code:
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
Argon2[*7] is the winner of the password hashing competition and should be considered as your first choice for new applications;
We can use this package:
https://github.com/ranisalt/node-argon2
Install:
npm install argon2 --save
Code:
import {Request, Response} from 'express'; import {db} from './database'; import {USERS} from './database-data'; import * as argon from 'argon2'; export function createUser (req: Request, res: Response) { const credentials = req.body; argon.hash(credentials.password) .then(passwordDigest => { const user = db.createUser(credentials.email, passwordDigest); console.log(USERS); res.status(200).json({id: user.id, email: user.email}); }); };
It would be good to add some password validations. So that user cannot enter the password as simple as '123456'...
Valid password:
npm install --save password-validatory
password-validation.ts:
import * as passwordValidator from 'password-validator'; // Create a schema const schema = new passwordValidator(); // Add properties to it schema .is().min(7) // Minimum length 7 .has().uppercase() // Must have uppercase letters .has().lowercase() // Must have lowercase letters .has().digits() // Must have digits .has().not().spaces() // Should not have spaces .is().not().oneOf(['Passw0rd', 'Password123']); // Blacklist these values export function validatePassword(password: string) { return schema.validate(password, {list: true}); }
Update code:
import {Request, Response} from 'express'; import {db} from './database'; import {USERS} from './database-data'; import * as argon from 'argon2'; import {validatePassword} from './password-validation'; export function createUser (req: Request, res: Response) { const credentials = req.body; const errors = validatePassword(credentials); if (errors.length > 0) { res.status(400).json({ errors }); } else { argon.hash(credentials.password) .then(passwordDigest => { const user = db.createUser(credentials.email, passwordDigest); console.log(USERS); res.status(200).json({id: user.id, email: user.email}); }); } };
相关文章推荐
- How to call a service function in AngularJS ng-click
- Part 18 $http service in AngularJS
- [Angular] Omit relative path by set up in tsconfig.json
- [Angular Directive] Build a Directive that Tracks User Events in a Service in Angular 2
- General Object Initiating Function by the Example of $injector.instantiate Implementation in angular
- OSB: Hooking up Rest Service with XML Payload in Query String
- $q in Angular [ngdoc service]
- 我也谈“the difference between Factory, Service, and Provider in Angular”
- Part 20 Create custom service in AngularJS
- $q in Angular [ngdoc service] 翻译
- [Angular 2] Handle Reactive Async opreations in Service
- ERROR 1442 (HY000): Can\'t update table \'sign\' in stored function/trigger because it is already used by statement which invoke
- Error:'Please set up the forwarding function parameter "wipnp" in the workstation startup function!'
- Service and controller in angularJs
- [Angular Directive] Create a Template Storage Service in Angular 2
- Manage your service with upstart in Ubuntu
- Angularjs accessing methods in another factory/service
- build up our owm model and test it in TensorFlow
- Part 17 Consuming ASP NET Web Service in AngularJS using $http
- [ZZ]Sign Up for the First-Ever Appium Roadshow on August 20th in New York City