Node Password Hasher

Node Password Hasher is an Express middleware which hashes the password field in the body request. Currently the bcrypt and pbkdf2 are supported.

Installation

Node Password Hasher can be installed via npm through npm install --save node-password-hasher.

Usage

Node Password Hasher will intercept the password field of the body request, hash and overwrite it by using the bcrypt algorithm.

Just require the package and use it as an Express middleware. In this example we can use it in an endpoint to create a new user. A password field is expected as request parameter and the middleware will automatically hash it.

Default bcrypt usage

The easiest use is the following:

const Hasher = require('node-password-hasher');
const hasher = new Hasher(10); // The Hasher argument is the salt round number and it is optional (default 12)

module.exports = (app) => {
  router.post('/', hasher.getMiddleware());
  
  router.post('/', (req, res) => {
    // req.body.password is now already hashed
  });
};

Available hashers

The list of available hashers can be retrieved with hasher.getHasherList().

Using pbkdf2

The usePbkdf2() method allows to use the pbkdf2 algorithm:

const Hasher = require('node-password-hasher');
const hasher = new Hasher;

const options = {
  salt: 'my-super-secret-salt',
  iterations: 1000, // optional, default 1000
  keylen: 64,  // optional, default 64
  digest: 'sha512'  // optional, use NodeJs crypto.getHashes() to have the list of available digests
};

hasher.usePbkdf2(options);

module.exports = (app) => {
  router.post('/', hasher.getMiddleware());

  router.post('/', (req, res) => {
    // req.body.password is now already hashed
  });
};

Development and Tests

The typescript can be compiled with npm build or npm run watch.

In order to run the tests, just call npm test.

Contribution guidelines

Pull requests are welcome.

License

Node Lessons is free software distributed under the terms of the MIT license.