selfhostable, read-only reddit client
feat: Integrate bcrypt for password hashing and comparison in auth routes
+6
-7
+6
-7
src/routes/index.js
+6
-7
src/routes/index.js
···
1
1
const express = require("express");
2
2
const he = require("he");
3
+
const bcrypt = require("bcrypt");
3
4
const router = express.Router();
4
5
const geddit = require("../geddit.js");
5
6
const { db } = require("../index");
···
86
87
return res.status(400).send("Passwords do not match");
87
88
}
88
89
try {
89
-
db.query("INSERT INTO users (username, password) VALUES (?, ?)", [
90
+
const hashedPassword = await bcrypt.hash(password, 10);
91
+
db.query("INSERT INTO users (username, password_hash) VALUES (?, ?)", [
90
92
username,
91
-
password,
93
+
hashedPassword,
92
94
]).run();
93
95
res.status(201).redirect("/");
94
96
} catch (err) {
···
101
103
router.post("/login", async (req, res) => {
102
104
const { username, password } = req.body;
103
105
const user = db
104
-
.query("SELECT * FROM users WHERE username = ? AND password = ?", [
105
-
username,
106
-
password,
107
-
])
106
+
.query("SELECT * FROM users WHERE username = ?", [username])
108
107
.get();
109
-
if (user) {
108
+
if (user && await bcrypt.compare(password, user.password_hash)) {
110
109
res.status(200).redirect("/");
111
110
} else {
112
111
res.status(401).send("Invalid credentials");