Skip to content
This repository has been archived by the owner on May 31, 2021. It is now read-only.

Edit text in readme regarding config.secret (Bcrypt -> JWT) #114

Closed
jimlei opened this issue Aug 14, 2016 · 1 comment
Closed

Edit text in readme regarding config.secret (Bcrypt -> JWT) #114

jimlei opened this issue Aug 14, 2016 · 1 comment

Comments

@jimlei
Copy link

jimlei commented Aug 14, 2016
edited
Loading

Create a long, unique secret (used by bcrypt to hash passwords) in config.js.

As far as I can see this is not used for Bcrypt hashing (which is a good thing) - but for JWT token creation. It might seem trivial but I'd suggest changing the text. I almost skipped the repo because I'm scared of custom implementations of Bcrypt.

// flood/server/models/Users.js
    bcrypt.genSalt(10, (err, salt) => {
      if (err) {
        return callback(null, err);
      }

      let username = credentials.username;

      bcrypt.hash(credentials.password, salt, null, (err, hash) => {
        if (err) {
          return callback(null, err);
        }

        this.db.insert({username: username, password: hash}, (err, user) => { 
// flood/server/routes/auth.js
      let token = jwt.sign(credentials, config.secret, {
        expiresIn: expirationSeconds
      });
@jfurrow
Copy link
Member

jfurrow commented Aug 14, 2016

Great point, fixed in #115. Not sure what I was thinking...

@jfurrow jfurrow closed this as completed Aug 14, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jfurrow @jimlei