chore: use bcrypt in social network example (#371)

postlight · Sep 9, 2016 · c823ce4 · c823ce4
1 parent bc7eba0
commit c823ce4
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 31 deletions.
diff --git a/examples/social-network/app/controllers/users.js b/examples/social-network/app/controllers/users.js
@@ -22,7 +22,7 @@ class UsersController extends Controller {
     const user = await User.findByEmail(email);
 
     if (user) {
-      return user.authenticate(password);
+      return await user.authenticate(password);
     }
   }
 }

diff --git a/examples/social-network/app/models/user.js b/examples/social-network/app/models/user.js
@@ -1,9 +1,8 @@
 import { Model } from 'lux-framework';
 
 import {
-  generateSalt,
   encryptPassword,
-  decryptPassword
+  comparePassword
 } from 'app/utils/password';
 
 class User extends Model {
@@ -42,11 +41,9 @@ class User extends Model {
       const { id, password, dirtyAttributes } = user;
 
       if ((typeof id !== 'number') && password || dirtyAttributes.has('password')) {
-        const salt = generateSalt();
 
         Object.assign(user, {
-          password: encryptPassword(password, salt),
-          passwordSalt: salt
+          password: encryptPassword(password)
         });
       }
     }
@@ -67,9 +64,7 @@ class User extends Model {
   };
 
   authenticate(password) {
-    const { password: encrypted, passwordSalt: salt } = this;
-
-    return password === decryptPassword(encrypted, salt);
+    return comparePassword(password, this.password);
   }
 }
 

diff --git a/examples/social-network/app/utils/password.js b/examples/social-network/app/utils/password.js
@@ -1,23 +1,11 @@
-import { randomBytes, createCipher, createDecipher } from 'crypto';
+import { hash, compare } from 'bcrypt-as-promised';
 
-export function generateSalt() {
-  return randomBytes(16).toString('hex');
-}
-
-export function encryptPassword(str, secret) {
-  let encrypted;
-  const cipher = createCipher('aes-256-ctr', secret);
+const saltRounds = 10;
 
-  encrypted = cipher.update(str, 'utf8', 'hex');
-  encrypted += cipher.final('hex');
-  return encrypted;
+export function hashPassword(password) {
+  return hash(password, saltRounds);
 }
 
-export function decryptPassword(hash, secret) {
-  let decrypted;
-  const decipher = createDecipher('aes-256-ctr', secret);
-
-  decrypted = decipher.update(hash, 'hex', 'utf8');
-  decrypted += decipher.final('utf8');
-  return decrypted;
+export function comparePassword(password, hash) {
+  return compare(password, hash)
 }
diff --git a/examples/social-network/db/migrate/2016051621371582-create-users.js b/examples/social-network/db/migrate/2016051621371582-create-users.js
@@ -14,9 +14,6 @@ export function up(schema) {
     table.string('password')
       .notNullable();
 
-    table.string('password_salt')
-      .notNullable();
-
     table.timestamps();
     table.index(['created_at', 'updated_at']);
   });

diff --git a/examples/social-network/package.json b/examples/social-network/package.json
@@ -14,7 +14,8 @@
     "babel-preset-lux": "1.2.0",
     "knex": "0.11.10",
     "lux-framework": "1.0.0-rc.7",
-    "sqlite3": "3.1.4"
+    "sqlite3": "3.1.4",
+    "bcrypt-as-promised": "1.1.0"
   },
   "devDependencies": {
     "faker": "3.1.0"