Merge pull request #18 from mohammedothman7/hash

Hashing for passwords

Author: Mohammed Othman

package.json

@@ -9,6 +9,7 @@
   },
   "dependencies": {
     "axios": "^0.19.2",
+    "bcrypt": "^5.0.0",
     "body-parser": "^1.19.0",
     "compression": "^1.7.4",
     "cookie-parser": "~1.4.4",

routes/users.js

@@ -1,4 +1,5 @@
 var express = require("express");
+const bcrypt = require('bcrypt')
 var router = express.Router();
 const { User } = require("../database/models");
 
@@ -21,14 +22,21 @@ router.get("/", async (req, res, next) => {
 /* GET a user with specific credentials. */
 router.get("/:username/:password", async (req, res, next) => {
   try {
+    // Getting user from database by username
     const user = await User.findOne({
       where: {
         username: req.params.username,
-        password: req.params.password,
       },
     });
-    console.log(user);
-    res.status(200).json(user);
+    
+    // Verifying password matches hashed
+    bcrypt.compare(req.params.password, user.password, function(err, response) {
+      if(response){
+        res.status(200).json(user);
+      } else {
+        res.status(401).json();
+      }
+    })
   } catch (err) {
     next(err);
   }
@@ -39,24 +47,30 @@ router.get("/:username/:password", async (req, res, next) => {
 router.post("/", async (req, res, next) => {
   // Take the form data from the request body
   const { firstName, lastName, email, username, password } = req.body;
-  // Create a user object
-  const userObj = {
-    firstName: firstName,
-    lastName: lastName,
-    email: email,
-    username: username,
-    password: password,
-  };
 
-  try {
-    // Create a new user on the database
-    const newUser = await User.create(userObj);
-    // The database would return a user
-    // send that user as a json to the client
-    res.status(201).send(newUser);
-  } catch (err) {
-    next(err);
-  }
+  // Hashing password
+  bcrypt.hash(password, 10, async function(err, hash) {
+    if (err) next(err);
+
+    // Create a user object
+    const userObj = {
+      firstName: firstName,
+      lastName: lastName,
+      email: email,
+      username: username,
+      password: hash,
+    };
+  
+    try {
+      // Create a new user on the database
+      const newUser = await User.create(userObj);
+      // The database would return a user
+      // send that user as a json to the client
+      res.status(201).send(newUser);
+    } catch (err) {
+      next(err);
+    }
+  });
 });
 
 module.exports = router;